From 0e1cbf568a9cc3dd0b26ead68a79d1f22dcb3add Mon Sep 17 00:00:00 2001
From: Jason Monk <jmonk@google.com>
Date: Wed, 9 Nov 2016 15:19:05 -0500
Subject: [PATCH] Add persist.vendor.overlay. to properties

Allow the system_server to change. Allow the zygote to read it as well.

Test: Have system_server set a property
Change-Id: Ie90eec8b733fa7193861026a3a6e0fb0ba5d5318
---
 private/property_contexts | 2 ++
 public/property.te        | 1 +
 public/system_server.te   | 1 +
 public/zygote.te          | 3 +++
 4 files changed, 7 insertions(+)

diff --git a/private/property_contexts b/private/property_contexts
index df8222313..51b9ff8c6 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -56,6 +56,8 @@ persist.sys.audit_safemode      u:object_r:safemode_prop:s0
 persist.service.        u:object_r:system_prop:s0
 persist.service.bdroid. u:object_r:bluetooth_prop:s0
 persist.security.       u:object_r:system_prop:s0
+persist.vendor.overlay.  u:object_r:overlay_prop:s0
+ro.boot.vendor.overlay.  u:object_r:overlay_prop:s0
 
 # Boolean property set by system server upon boot indicating
 # if device owner is provisioned.
diff --git a/public/property.te b/public/property.te
index 379320fd1..26b6a7ec7 100644
--- a/public/property.te
+++ b/public/property.te
@@ -41,5 +41,6 @@ type config_prop, property_type, core_property_type;
 type device_logging_prop, property_type;
 type safemode_prop, property_type;
 type hwservicemanager_prop, property_type;
+type overlay_prop, property_type;
 
 allow property_type tmpfs:filesystem associate;
diff --git a/public/system_server.te b/public/system_server.te
index 275ee712f..c58c50496 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -357,6 +357,7 @@ set_prop(system_server, fingerprint_prop)
 set_prop(system_server, device_logging_prop)
 set_prop(system_server, wifi_prop)
 set_prop(system_server, dumpstate_options_prop)
+set_prop(system_server, overlay_prop)
 userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
 
 # ctl interface
diff --git a/public/zygote.te b/public/zygote.te
index bb411e82b..08e6e3c1b 100644
--- a/public/zygote.te
+++ b/public/zygote.te
@@ -88,6 +88,9 @@ userdebug_or_eng(`
 allow zygote ion_device:chr_file r_file_perms;
 allow zygote tmpfs:dir r_dir_perms;
 
+# Let the zygote access overlays so it can initialize the AssetManager
+get_prop(zygote, overlay_prop)
+
 ###
 ### neverallow rules
 ###
-- 
GitLab