Hide ro.debuggable and ro.secure from ephemeral and isolated applications Bug: 193912100 Test: N/A Change-Id: I916c9795d96e4a4a453f9aed5e380f11981804e9

commit: 24d90e792e04ab3929f44a4346b89bf392b1e6a9 [log] [tgz]
author: Alessandra Loro <aloro@google.com> Fri Nov 18 14:09:41 2022 +0000
committer: Alessandra Loro <aloro@google.com> Fri Nov 18 14:13:36 2022 +0000
tree: 3ecc436ae07a5994748439c1f65119328737ae86
parent: dcef71f890925e3ff431f8520ee361315cfa4733 [diff]
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index c2e0b10..6231623 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te

@@ -261,5 +261,7 @@
 #  due to the specific logging use cases.
 # Context: b/193912100
 neverallow {
-  untrusted_app_all
+  all_untrusted_apps
+  -mediaprovider
+  -mediaprovider_app
 } { userdebug_or_eng_prop }:file read;

diff --git a/private/domain.te b/private/domain.te
index 65e2029..9de23ba 100644
--- a/private/domain.te
+++ b/private/domain.te

@@ -132,7 +132,7 @@
 get_prop(domain, surfaceflinger_prop)
 get_prop(domain, telephony_status_prop)
 get_prop(domain, timezone_prop)
-get_prop({domain - untrusted_app_all },  userdebug_or_eng_prop)
+get_prop({domain -untrusted_app_all -isolated_app -ephemeral_app },  userdebug_or_eng_prop)
 get_prop(domain, vendor_socket_hook_prop)
 get_prop(domain, vndk_prop)
 get_prop(domain, vold_status_prop)
commit	24d90e792e04ab3929f44a4346b89bf392b1e6a9	[log] [tgz]
author	Alessandra Loro <aloro@google.com>	Fri Nov 18 14:09:41 2022 +0000
committer	Alessandra Loro <aloro@google.com>	Fri Nov 18 14:13:36 2022 +0000
tree	3ecc436ae07a5994748439c1f65119328737ae86
parent	dcef71f890925e3ff431f8520ee361315cfa4733 [diff]