diff --git a/legacy/whitechapel_pro/property.te b/legacy/whitechapel_pro/property.te index a62eef67..7fe48175 100644 --- a/legacy/whitechapel_pro/property.te +++ b/legacy/whitechapel_pro/property.te @@ -6,6 +6,7 @@ vendor_internal_prop(vendor_camera_fatp_prop) vendor_internal_prop(vendor_ro_sys_default_prop) vendor_internal_prop(vendor_persist_sys_default_prop) vendor_internal_prop(vendor_display_prop) +vendor_internal_prop(vendor_persist_prop) # UWB calibration system_vendor_config_prop(vendor_uwb_calibration_prop) diff --git a/vendor/property_contexts b/vendor/property_contexts index 463772e1..9da4b44b 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -28,3 +28,6 @@ ro.vendor.primarydisplay.xrr.version u:object_r:vendor ro.vendor.primarydisplay.blocking_zone.min_refresh_rate_by_nits u:object_r:vendor_display_prop:s0 exact string ro.vendor.primarydisplay.vrr.expected_present.headsup_ns u:object_r:vendor_display_prop:s0 exact int ro.vendor.primarydisplay.vrr.expected_present.timeout_ns u:object_r:vendor_display_prop:s0 exact int + +# For checking if persist partition is mounted +ro.vendor.persist.status u:object_r:vendor_persist_prop:s0 exact string diff --git a/vendor/tee.te b/vendor/tee.te index c99a02d9..ad16959b 100644 --- a/vendor/tee.te +++ b/vendor/tee.te @@ -10,6 +10,11 @@ allow tee tee_data_file:lnk_file r_file_perms; allow tee tee_persist_block_device:blk_file rw_file_perms; allow tee block_device:dir search; + +# /mnt/vendor/persist/ss/0 sometimes gets labeled as persist_ss_file, +# depending on the order of restorecon (b/336314247) +allow tee persist_ss_file:lnk_file read; + # Allow storageproxyd access to gsi_public_metadata_file read_fstab(tee) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 399626ca..77d3da1c 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -34,3 +34,7 @@ set_prop(vendor_init, vendor_ssrdump_prop) # MM allow vendor_init proc_watermark_scale_factor:file w_file_perms; + +# Allow vendor_init to read ro.vendor.persist.status +# to process init.rc actions +set_prop(vendor_init, vendor_persist_prop)