sepolicy: allow surfaceflinger to set surfaceflinger_display_prop
W//system/bin/init: type=1107 audit(0.0:51): uid=0 auid=4294967295
ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set }
for property=graphics.display.kernel_idle_timer.enabled pid=643
uid=1000 gid=1003 scontext=u:r:surfaceflinger:s0
tcontext=u:object_r:surfaceflinger_display_prop:s0
tclass=property_service permissive=0
Bug: 157513573
Test: surfaceflinger can set graphics.display.kernel_idle_timer.enabled
Test: vendor_init can get graphics.display.kernel_idle_timer.enabled
Change-Id: I78023a7857c8aa81a8863010b875bcb885bae614
diff --git a/private/property.te b/private/property.te
index c5a4f83..b5505e5 100644
--- a/private/property.te
+++ b/private/property.te
@@ -409,8 +409,7 @@
neverallow {
-init
- -vendor_init
- -system_app
+ -surfaceflinger
} {
surfaceflinger_display_prop
}:property_service set;