Allow reading hypervisor capabilities System server needs to do this to know whether a suitable VM for CompOS can be created. System server does not need the ability to actually start a VM, so we don't grant that. Bug: 218276733 Test: Presubmits Change-Id: Ibb198ad55819aa924f1bfde68ce5b22c89dca088

commit: 55803ca5726eeb706b3d6c5f3b482a68d77d34b4 [log] [tgz]
author: Alan Stokes <alanstokes@google.com> Fri Feb 04 17:56:09 2022 +0000
committer: Alan Stokes <alanstokes@google.com> Mon Feb 07 11:33:18 2022 +0000
tree: 537a0ed7451dd3cb487ab611349ddb7e4dfb13e8
parent: f7a825bc46f814ea0d8ef4400c32f7d5bda0a6d4 [diff]
diff --git a/private/system_server.te b/private/system_server.te
index f70744d..1e79932 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -787,6 +787,9 @@
 # Read the net.464xlat.cellular.enabled property (written by init).
 get_prop(system_server, net_464xlat_fromvendor_prop)
 
+# Read hypervisor capabilities ro.boot.hypervisor.*
+get_prop(system_server, hypervisor_prop)
+
 # Create a socket for connections from debuggerd.
 allow system_server system_ndebug_socket:sock_file create_file_perms;
commit	55803ca5726eeb706b3d6c5f3b482a68d77d34b4	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Fri Feb 04 17:56:09 2022 +0000
committer	Alan Stokes <alanstokes@google.com>	Mon Feb 07 11:33:18 2022 +0000
tree	537a0ed7451dd3cb487ab611349ddb7e4dfb13e8
parent	f7a825bc46f814ea0d8ef4400c32f7d5bda0a6d4 [diff]