diff --git a/Android.mk b/Android.mk
index ba99f598b93d9fc6714407d813aca9df2ae2e2c8..ffcff1e24246511f02c6483e9748992cbb40051b 100644
--- a/Android.mk
+++ b/Android.mk
@@ -262,6 +262,7 @@ $(reqd_policy_mask.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(reqd_policy_mask.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(reqd_policy_mask.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(reqd_policy_mask.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
+$(reqd_policy_mask.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
$(reqd_policy_mask.conf): $(call build_policy, $(sepolicy_build_files), $(REQD_MASK_POLICY))
$(transform-policy-to-conf)
# b/37755687
@@ -288,6 +289,7 @@ $(plat_pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(plat_pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(plat_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(plat_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
+$(plat_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
$(plat_pub_policy.conf): $(call build_policy, $(sepolicy_build_files), \
$(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
$(transform-policy-to-conf)
@@ -336,6 +338,7 @@ $(plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
+$(plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
$(plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
$(transform-policy-to-conf)
@@ -451,6 +454,7 @@ $(nonplat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(nonplat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(nonplat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(nonplat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
+$(nonplat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
$(nonplat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
$(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_SEPOLICY_DIRS))
$(transform-policy-to-conf)
@@ -882,6 +886,9 @@ endif
include $(BUILD_SYSTEM)/base_rules.mk
plat_pcfiles := $(call build_policy, property_contexts, $(PLAT_PRIVATE_POLICY))
+ifeq ($(PRODUCT_COMPATIBLE_PROPERTY),true)
+plat_pcfiles += $(LOCAL_PATH)/public/property_contexts
+endif
plat_property_contexts.tmp := $(intermediates)/plat_property_contexts.tmp
$(plat_property_contexts.tmp): PRIVATE_PC_FILES := $(plat_pcfiles)
@@ -1281,6 +1288,7 @@ $(base_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(base_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(base_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(base_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := true
+$(base_plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
$(base_plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
$(BASE_PLAT_PUBLIC_POLICY) $(BASE_PLAT_PRIVATE_POLICY))
$(transform-policy-to-conf)
diff --git a/definitions.mk b/definitions.mk
index 45240e7f8d53653a3bf7c88ebd988d485a69a1a1..8a8c9c69e280aff9575e3fabc67530c0436adda3 100644
--- a/definitions.mk
+++ b/definitions.mk
@@ -9,6 +9,7 @@ $(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
-D target_arch=$(PRIVATE_TGT_ARCH) \
-D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
-D target_full_treble=$(PRIVATE_SEPOLICY_SPLIT) \
+ -D target_compatible_property=$(PRIVATE_COMPATIBLE_PROPERTY) \
$(PRIVATE_TGT_RECOVERY) \
-s $^ > $@
endef
diff --git a/private/adbd.te b/private/adbd.te
index 2f6a450d30a2289b71804bb8c0d012d7959efabc..9dcfc816b8ff9e57084f53936d0bb1ee31abda4e 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -55,6 +55,7 @@ allow adbd anr_data_file:file r_file_perms;
set_prop(adbd, shell_prop)
set_prop(adbd, powerctl_prop)
set_prop(adbd, ffs_prop)
+set_prop(adbd, exported_ffs_prop)
# Access device logging gating property
get_prop(adbd, device_logging_prop)
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index f70cb7c75fe8255da2411bb5ef25e8846f022eb8..1d3e27bd40f2c6ec030b0d5720a01b4bec74e550 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -10,6 +10,24 @@
crossprofileapps_service
e2fs
e2fs_exec
+ exported_config_prop
+ exported_dalvik_prop
+ exported_default_prop
+ exported_dumpstate_prop
+ exported_ffs_prop
+ exported_overlay_prop
+ exported_pm_prop
+ exported_radio_prop
+ exported_system_prop
+ exported_system_radio_prop
+ exported_vold_prop
+ exported2_config_prop
+ exported2_default_prop
+ exported2_radio_prop
+ exported2_system_prop
+ exported2_vold_prop
+ exported3_default_prop
+ exported3_system_prop
fs_bpf
hal_broadcastradio_hwservice
hal_cas_hwservice
@@ -64,6 +82,7 @@
traced_producer_socket
traced_tmpfs
update_engine_log_data_file
+ vendor_default_prop
vendor_init
vold_prepare_subdirs
vold_prepare_subdirs_exec
diff --git a/private/coredomain.te b/private/coredomain.te
index 0ca4913653444f7384e5c8fdee85c1302e555258..244c83cb83811935c7c6ee4eaa70e040086284ed 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -1 +1,2 @@
get_prop(coredomain, pm_prop)
+get_prop(coredomain, exported_pm_prop)
diff --git a/private/mediaprovider.te b/private/mediaprovider.te
index 2c4a8094aa2051d757939785942cec63400fbfa2..99c09dafa59b416bca31d4ae468cdf1faeaf25ae 100644
--- a/private/mediaprovider.te
+++ b/private/mediaprovider.te
@@ -37,3 +37,4 @@ allow mediaprovider functionfs:file rw_file_perms;
# MtpServer sets sys.usb.ffs.mtp.ready
set_prop(mediaprovider, ffs_prop)
+set_prop(mediaprovider, exported_ffs_prop)
diff --git a/private/property_contexts b/private/property_contexts
index 1706224da0a78760126f03b5b59db1daec300106..de9fce1896a1059ae8644652d5a2892c5c3344fb 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -9,7 +9,10 @@ net.qmi u:object_r:net_radio_prop:s0
net.lte u:object_r:net_radio_prop:s0
net.cdma u:object_r:net_radio_prop:s0
net.dns u:object_r:net_dns_prop:s0
-sys.usb.config u:object_r:system_radio_prop:s0
+# TODO(b/36001741): Rename to sys.usb.config when exact match is supported and
+# so an exact-matching spec isn't considered as a duplicate of a
+# prefix-matching spec having the same property name.
+sys.usb.conf u:object_r:system_radio_prop:s0
ril. u:object_r:radio_prop:s0
ro.ril. u:object_r:radio_prop:s0
gsm. u:object_r:radio_prop:s0
@@ -45,6 +48,7 @@ persist.audio. u:object_r:audio_prop:s0
persist.bluetooth. u:object_r:bluetooth_prop:s0
persist.debug. u:object_r:persist_debug_prop:s0
persist.logd. u:object_r:logd_prop:s0
+ro.logd. u:object_r:logd_prop:s0
persist.logd.security u:object_r:device_logging_prop:s0
persist.logd.logpersistd u:object_r:logpersistd_logging_prop:s0
logd.logpersistd u:object_r:logpersistd_logging_prop:s0
@@ -86,6 +90,9 @@ ro.crypto. u:object_r:vold_prop:s0
# ro.build.fingerprint is either set in /system/build.prop, or is
# set at runtime by system_server.
+# TODO(b/36001741): Copy into exported_property_contexts when exact match is
+# supported and so an exact-matching spec isn't considered as a duplicate of a
+# prefix-matching spec having the same property name.
ro.build.fingerprint u:object_r:fingerprint_prop:s0
ro.persistent_properties.ready u:object_r:persistent_properties_ready_prop:s0
@@ -120,3 +127,10 @@ ro.lowpan. u:object_r:lowpan_prop:s0
# hwservicemanager properties
hwservicemanager. u:object_r:hwservicemanager_prop:s0
+
+# Common vendor default properties.
+init.svc.vendor. u:object_r:vendor_default_prop:s0
+ro.hardware. u:object_r:vendor_default_prop:s0
+ro.vendor. u:object_r:vendor_default_prop:s0
+persist.vendor. u:object_r:vendor_default_prop:s0
+vendor. u:object_r:vendor_default_prop:s0
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index f28e3fec1e226d35d39b835406235b2d7843940b..694bb2fad755401790e8343a79d6de041f5c47cf 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -46,6 +46,9 @@ allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_i
# Set properties.
set_prop(surfaceflinger, system_prop)
+set_prop(surfaceflinger, exported_system_prop)
+set_prop(surfaceflinger, exported2_system_prop)
+set_prop(surfaceflinger, exported3_system_prop)
set_prop(surfaceflinger, ctl_bootanim_prop)
# Use open files supplied by an app.
diff --git a/private/system_app.te b/private/system_app.te
index 0381c4f9acaca6df065cb50ad2de5d5ad3bd66b9..7b8f3bfb55fe484f342977a94886506633549afd 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -34,13 +34,18 @@ allow system_app icon_file:file r_file_perms;
set_prop(system_app, bluetooth_prop)
set_prop(system_app, debug_prop)
set_prop(system_app, system_prop)
+set_prop(system_app, exported_system_prop)
+set_prop(system_app, exported2_system_prop)
+set_prop(system_app, exported3_system_prop)
set_prop(system_app, logd_prop)
set_prop(system_app, net_radio_prop)
set_prop(system_app, system_radio_prop)
+set_prop(system_app, exported_system_radio_prop)
set_prop(system_app, log_tag_prop)
userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)')
auditallow system_app net_radio_prop:property_service set;
auditallow system_app system_radio_prop:property_service set;
+auditallow system_app exported_system_radio_prop:property_service set;
# ctl interface
set_prop(system_app, ctl_default_prop)
diff --git a/private/system_server.te b/private/system_server.te
index df241047dd94e48efd3a6e80e13a179f5955abfb..e917c896824d193a8b936d6e9ccdf18734fcf393 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -468,18 +468,24 @@ allow system_server system_data_file:dir relabelfrom;
# Property Service write
set_prop(system_server, system_prop)
+set_prop(system_server, exported_system_prop)
+set_prop(system_server, exported2_system_prop)
+set_prop(system_server, exported3_system_prop)
set_prop(system_server, safemode_prop)
set_prop(system_server, dhcp_prop)
set_prop(system_server, net_radio_prop)
set_prop(system_server, net_dns_prop)
set_prop(system_server, system_radio_prop)
+set_prop(system_server, exported_system_radio_prop)
set_prop(system_server, debug_prop)
set_prop(system_server, powerctl_prop)
set_prop(system_server, fingerprint_prop)
set_prop(system_server, device_logging_prop)
set_prop(system_server, dumpstate_options_prop)
set_prop(system_server, overlay_prop)
+set_prop(system_server, exported_overlay_prop)
set_prop(system_server, pm_prop)
+set_prop(system_server, exported_pm_prop)
userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
# ctl interface
diff --git a/private/zygote.te b/private/zygote.te
index 9ec0e4ac25dd1efa3f2554fd948d7c2d0b0e762d..b59259106ba11bd1cd3ef50d81ca9f639e06eb5c 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -110,6 +110,7 @@ allow zygote tmpfs:dir r_dir_perms;
# Let the zygote access overlays so it can initialize the AssetManager.
get_prop(zygote, overlay_prop)
+get_prop(zygote, exported_overlay_prop)
###
### neverallow rules
diff --git a/public/charger.te b/public/charger.te
index ed6986769d41374e5e340a648484452a8c9db75f..33f32546937a50212a54d8d13edd7af2aefe84c5 100644
--- a/public/charger.te
+++ b/public/charger.te
@@ -38,3 +38,6 @@ allow charger proc_sysrq:file rw_file_perms;
# charger needs to tell init to continue the boot
# process when running in charger mode.
set_prop(charger, system_prop)
+set_prop(charger, exported_system_prop)
+set_prop(charger, exported2_system_prop)
+set_prop(charger, exported3_system_prop)
diff --git a/public/domain.te b/public/domain.te
index 70d8ae20fd3c551c54026ef63de7e5a7120108fa..e64b6446435a2d92b512849460a923abe1e41711 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -85,7 +85,57 @@ allow domain property_info:file r_file_perms;
# For now, everyone can access core property files
# Device specific properties are not granted by default
-get_prop(domain, core_property_type)
+not_compatible_property(`
+ get_prop(domain, core_property_type)
+ get_prop(domain, exported_dalvik_prop)
+ get_prop(domain, exported_ffs_prop)
+ get_prop(domain, exported_system_radio_prop)
+ get_prop(domain, exported2_config_prop)
+ get_prop(domain, exported2_radio_prop)
+ get_prop(domain, exported2_system_prop)
+ get_prop(domain, exported2_vold_prop)
+ get_prop(domain, exported3_default_prop)
+ get_prop(domain, exported3_system_prop)
+ get_prop(domain, vendor_default_prop)
+')
+compatible_property_only(`
+ get_prop({coredomain appdomain shell}, core_property_type)
+ get_prop({coredomain appdomain shell}, exported_dalvik_prop)
+ get_prop({coredomain appdomain shell}, exported_ffs_prop)
+ get_prop({coredomain appdomain shell}, exported_system_radio_prop)
+ get_prop({coredomain appdomain shell}, exported2_config_prop)
+ get_prop({coredomain appdomain shell}, exported2_radio_prop)
+ get_prop({coredomain appdomain shell}, exported2_system_prop)
+ get_prop({coredomain appdomain shell}, exported2_vold_prop)
+ get_prop({coredomain appdomain shell}, exported3_default_prop)
+ get_prop({coredomain appdomain shell}, exported3_system_prop)
+ userdebug_or_eng(`
+ get_prop(su, core_property_type)
+ get_prop(su, exported_dalvik_prop)
+ get_prop(su, exported_ffs_prop)
+ get_prop(su, exported_system_radio_prop)
+ get_prop(su, exported2_config_prop)
+ get_prop(su, exported2_radio_prop)
+ get_prop(su, exported2_system_prop)
+ get_prop(su, exported2_vold_prop)
+ get_prop(su, exported3_default_prop)
+ get_prop(su, exported3_system_prop)
+ ')
+ get_prop({domain -coredomain -appdomain}, vendor_default_prop)
+')
+
+# Public readable properties
+get_prop(domain, debug_prop)
+get_prop(domain, exported_config_prop)
+get_prop(domain, exported_default_prop)
+get_prop(domain, exported_dumpstate_prop)
+get_prop(domain, exported_radio_prop)
+get_prop(domain, exported_system_prop)
+get_prop(domain, exported_vold_prop)
+get_prop(domain, exported2_default_prop)
+get_prop(domain, fingerprint_prop)
+get_prop(domain, logd_prop)
+
# Let everyone read log properties, so that liblog can avoid sending unloggable
# messages to logd.
get_prop(domain, log_property_type)
@@ -459,10 +509,22 @@ neverallow * hidl_base_hwservice:hwservice_manager find;
neverallow { domain -init } default_prop:property_service set;
neverallow { domain -init } mmc_prop:property_service set;
+compatible_property_only(`
+ neverallow { domain -init -vendor_init } exported_default_prop:property_service set;
+ neverallow { domain -init -vendor_init } exported2_default_prop:property_service set;
+ neverallow { domain -init -vendor_init } exported3_default_prop:property_service set;
+ neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
+')
+
# Only core domains are allowed to access package_manager properties
neverallow { domain -init -system_server } pm_prop:property_service set;
neverallow { domain -coredomain } pm_prop:file no_rw_file_perms;
+compatible_property_only(`
+ neverallow { domain -init -system_server -vendor_init } exported_pm_prop:property_service set;
+ neverallow { domain -coredomain -vendor_init } exported_pm_prop:file no_rw_file_perms;
+')
+
# Do not allow reading device's serial number from system properties except form
# a few whitelisted domains.
neverallow {
diff --git a/public/dumpstate.te b/public/dumpstate.te
index dd7c1abd0ad6cd696777ee7111339fbb1ca0de69..da5a90c5984dbcf9f48c8543f21a7da77561b928 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -220,6 +220,7 @@ allow dumpstate devpts:chr_file rw_file_perms;
# Set properties.
# dumpstate_prop is used to share state with the Shell app.
set_prop(dumpstate, dumpstate_prop)
+set_prop(dumpstate, exported_dumpstate_prop)
# dumpstate_options_prop is used to pass extra command-line args.
set_prop(dumpstate, dumpstate_options_prop)
diff --git a/public/healthd.te b/public/healthd.te
index be8c724cc6942db6b097ae4aec7dbacffbc5b8f0..50952d5469b77b565f90df63ea22c1d876728107 100644
--- a/public/healthd.te
+++ b/public/healthd.te
@@ -58,3 +58,6 @@ add_service(healthd, batteryproperties_service)
# Healthd needs to tell init to continue the boot
# process when running in charger mode.
set_prop(healthd, system_prop)
+set_prop(healthd, exported_system_prop)
+set_prop(healthd, exported2_system_prop)
+set_prop(healthd, exported3_system_prop)
diff --git a/public/property.te b/public/property.te
index be84d4a97072b86a0f2c09695093daa499e240b9..bfb7f765f1dc9b694463d6cb48bde211454caf7a 100644
--- a/public/property.te
+++ b/public/property.te
@@ -53,6 +53,27 @@ type vold_prop, property_type, core_property_type;
type wifi_log_prop, property_type, log_property_type;
type wifi_prop, property_type;
+# Properties for whitelisting
+type exported_config_prop, property_type;
+type exported_dalvik_prop, property_type;
+type exported_default_prop, property_type;
+type exported_dumpstate_prop, property_type;
+type exported_ffs_prop, property_type;
+type exported_overlay_prop, property_type;
+type exported_pm_prop, property_type;
+type exported_radio_prop, property_type;
+type exported_system_prop, property_type;
+type exported_system_radio_prop, property_type;
+type exported_vold_prop, property_type;
+type exported2_config_prop, property_type;
+type exported2_default_prop, property_type;
+type exported2_radio_prop, property_type;
+type exported2_system_prop, property_type;
+type exported2_vold_prop, property_type;
+type exported3_default_prop, property_type;
+type exported3_system_prop, property_type;
+type vendor_default_prop, property_type;
+
allow property_type tmpfs:filesystem associate;
###
@@ -92,3 +113,53 @@ neverallow * {
-system_radio_prop
-vold_prop
}:file no_rw_file_perms;
+
+compatible_property_only(`
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -vendor_init
+ } {
+ core_property_type
+ exported_config_prop
+ exported_dalvik_prop
+ exported_default_prop
+ exported_dumpstate_prop
+ exported_ffs_prop
+ exported_radio_prop
+ exported_system_prop
+ exported_system_radio_prop
+ exported_vold_prop
+ exported2_config_prop
+ exported2_default_prop
+ exported2_radio_prop
+ exported2_system_prop
+ exported2_vold_prop
+ exported3_default_prop
+ exported3_system_prop
+ }:file no_w_file_perms;
+
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -vendor_init
+ } {
+ core_property_type
+ exported_dalvik_prop
+ exported_ffs_prop
+ exported_system_radio_prop
+ exported2_config_prop
+ exported2_system_prop
+ exported2_vold_prop
+ exported3_default_prop
+ exported3_system_prop
+ -debug_prop
+ -fingerprint_prop
+ -logd_prop
+ -nfc_prop
+ -powerctl_prop
+ -radio_prop
+ }:file no_rw_file_perms;
+')
diff --git a/public/property_contexts b/public/property_contexts
new file mode 100644
index 0000000000000000000000000000000000000000..b63eec1899caa9ace3d01ab83ac04d6298f2ac4f
--- /dev/null
+++ b/public/property_contexts
@@ -0,0 +1,268 @@
+# vendor-init-readable
+persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact int
+persist.radio.multisim.config u:object_r:exported2_radio_prop:s0 exact string
+
+# vendor-init-settable
+af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int
+camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool
+camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
+dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.dexopt.secondary u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.execution-mode u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.extra-opts u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.gctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapgrowthlimit u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapmaxfree u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapminfree u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapstartsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heaptargetutilization u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.isa.arm.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.arm.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.arm64.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.arm64.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips64.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips64.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.unknown.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.unknown.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86_64.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86_64.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.jitinitialsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.jitmaxsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.jitprithreadweight u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.jitthreshold u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.jittransitionweight u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.jniopts u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.lockprof.threshold u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.method-trace u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.method-trace-file u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.stack-trace-dir u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
+drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
+keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
+media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
+persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string
+persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int
+persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int
+persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int
+persist.rcs.supported u:object_r:exported3_default_prop:s0 exact int
+persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string
+persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string
+pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
+ro.adb.secure u:object_r:exported3_default_prop:s0 exact int
+ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool
+ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string
+ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string
+ro.camera.notify_nfc u:object_r:exported3_default_prop:s0 exact int
+ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool
+ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool
+ro.com.google.clientidbase u:object_r:exported3_default_prop:s0 exact string
+ro.config.alarm_alert u:object_r:exported2_config_prop:s0 exact string
+ro.config.media_vol_steps u:object_r:exported2_config_prop:s0 exact int
+ro.config.notification_sound u:object_r:exported2_config_prop:s0 exact string
+ro.config.ringtone u:object_r:exported2_config_prop:s0 exact string
+ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string
+ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int
+ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string
+ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
+ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string
+ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int
+ro.opengles.version u:object_r:exported3_default_prop:s0 exact int
+ro.retaildemo.video_path u:object_r:exported3_default_prop:s0 exact string
+ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int
+ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool
+ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool
+ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int
+ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact int
+ro.url.legal u:object_r:exported3_default_prop:s0 exact string
+ro.url.legal.android_privacy u:object_r:exported3_default_prop:s0 exact string
+ro.zygote u:object_r:exported3_default_prop:s0 exact string
+sendbug.preferred.domain u:object_r:exported3_default_prop:s0 exact string
+sys.usb.controller u:object_r:exported2_system_prop:s0 exact string
+sys.usb.ffs.max_read u:object_r:exported_ffs_prop:s0 exact int
+sys.usb.ffs.max_write u:object_r:exported_ffs_prop:s0 exact int
+sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int
+sys.usb.state u:object_r:exported2_system_prop:s0 exact string
+telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int
+tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int
+vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int
+
+# vendor-init-readable|vendor-init-actionable
+sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int
+
+# vendor-init-settable|vendor-init-actionable
+sys.usb.config u:object_r:exported_system_radio_prop:s0 exact string
+sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int
+
+# public-readable
+aac_drc_boost u:object_r:exported2_default_prop:s0 exact int
+aac_drc_cut u:object_r:exported2_default_prop:s0 exact int
+aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int
+aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int
+aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int
+drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
+dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
+hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool
+init.svc.tombstoned u:object_r:exported2_default_prop:s0 exact string
+libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string
+libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string
+persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
+ro.arch u:object_r:exported2_default_prop:s0 exact string
+ro.audio.ignore_effects u:object_r:exported2_default_prop:s0 exact bool
+ro.baseband u:object_r:exported2_default_prop:s0 exact string
+ro.boot.avb_version u:object_r:exported2_default_prop:s0 exact string
+ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string
+ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string
+ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string
+ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string
+ro.boot.console u:object_r:exported2_default_prop:s0 exact string
+ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string
+ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string
+ro.boot.hardware.sku u:object_r:exported2_default_prop:s0 exact string
+ro.boot.keymaster u:object_r:exported2_default_prop:s0 exact string
+ro.boot.mode u:object_r:exported2_default_prop:s0 exact string
+ro.boot.vbmeta.avb_version u:object_r:exported2_default_prop:s0 exact string
+ro.boot.verifiedbootstate u:object_r:exported2_default_prop:s0 exact string
+ro.boot.veritymode u:object_r:exported2_default_prop:s0 exact string
+ro.bootimage.build.date u:object_r:exported2_default_prop:s0 exact string
+ro.bootimage.build.date.utc u:object_r:exported2_default_prop:s0 exact int
+ro.bootimage.build.fingerprint u:object_r:exported2_default_prop:s0 exact string
+ro.bootloader u:object_r:exported2_default_prop:s0 exact string
+ro.build.date u:object_r:exported2_default_prop:s0 exact string
+ro.build.date.utc u:object_r:exported2_default_prop:s0 exact int
+ro.build.description u:object_r:exported2_default_prop:s0 exact string
+ro.build.display.id u:object_r:exported2_default_prop:s0 exact string
+ro.build.host u:object_r:exported2_default_prop:s0 exact string
+ro.build.id u:object_r:exported2_default_prop:s0 exact string
+ro.build.product u:object_r:exported2_default_prop:s0 exact string
+ro.build.system_root_image u:object_r:exported2_default_prop:s0 exact bool
+ro.build.tags u:object_r:exported2_default_prop:s0 exact string
+ro.build.user u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.base_os u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int
+ro.build.version.release u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int
+ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string
+ro.crypto.state u:object_r:exported_vold_prop:s0 exact string
+ro.crypto.type u:object_r:exported_vold_prop:s0 exact string
+ro.debuggable u:object_r:exported2_default_prop:s0 exact int
+ro.hardware u:object_r:exported2_default_prop:s0 exact string
+ro.product.brand u:object_r:exported2_default_prop:s0 exact string
+ro.product.cpu.abi u:object_r:exported2_default_prop:s0 exact string
+ro.product.cpu.abilist u:object_r:exported2_default_prop:s0 exact string
+ro.product.device u:object_r:exported2_default_prop:s0 exact string
+ro.product.manufacturer u:object_r:exported2_default_prop:s0 exact string
+ro.product.model u:object_r:exported2_default_prop:s0 exact string
+ro.product.name u:object_r:exported2_default_prop:s0 exact string
+ro.property_service.version u:object_r:exported2_default_prop:s0 exact int
+ro.revision u:object_r:exported2_default_prop:s0 exact string
+service.bootanim.exit u:object_r:exported_system_prop:s0 exact int
+sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int
+vold.decrypt u:object_r:exported_vold_prop:s0 exact string
+
+# vendor-init-settable|public-readable
+aaudio.hw_burst_min_usec u:object_r:exported_default_prop:s0 exact int
+aaudio.minimum_sleep_usec u:object_r:exported_default_prop:s0 exact int
+aaudio.mixer_bursts u:object_r:exported_default_prop:s0 exact int
+aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int
+aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int
+aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int
+gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string
+media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
+ro.board.platform u:object_r:exported_default_prop:s0 exact string
+ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int
+ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string
+ro.boot.slot_suffix u:object_r:exported_default_prop:s0 exact string
+ro.carrier u:object_r:exported_default_prop:s0 exact string
+ro.config.vc_call_vol_steps u:object_r:exported_config_prop:s0 exact int
+ro.frp.pst u:object_r:exported_default_prop:s0 exact string
+ro.hardware.activity_recognition u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio.a2dp u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio.primary u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio.usb u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio_policy u:object_r:exported_default_prop:s0 exact string
+ro.hardware.bootctrl u:object_r:exported_default_prop:s0 exact string
+ro.hardware.camera u:object_r:exported_default_prop:s0 exact string
+ro.hardware.consumerir u:object_r:exported_default_prop:s0 exact string
+ro.hardware.context_hub u:object_r:exported_default_prop:s0 exact string
+ro.hardware.egl u:object_r:exported_default_prop:s0 exact string
+ro.hardware.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.hardware.flp u:object_r:exported_default_prop:s0 exact string
+ro.hardware.gatekeeper u:object_r:exported_default_prop:s0 exact string
+ro.hardware.gps u:object_r:exported_default_prop:s0 exact string
+ro.hardware.gralloc u:object_r:exported_default_prop:s0 exact string
+ro.hardware.hdmi_cec u:object_r:exported_default_prop:s0 exact string
+ro.hardware.hwcomposer u:object_r:exported_default_prop:s0 exact string
+ro.hardware.input u:object_r:exported_default_prop:s0 exact string
+ro.hardware.keystore u:object_r:exported_default_prop:s0 exact string
+ro.hardware.lights u:object_r:exported_default_prop:s0 exact string
+ro.hardware.local_time u:object_r:exported_default_prop:s0 exact string
+ro.hardware.memtrack u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nfc u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nfc_nci u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nfc_tag u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nvram u:object_r:exported_default_prop:s0 exact string
+ro.hardware.power u:object_r:exported_default_prop:s0 exact string
+ro.hardware.radio u:object_r:exported_default_prop:s0 exact string
+ro.hardware.sensors u:object_r:exported_default_prop:s0 exact string
+ro.hardware.sound_trigger u:object_r:exported_default_prop:s0 exact string
+ro.hardware.thermal u:object_r:exported_default_prop:s0 exact string
+ro.hardware.tv_input u:object_r:exported_default_prop:s0 exact string
+ro.hardware.type u:object_r:exported_default_prop:s0 exact string
+ro.hardware.vehicle u:object_r:exported_default_prop:s0 exact string
+ro.hardware.vibrator u:object_r:exported_default_prop:s0 exact string
+ro.hardware.virtual_device u:object_r:exported_default_prop:s0 exact string
+ro.hardware.vulkan u:object_r:exported_default_prop:s0 exact string
+ro.kernel.qemu u:object_r:exported_default_prop:s0 exact int
+ro.kernel.qemu.gles u:object_r:exported_default_prop:s0 exact int
+ro.product.board u:object_r:exported_default_prop:s0 exact string
+ro.product.cpu.abilist32 u:object_r:exported_default_prop:s0 exact string
+ro.product.cpu.abilist64 u:object_r:exported_default_prop:s0 exact string
+ro.product.first_api_level u:object_r:exported_default_prop:s0 exact int
+ro.product.vendor.brand u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.device u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.manufacturer u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.model u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.name u:object_r:exported_default_prop:s0 exact string
+ro.vendor.build.date u:object_r:exported_default_prop:s0 exact string
+ro.vendor.build.date.utc u:object_r:exported_default_prop:s0 exact int
+ro.vendor.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.vndk.version u:object_r:exported_default_prop:s0 exact string
+ro.vts.coverage u:object_r:exported_default_prop:s0 exact int
+wifi.direct.interface u:object_r:exported_default_prop:s0 exact string
+wifi.interface u:object_r:exported_default_prop:s0 exact string
+
+# vendor-init-actionable|public-readable
+ro.boot.revision u:object_r:exported2_default_prop:s0 exact string
+ro.bootmode u:object_r:exported2_default_prop:s0 exact string
+ro.build.type u:object_r:exported2_default_prop:s0 exact string
+sys.shutdown.requested u:object_r:exported_system_prop:s0 exact string
diff --git a/public/radio.te b/public/radio.te
index 094d39ba6ff76dd0044499cf434b4ec6df106c9c..b66514c8308a3fdd6f30afc44bcd0dd04c394857 100644
--- a/public/radio.te
+++ b/public/radio.te
@@ -19,6 +19,8 @@ allow radio net_data_file:file r_file_perms;
# Property service
set_prop(radio, radio_prop)
+set_prop(radio, exported_radio_prop)
+set_prop(radio, exported2_radio_prop)
set_prop(radio, net_radio_prop)
# ctl interface
diff --git a/public/recovery.te b/public/recovery.te
index 05cc195e1a710c39dccbb5db2f4b3b5a21ee9bb7..57ad2028be1bf6913d39a5aacf1a0bd4dc5c8db2 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -115,6 +115,7 @@ recovery_only(`
# Set sys.usb.ffs.ready when starting minadbd for sideload.
set_prop(recovery, ffs_prop)
+ set_prop(recovery, exported_ffs_prop)
# Read ro.boot.bootreason
get_prop(recovery, bootloader_boot_reason_prop)
diff --git a/public/rild.te b/public/rild.te
index 5bcde720ae13738f269341b90032239f70d045ef..8cafd23e4c18bf204e3a747d97acddb56375cfa7 100644
--- a/public/rild.te
+++ b/public/rild.te
@@ -23,6 +23,8 @@ allow rild sdcard_type:dir r_dir_perms;
# property service
set_prop(rild, radio_prop)
+set_prop(rild, exported_radio_prop)
+set_prop(rild, exported2_radio_prop)
allow rild tty_device:chr_file rw_file_perms;
diff --git a/public/shell.te b/public/shell.te
index 81f4bf0cacb551139ff39d1962b647b6e005a1af..916af1c753f3bde9907e7ddb6f719936506815f5 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -57,6 +57,7 @@ set_prop(shell, shell_prop)
set_prop(shell, ctl_bugreport_prop)
set_prop(shell, ctl_dumpstate_prop)
set_prop(shell, dumpstate_prop)
+set_prop(shell, exported_dumpstate_prop)
set_prop(shell, debug_prop)
set_prop(shell, powerctl_prop)
set_prop(shell, log_tag_prop)
diff --git a/public/te_macros b/public/te_macros
index 02be63d5a16760843e38ed5713c17bf5389be27a..5da3389e71cd0bd15f973491f6e1ddaa20000d65 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -470,6 +470,23 @@ $1
#
define(`not_full_treble', ifelse(target_full_treble, `true', , $1))
+#####################################
+# Compatible property only
+# SELinux rules which apply only to devices with compatible property
+#
+define(`compatible_property_only', ifelse(target_compatible_property, `true', $1,
+ifelse(target_compatible_property, `cts',
+# BEGIN_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
+$1
+# END_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
+, )))
+
+#####################################
+# Not compatible property
+# SELinux rules which apply only to devices without compatible property
+#
+define(`not_compatible_property', ifelse(target_compatible_property, `true', , $1))
+
#####################################
# Userdebug or eng builds
# SELinux rules which apply only to userdebug or eng builds
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 9aaa5384667d2c11a204f8918ea02a2cded1dad4..01e30a825479cea45b1392060e962d79c043fae1 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -217,3 +217,26 @@ allow vendor_init serialno_prop:file { getattr open read };
# Vendor init can perform operations on trusted and security Extended Attributes
allow vendor_init self:global_capability_class_set sys_admin;
+
+set_prop(vendor_init, debug_prop)
+set_prop(vendor_init, exported_config_prop)
+set_prop(vendor_init, exported_dalvik_prop)
+set_prop(vendor_init, exported_default_prop)
+set_prop(vendor_init, exported_ffs_prop)
+set_prop(vendor_init, exported_overlay_prop)
+set_prop(vendor_init, exported_pm_prop)
+set_prop(vendor_init, exported_radio_prop)
+set_prop(vendor_init, exported_system_radio_prop)
+set_prop(vendor_init, exported2_config_prop)
+set_prop(vendor_init, exported2_system_prop)
+set_prop(vendor_init, exported2_vold_prop)
+set_prop(vendor_init, exported3_default_prop)
+set_prop(vendor_init, logd_prop)
+set_prop(vendor_init, log_tag_prop)
+set_prop(vendor_init, log_prop)
+set_prop(vendor_init, serialno_prop)
+set_prop(vendor_init, vendor_default_prop)
+set_prop(vendor_init, wifi_log_prop)
+
+get_prop(vendor_init, exported2_radio_prop)
+get_prop(vendor_init, exported3_system_prop)
diff --git a/public/vold.te b/public/vold.te
index 303307b8ea98d19d4e8437fae8134f58824ca94b..f754db7d2784dcc462fa09f8bdb02f37eb77ff57 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -124,6 +124,8 @@ allow vold kernel:process setsched;
# Property Service
set_prop(vold, vold_prop)
+set_prop(vold, exported_vold_prop)
+set_prop(vold, exported2_vold_prop)
set_prop(vold, powerctl_prop)
set_prop(vold, ctl_fuse_prop)
set_prop(vold, restorecon_prop)
diff --git a/tools/fc_sort/fc_sort.c b/tools/fc_sort/fc_sort.c
index bfe28ca8d430df15adf81855dcd51a3c4e1e6154..c7a4c905109363e4907192b6c062a39619adff93 100644
--- a/tools/fc_sort/fc_sort.c
+++ b/tools/fc_sort/fc_sort.c
@@ -38,6 +38,7 @@ typedef struct file_context_node {
char *path;
char *file_type;
char *context;
+ char *extra;
bool_t meta;
int stem_len;
int str_len;
@@ -487,6 +488,30 @@ int main(int argc, char *argv[])
return 1;
}
+ /* Get rid of whitespace after the context. */
+ for (; i < line_len; i++) {
+ if (!isspace(line_buf[i]))
+ break;
+ }
+
+ /* Parse out the extra from the line. */
+ start = i;
+ finish = line_len;
+ while (start < finish && (!isspace(line_buf[i - 1])))
+ finish--;
+
+ if (start < finish && line_buf[start] != '#') {
+ temp->extra = (char*)strndup(&line_buf[start], finish - start);
+ if (!(temp->extra)) {
+ file_context_node_destroy(temp);
+ free(temp);
+ free(line_buf);
+ fprintf(stderr, "Error: failure allocating memory.\n");
+ fc_free_file_context_node_list(head);
+ return 1;
+ }
+ }
+
/* Set all the data about the regular
* expression. */
fc_fill_data(temp);
@@ -577,7 +602,14 @@ int main(int argc, char *argv[])
}
/* Output the context. */
- fprintf(out_file, "%s\n", current->context);
+ fprintf(out_file, "%s", current->context);
+
+ /* Output the extra, if there is one. */
+ if (current->extra) {
+ fprintf(out_file, "\t%s", current->extra);
+ }
+
+ fprintf(out_file, "\n");
current = current->next;
}