From d1435604455e5e274c88f6ee0308c7881cddaf20 Mon Sep 17 00:00:00 2001
From: Mark Salyzyn <salyzyn@google.com>
Date: Thu, 4 Feb 2016 10:55:43 -0800
Subject: [PATCH] persist.mmc.* only set in init

Bug: 26976972
Change-Id: I0e44bfc6774807a3bd2ba05637a432675d855118
---
 domain.te         | 1 +
 property.te       | 1 +
 property_contexts | 1 +
 3 files changed, 3 insertions(+)

diff --git a/domain.te b/domain.te
index 2a63c82e4..767103e7b 100644
--- a/domain.te
+++ b/domain.te
@@ -323,6 +323,7 @@ neverallow domain default_android_service:service_manager add;
 # Require that domains explicitly label unknown properties, and do not allow
 # anyone but init to modify unknown properties.
 neverallow { domain -init } default_prop:property_service set;
+neverallow { domain -init } mmc_prop:property_service set;
 
 neverallow { domain -init -recovery -system_server } frp_block_device:blk_file rw_file_perms;
 
diff --git a/property.te b/property.te
index 94567ed75..c649a9013 100644
--- a/property.te
+++ b/property.te
@@ -23,6 +23,7 @@ type ctl_bugreport_prop, property_type;
 type ctl_console_prop, property_type;
 type audio_prop, property_type, core_property_type;
 type logd_prop, property_type, core_property_type;
+type mmc_prop, property_type;
 type restorecon_prop, property_type, core_property_type;
 type security_prop, property_type, core_property_type;
 type bluetooth_prop, property_type, core_property_type;
diff --git a/property_contexts b/property_contexts
index 47c3cf746..9e936caa4 100644
--- a/property_contexts
+++ b/property_contexts
@@ -41,6 +41,7 @@ persist.debug.          u:object_r:persist_debug_prop:s0
 persist.logd.           u:object_r:logd_prop:s0
 persist.logd.security   u:object_r:device_logging_prop:s0
 persist.log.tag         u:object_r:logd_prop:s0
+persist.mmc.            u:object_r:mmc_prop:s0
 persist.sys.            u:object_r:system_prop:s0
 persist.service.        u:object_r:system_prop:s0
 persist.service.bdroid. u:object_r:bluetooth_prop:s0
-- 
GitLab