Merge "Temporarily whitelisting system domains writing vendor props"
diff --git a/target/board/generic/sepolicy/bootanim.te b/target/board/generic/sepolicy/bootanim.te
index e4f7c73..bc84ee7 100644
--- a/target/board/generic/sepolicy/bootanim.te
+++ b/target/board/generic/sepolicy/bootanim.te
@@ -5,4 +5,5 @@
allow bootanim graphics_device:chr_file { read ioctl open };
+typeattribute bootanim system_writes_vendor_properties_violators;
set_prop(bootanim, qemu_prop)
diff --git a/target/board/generic/sepolicy/surfaceflinger.te b/target/board/generic/sepolicy/surfaceflinger.te
index e03d07e..2bba8a7 100644
--- a/target/board/generic/sepolicy/surfaceflinger.te
+++ b/target/board/generic/sepolicy/surfaceflinger.te
@@ -1,4 +1,5 @@
allow surfaceflinger self:process execmem;
allow surfaceflinger ashmem_device:chr_file execute;
+typeattribute surfaceflinger system_writes_vendor_properties_violators;
set_prop(surfaceflinger, qemu_prop)
diff --git a/target/board/generic/sepolicy/zygote.te b/target/board/generic/sepolicy/zygote.te
index e97d895..da403b5 100644
--- a/target/board/generic/sepolicy/zygote.te
+++ b/target/board/generic/sepolicy/zygote.te
@@ -1,3 +1,4 @@
+typeattribute zygote system_writes_vendor_properties_violators;
set_prop(zygote, qemu_prop)
# TODO (b/63631799) fix this access
# Suppress denials to storage. Webview zygote should not be accessing.