Merge "Temporarily whitelisting system domains writing vendor props"

am: 3125af3c16

Change-Id: Iee20d8a616db2cd91a4529aa2e5a9c252c48457f

sepolicy/private/ramoops.te

@@ -11,6 +11,7 @@ allow ramoops shell_exec:file rx_file_perms;
 allow ramoops toolbox_exec:file rx_file_perms;
 
 # Set the sys.ramoops.decrypted property
+typeattribute ramoops system_writes_vendor_properties_violators;
 set_prop(ramoops, ramoops_prop);
 
 allow ramoops sysfs_pstore:file rw_file_perms;

sepolicy/vendor/bluetooth.te

@@ -1,3 +1,4 @@
+typeattribute bluetooth system_writes_vendor_properties_violators;
 set_prop(bluetooth, wc_prop)
 
 # Allow access to net_admin ioctls

sepolicy/vendor/cameraserver.te

@@ -1,5 +1,6 @@
 allow cameraserver gpu_device:chr_file rw_file_perms;
 
+typeattribute cameraserver system_writes_vendor_properties_violators;
 set_prop(cameraserver, camera_prop)
 
 allow cameraserver sysfs_camera:file r_file_perms;

sepolicy/vendor/gatekeeperd.te

@@ -1 +1,2 @@
+typeattribute gatekeeperd system_writes_vendor_properties_violators;
 set_prop(gatekeeperd, keymaster_prop)

sepolicy/vendor/radio.te

@@ -1,4 +1,5 @@
 get_prop(radio, ims_prop)
+typeattribute radio system_writes_vendor_properties_violators;
 userdebug_or_eng(`set_prop(radio, tel_mon_prop)')
 
 allow radio qmuxd_socket:dir search;

sepolicy/vendor/surfaceflinger.te

@@ -2,3 +2,4 @@ dontaudit surfaceflinger firmware_file:dir search;
 dontaudit surfaceflinger vendor_file:file read;
 dontaudit surfaceflinger kernel:system module_request;
 allow surfaceflinger debugfs_ion:dir search;
+

sepolicy/vendor/system_app.te

@@ -4,6 +4,7 @@ userdebug_or_eng(`set_prop(system_app, tel_mon_prop)')
 
 # Needed by Settings app's CameraHalHdrplusPreferenceController, available only on a subset of
 # userdebug and eng devices
+typeattribute system_app system_writes_vendor_properties_violators;
 userdebug_or_eng(`set_prop(system_app, camera_prop)')
 
 # read regulatory info