From 30d80f0c1c85f200fe2787f07f09732922802c0f Mon Sep 17 00:00:00 2001
From: Max Bires <jbires@google.com>
Date: Tue, 10 Apr 2018 12:38:45 -0700
Subject: [PATCH] Adding labeling for vendor security patch prop am: 5cac1aa99c
 am: ad3602d262

Test: Vendor security patch prop is properly labeled
Bug: 76428542
Change-Id: I034f2f2c9eab3667cfa92ea41b4b5f4afa1c7df7
Merged-In: I034f2f2c9eab3667cfa92ea41b4b5f4afa1c7df7
(cherry picked from commit 15a9fbc277a83635548130bb3c27ac8ed562d413)
---
 private/compat/26.0/26.0.ignore.cil | 1 +
 private/compat/27.0/27.0.ignore.cil | 1 +
 public/property.te                  | 1 +
 public/property_contexts            | 1 +
 public/shell.te                     | 3 +++
 public/vendor_init.te               | 1 +
 6 files changed, 8 insertions(+)

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index a2142852c..64bbbb8bc 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -120,6 +120,7 @@
     untrusted_app_all_devpts
     update_engine_log_data_file
     vendor_default_prop
+    vendor_security_patch_level_prop
     usbd
     usbd_exec
     usbd_tmpfs
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 557f93b30..f6922f047 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -102,6 +102,7 @@
     usbd_tmpfs
     vendor_default_prop
     vendor_init
+    vendor_security_patch_level_prop
     vendor_shell
     vold_metadata_file
     vold_prepare_subdirs
diff --git a/public/property.te b/public/property.te
index 42fce04c3..5dd88dccb 100644
--- a/public/property.te
+++ b/public/property.te
@@ -55,6 +55,7 @@ type traced_enabled_prop, property_type;
 type vold_prop, property_type, core_property_type;
 type wifi_log_prop, property_type, log_property_type;
 type wifi_prop, property_type;
+type vendor_security_patch_level_prop, property_type;
 
 # Properties for whitelisting
 type exported_bluetooth_prop, property_type;
diff --git a/public/property_contexts b/public/property_contexts
index 0907a27f1..a88238411 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -107,6 +107,7 @@ ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int
 ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact int
 ro.url.legal u:object_r:exported3_default_prop:s0 exact string
 ro.url.legal.android_privacy u:object_r:exported3_default_prop:s0 exact string
+ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string
 ro.zygote u:object_r:exported3_default_prop:s0 exact string
 sendbug.preferred.domain u:object_r:exported3_default_prop:s0 exact string
 sys.usb.controller u:object_r:exported2_system_prop:s0 exact string
diff --git a/public/shell.te b/public/shell.te
index 7b676770e..2c6ce4430 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -84,6 +84,9 @@ userdebug_or_eng(`
 # Read device's serial number from system properties
 get_prop(shell, serialno_prop)
 
+# Allow shell to read the vendor security patch level for CTS
+get_prop(shell, vendor_security_patch_level_prop)
+
 # Read state of logging-related properties
 get_prop(shell, device_logging_prop)
 
diff --git a/public/vendor_init.te b/public/vendor_init.te
index b025fc88a..d07987325 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -190,6 +190,7 @@ set_prop(vendor_init, log_tag_prop)
 set_prop(vendor_init, log_prop)
 set_prop(vendor_init, serialno_prop)
 set_prop(vendor_init, vendor_default_prop)
+set_prop(vendor_init, vendor_security_patch_level_prop)
 set_prop(vendor_init, wifi_log_prop)
 
 get_prop(vendor_init, exported2_radio_prop)
-- 
GitLab