From 432fb7298d14b59411e261b21fd5261023f0da21 Mon Sep 17 00:00:00 2001
From: jimsun <jimsun@google.com>
Date: Fri, 17 May 2024 09:48:34 +0800
Subject: [PATCH] Allow vendor_init to set setupwizard prop

05-16 17:07:33.099472  root   351   351 E init    : Unable to set property 'setupwizard.feature.provisioning_profile_mode' from uid:0 gid:0 pid:352: SELinux permission check failed
05-16 17:07:33.095723  root   352   352 W libc    : Unable to set property "setupwizard.feature.provisioning_profile_mode" to "true": error code: 0x18

Bug: 339918070
Test: manual
Change-Id: Ie1737d7632e11de9750305df4255da55b4a0c426
---
 comet-sepolicy.mk                    | 4 ++++
 system_ext/private/gmscore_app.te    | 2 ++
 system_ext/private/priv_app.te       | 2 ++
 system_ext/private/property_contexts | 2 ++
 system_ext/public/property.te        | 2 ++
 vendor/vendor_init.te                | 3 +++
 6 files changed, 15 insertions(+)
 create mode 100644 system_ext/private/gmscore_app.te
 create mode 100644 system_ext/private/priv_app.te
 create mode 100644 system_ext/private/property_contexts
 create mode 100644 system_ext/public/property.te

diff --git a/comet-sepolicy.mk b/comet-sepolicy.mk
index 32aa697..3ffaa05 100644
--- a/comet-sepolicy.mk
+++ b/comet-sepolicy.mk
@@ -1,2 +1,6 @@
 # sepolicy exclusively for comet.
 BOARD_SEPOLICY_DIRS += device/google/comet-sepolicy/vendor
+
+# system_ext
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/comet-sepolicy/system_ext/public
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/comet-sepolicy/system_ext/private
diff --git a/system_ext/private/gmscore_app.te b/system_ext/private/gmscore_app.te
new file mode 100644
index 0000000..4dc1639
--- /dev/null
+++ b/system_ext/private/gmscore_app.te
@@ -0,0 +1,2 @@
+# Allow to read setupwizard_feature_prop
+get_prop(gmscore_app, setupwizard_feature_prop)
diff --git a/system_ext/private/priv_app.te b/system_ext/private/priv_app.te
new file mode 100644
index 0000000..90bc371
--- /dev/null
+++ b/system_ext/private/priv_app.te
@@ -0,0 +1,2 @@
+# Allow to read setupwizard_feature_prop
+get_prop(priv_app, setupwizard_feature_prop)
diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts
new file mode 100644
index 0000000..464a289
--- /dev/null
+++ b/system_ext/private/property_contexts
@@ -0,0 +1,2 @@
+# setupwizard
+setupwizard.feature.provisioning_profile_mode    u:object_r:setupwizard_feature_prop:s0
diff --git a/system_ext/public/property.te b/system_ext/public/property.te
new file mode 100644
index 0000000..96cb3b3
--- /dev/null
+++ b/system_ext/public/property.te
@@ -0,0 +1,2 @@
+# setupwizard
+system_public_prop(setupwizard_feature_prop)
diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te
index 91d16a9..0af5c8a 100644
--- a/vendor/vendor_init.te
+++ b/vendor/vendor_init.te
@@ -1,2 +1,5 @@
 # Camera vendor property
 set_prop(vendor_init, vendor_camera_debug_prop)
+
+# setupwizard
+set_prop(vendor_init, setupwizard_feature_prop)