commit 54229d8157b42533ad9f93b3f5c095c77275e93d
author Peiyong Lin <lpy@google.com> Wed May 03 17:12:39 2023 +0000
committer Peiyong Lin <lpy@google.com> Thu May 04 15:56:33 2023 +0000
tree 9e2e8834b1a08f2de55a4dd12e71afd6dbd5fb3b
parent 6c6f53b1a8bc6ba01f64ad359bd97389cfa71716

Allow graphics_config_writable_prop to be modified.

vendor_init needs to set graphics_config_writable_prop, moving it to
system_public_prop.

Bug: b/270994705
Test: atest CtsAngleIntegrationHostTestCases
Test: m && boot
Change-Id: I2f47c1048aad4565cb13d4289b9a018734d18c07

private/gpuservice.te

diff --git a/private/gpuservice.te b/private/gpuservice.te
index 08c3902..297a876 100644
--- a/private/gpuservice.te
+++ b/private/gpuservice.te
@@ -64,6 +64,8 @@
 # Needed for enabling write access to persist.graphics.egl from developer option switch UI, through gpuservice.
 set_prop(gpuservice, graphics_config_writable_prop)
 
+neverallow { domain -init -vendor_init -gpuservice } graphics_config_writable_prop:property_service set;
+
 # Needed for querying permission
 allow gpuservice permission_service:service_manager find;
 

public/property.te

diff --git a/public/property.te b/public/property.te
index 8d6b8ee..346dc70 100644
--- a/public/property.te
+++ b/public/property.te
@@ -101,7 +101,6 @@
 system_restricted_prop(userspace_reboot_exported_prop)
 system_restricted_prop(vold_status_prop)
 system_restricted_prop(vts_status_prop)
-system_restricted_prop(graphics_config_writable_prop)
 
 
 compatible_property_only(`
@@ -223,6 +222,7 @@
 system_public_prop(ffs_control_prop)
 system_public_prop(framework_status_prop)
 system_public_prop(gesture_prop)
+system_public_prop(graphics_config_writable_prop)
 system_public_prop(hal_dumpstate_config_prop)
 system_public_prop(sota_prop)
 system_public_prop(hwservicemanager_prop)

public/vendor_init.te

diff --git a/public/vendor_init.te b/public/vendor_init.te
index 288d035..3942c27 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -251,6 +251,7 @@
 set_prop(vendor_init, logd_prop)
 set_prop(vendor_init, log_tag_prop)
 set_prop(vendor_init, log_prop)
+set_prop(vendor_init, graphics_config_writable_prop)
 set_prop(vendor_init, qemu_hw_prop)
 set_prop(vendor_init, radio_control_prop)
 set_prop(vendor_init, rebootescrow_hal_prop)

vendor/hal_camera_default.te

diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te
index ff28a03..710e2df 100644
--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
@@ -13,6 +13,7 @@
 
 # Allow reading graphics properties, specifically for EGL blobcache mode
 get_prop(hal_camera_default, graphics_config_prop);
+get_prop(hal_camera_default, graphics_config_writable_prop);
 
 # For collecting bugreports.
 allow hal_camera_default dumpstate:fd use;