msm8996-common: Conditionally remove the OEM unlocking option

* It would get disabled anyway when bootloader is unlocked, but this way makes safetynet pass even when unlocked Change-Id: I2dfe641bf60e0409f290b7b31492df00568c9916
author: Davide Garberi <dade.garberi@gmail.com> 2019-05-09 18:43:52 +0200
committer: Davide Garberi <dade.garberi@gmail.com> 2019-05-09 19:00:04 +0200
commit: 1ec6d6b8ee8d6a3ab7a785f7b9023f0e1c1746f3 (patch)
tree: cd2d4a4c8a6a8b630d229c07a62f5520db2d4ea6 /sepolicy/qti_init_shell.te
parent: 09401b595c10cc7eb43d236754a88721b82e25ea (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/sepolicy/qti_init_shell.te b/sepolicy/qti_init_shell.te
index cc3ba68..c5b8387 100644
--- a/sepolicy/qti_init_shell.te
+++ b/sepolicy/qti_init_shell.te
@@ -5,4 +5,8 @@ allow qti_init_shell file_contexts_file:file { getattr open read };
 allow qti_init_shell mnt_vendor_file:dir rw_dir_perms;
 allow qti_init_shell mnt_vendor_file:file create_file_perms;
 
+# Allow qti_init_shell to read cmdline
+allow qti_init_shell proc_cmdline:file { getattr open read };
+
 get_prop(qti_init_shell, wcg_prop)
+set_prop(qti_init_shell, oem_unlock_prop)
author	Davide Garberi <dade.garberi@gmail.com>	2019-05-09 18:43:52 +0200
committer	Davide Garberi <dade.garberi@gmail.com>	2019-05-09 19:00:04 +0200
commit	1ec6d6b8ee8d6a3ab7a785f7b9023f0e1c1746f3 (patch)
tree	cd2d4a4c8a6a8b630d229c07a62f5520db2d4ea6 /sepolicy/qti_init_shell.te
parent	09401b595c10cc7eb43d236754a88721b82e25ea (diff)