Merge "sepolicy: allow vendor system native experiments property"

commit: 1c8df204ff4399552a7204ee91cfa19e5c0d4963 [log] [tgz]
author: Richard Chang <richardycc@google.com> Fri Apr 15 03:47:28 2022 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Apr 15 03:47:28 2022 +0000
tree: fc8da38fd725070030372edcaa3bfcab9c3a5545
parent: 791567ece6b1f79ac283cfbc535b273eb1ada83c [diff]
parent: 7057e4abca35a14279a96c467fecbecf897d3d1a [diff]
diff --git a/private/flags_health_check.te b/private/flags_health_check.te
index de02e1e..54ecd45 100644
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te

@@ -23,6 +23,7 @@
 set_prop(flags_health_check, device_config_configuration_prop)
 set_prop(flags_health_check, device_config_connectivity_prop)
 set_prop(flags_health_check, device_config_surface_flinger_native_boot_prop)
+set_prop(flags_health_check, device_config_vendor_system_native_prop)
 set_prop(flags_health_check, device_config_virtualization_framework_native_prop)
 
 # system property device_config_boot_count_prop is used for deciding when to perform server

diff --git a/private/property.te b/private/property.te
index 2e8db3f..ccf6040 100644
--- a/private/property.te
+++ b/private/property.te

@@ -47,6 +47,7 @@
 system_internal_prop(virtualizationservice_prop)
 
 # Properties which can't be written outside system
+system_restricted_prop(device_config_vendor_system_native_prop)
 system_restricted_prop(device_config_virtualization_framework_native_prop)
 
 ###

diff --git a/private/property_contexts b/private/property_contexts
index a92ad6b..1ad19c1 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -255,6 +255,7 @@
 persist.device_config.storage_native_boot.          u:object_r:device_config_storage_native_boot_prop:s0
 persist.device_config.surface_flinger_native_boot.  u:object_r:device_config_surface_flinger_native_boot_prop:s0
 persist.device_config.swcodec_native.               u:object_r:device_config_swcodec_native_prop:s0
+persist.device_config.vendor_system_native.         u:object_r:device_config_vendor_system_native_prop:s0
 persist.device_config.virtualization_framework_native. u:object_r:device_config_virtualization_framework_native_prop:s0
 persist.device_config.window_manager_native_boot.   u:object_r:device_config_window_manager_native_boot_prop:s0
 

diff --git a/private/system_server.te b/private/system_server.te
index 179cbea..8fc032f 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -742,6 +742,7 @@
 set_prop(system_server, device_config_configuration_prop)
 set_prop(system_server, device_config_connectivity_prop)
 set_prop(system_server, device_config_surface_flinger_native_boot_prop)
+set_prop(system_server, device_config_vendor_system_native_prop)
 set_prop(system_server, device_config_virtualization_framework_native_prop)
 set_prop(system_server, smart_idle_maint_enabled_prop)
commit	1c8df204ff4399552a7204ee91cfa19e5c0d4963	[log] [tgz]
author	Richard Chang <richardycc@google.com>	Fri Apr 15 03:47:28 2022 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Apr 15 03:47:28 2022 +0000
tree	fc8da38fd725070030372edcaa3bfcab9c3a5545
parent	791567ece6b1f79ac283cfbc535b273eb1ada83c [diff]
parent	7057e4abca35a14279a96c467fecbecf897d3d1a [diff]