commit 523c7468591bdb09f424f9741ee741a64dc1a135
author Dongwon Kang <dwkang@google.com> Wed Jan 30 15:28:31 2019 -0800
committer Dongwon Kang <dwkang@google.com> Thu Jan 31 10:06:32 2019 -0800
tree b29a4452964fe06067cf5b0596aef7978606a3c8
parent ecf787e85f6587c52f2bd2389ac0cdac8d6fe3d5

SEPolicy updates for adding native flag namespace(media).

Test: add sepolicy, build, check GetServerConfigurableFlag function
Bug: 123658514
Change-Id: I798b0ef901068c53070e768305acd38118a7e886

private/compat/28.0/28.0.ignore.cil

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 42f18a0..6481dc1 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -33,6 +33,7 @@
     device_config_netd_native_prop
     device_config_reset_performed_prop
     device_config_runtime_native_prop
+    device_config_media_native_prop
     device_config_service
     dynamic_android_service
     face_service

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index 74134ac..6d78a07 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -173,6 +173,7 @@
 persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0
 persist.device_config.netd_native.           u:object_r:device_config_netd_native_prop:s0
 persist.device_config.runtime_native.        u:object_r:device_config_runtime_native_prop:s0
+persist.device_config.media_native.          u:object_r:device_config_media_native_prop:s0
 
 apexd.                  u:object_r:apexd_prop:s0
 persist.apexd.          u:object_r:apexd_prop:s0

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index 2a79460..940dae2 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -587,6 +587,7 @@
 set_prop(system_server, device_config_netd_native_prop)
 set_prop(system_server, device_config_activity_manager_native_boot_prop)
 set_prop(system_server, device_config_runtime_native_prop)
+set_prop(system_server, device_config_media_native_prop)
 
 # BootReceiver to read ro.boot.bootreason
 get_prop(system_server, bootloader_boot_reason_prop)
@@ -951,6 +952,7 @@
   device_config_input_native_boot_prop
   device_config_netd_native_prop
   device_config_runtime_native_prop
+  device_config_media_native_prop
 }:property_service set;
 
 # system_server should never be executing dex2oat. This is either

public/flags_heatlh_check.te

diff --git a/public/flags_heatlh_check.te b/public/flags_heatlh_check.te
index b189b0a..885c8c9 100644
--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te
@@ -8,6 +8,7 @@
 set_prop(flags_health_check, device_config_input_native_boot_prop)
 set_prop(flags_health_check, device_config_netd_native_prop)
 set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
+set_prop(flags_health_check, device_config_media_native_prop)
 
 allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
 allow flags_health_check server_configurable_flags_data_file:file create_file_perms;

public/mediaextractor.te

diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index ee5534c..c9ff732 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -37,6 +37,8 @@
 # scan extractor library directory to dynamically load extractors
 allow mediaextractor system_file:dir { read open };
 
+get_prop(mediaextractor, device_config_media_native_prop)
+
 userdebug_or_eng(`
   # Allow extractor to add update service.
   allow mediaextractor mediaextractor_update_service:service_manager { find add };

public/mediaswcodec.te

diff --git a/public/mediaswcodec.te b/public/mediaswcodec.te
index 9702562..0086a72 100644
--- a/public/mediaswcodec.te
+++ b/public/mediaswcodec.te
@@ -7,6 +7,8 @@
 hal_client_domain(mediaswcodec, hal_allocator)
 hal_client_domain(mediaswcodec, hal_graphics_allocator)
 
+get_prop(mediaswcodec, device_config_media_native_prop)
+
 userdebug_or_eng(`
   binder_use(mediaswcodec)
   # Add mediaextractor_update_service service

public/property.te

diff --git a/public/property.te b/public/property.te
index ffd8d95..bef39b4 100644
--- a/public/property.te
+++ b/public/property.te
@@ -34,6 +34,7 @@
 type device_config_input_native_boot_prop, property_type;
 type device_config_netd_native_prop, property_type;
 type device_config_runtime_native_prop, property_type;
+type device_config_media_native_prop, property_type;
 type device_logging_prop, property_type;
 type dhcp_prop, property_type, core_property_type;
 type dumpstate_options_prop, property_type;
@@ -407,6 +408,7 @@
     -device_config_input_native_boot_prop
     -device_config_netd_native_prop
     -device_config_runtime_native_prop
+    -device_config_media_native_prop
     -heapprofd_enabled_prop
     -heapprofd_prop
     -hwservicemanager_prop

public/vendor_init.te

diff --git a/public/vendor_init.te b/public/vendor_init.te
index 94f6a25..b871f25 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -180,6 +180,7 @@
       -device_config_input_native_boot_prop
       -device_config_netd_native_prop
       -device_config_runtime_native_prop
+      -device_config_media_native_prop
       -restorecon_prop
       -netd_stable_secret_prop
       -firstboot_prop