Allow for server-side configuration of libstagefright
Relaxation of SELinux policies to allow users of libstagefright and
MediaCodec to be able to query server-side configurable flags.
Bug: 301372559
Bug: 301250938
Test: run cts -m CtsSecurityHostTestCases
Change-Id: I72670ee42c268dd5747c2411d25959d366dd972c
Merged-In: I72670ee42c268dd5747c2411d25959d366dd972c
diff --git a/prebuilts/api/31.0/public/domain.te b/prebuilts/api/31.0/public/domain.te
index 799a2f1..38266cd 100644
--- a/prebuilts/api/31.0/public/domain.te
+++ b/prebuilts/api/31.0/public/domain.te
@@ -353,6 +353,10 @@
allow domain apex_mnt_dir:dir { getattr search };
allow domain apex_mnt_dir:lnk_file r_file_perms;
+# Allow everyone to read media server-configurable flags, so that libstagefright can be
+# configured using server-configurable flags
+get_prop(domain, device_config_media_native_prop)
+
###
### neverallow rules
###
diff --git a/prebuilts/api/31.0/public/property.te b/prebuilts/api/31.0/public/property.te
index 1d3f358..57b6ad6 100644
--- a/prebuilts/api/31.0/public/property.te
+++ b/prebuilts/api/31.0/public/property.te
@@ -8,7 +8,6 @@
system_internal_prop(device_config_activity_manager_native_boot_prop)
system_internal_prop(device_config_boot_count_prop)
system_internal_prop(device_config_input_native_boot_prop)
-system_internal_prop(device_config_media_native_prop)
system_internal_prop(device_config_netd_native_prop)
system_internal_prop(device_config_reset_performed_prop)
system_internal_prop(firstboot_prop)
@@ -65,6 +64,7 @@
system_restricted_prop(build_bootimage_prop)
system_restricted_prop(build_prop)
system_restricted_prop(charger_status_prop)
+system_restricted_prop(device_config_media_native_prop)
system_restricted_prop(device_config_runtime_native_boot_prop)
system_restricted_prop(device_config_runtime_native_prop)
system_restricted_prop(fingerprint_prop)
diff --git a/prebuilts/api/32.0/public/domain.te b/prebuilts/api/32.0/public/domain.te
index 799a2f1..38266cd 100644
--- a/prebuilts/api/32.0/public/domain.te
+++ b/prebuilts/api/32.0/public/domain.te
@@ -353,6 +353,10 @@
allow domain apex_mnt_dir:dir { getattr search };
allow domain apex_mnt_dir:lnk_file r_file_perms;
+# Allow everyone to read media server-configurable flags, so that libstagefright can be
+# configured using server-configurable flags
+get_prop(domain, device_config_media_native_prop)
+
###
### neverallow rules
###
diff --git a/prebuilts/api/32.0/public/property.te b/prebuilts/api/32.0/public/property.te
index 2b2af6d..f019b23 100644
--- a/prebuilts/api/32.0/public/property.te
+++ b/prebuilts/api/32.0/public/property.te
@@ -8,7 +8,6 @@
system_internal_prop(device_config_activity_manager_native_boot_prop)
system_internal_prop(device_config_boot_count_prop)
system_internal_prop(device_config_input_native_boot_prop)
-system_internal_prop(device_config_media_native_prop)
system_internal_prop(device_config_netd_native_prop)
system_internal_prop(device_config_reset_performed_prop)
system_internal_prop(firstboot_prop)
@@ -65,6 +64,7 @@
system_restricted_prop(build_bootimage_prop)
system_restricted_prop(build_prop)
system_restricted_prop(charger_status_prop)
+system_restricted_prop(device_config_media_native_prop)
system_restricted_prop(device_config_runtime_native_boot_prop)
system_restricted_prop(device_config_runtime_native_prop)
system_restricted_prop(fingerprint_prop)
diff --git a/public/domain.te b/public/domain.te
index 799a2f1..38266cd 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -353,6 +353,10 @@
allow domain apex_mnt_dir:dir { getattr search };
allow domain apex_mnt_dir:lnk_file r_file_perms;
+# Allow everyone to read media server-configurable flags, so that libstagefright can be
+# configured using server-configurable flags
+get_prop(domain, device_config_media_native_prop)
+
###
### neverallow rules
###
diff --git a/public/property.te b/public/property.te
index 2b2af6d..f019b23 100644
--- a/public/property.te
+++ b/public/property.te
@@ -8,7 +8,6 @@
system_internal_prop(device_config_activity_manager_native_boot_prop)
system_internal_prop(device_config_boot_count_prop)
system_internal_prop(device_config_input_native_boot_prop)
-system_internal_prop(device_config_media_native_prop)
system_internal_prop(device_config_netd_native_prop)
system_internal_prop(device_config_reset_performed_prop)
system_internal_prop(firstboot_prop)
@@ -65,6 +64,7 @@
system_restricted_prop(build_bootimage_prop)
system_restricted_prop(build_prop)
system_restricted_prop(charger_status_prop)
+system_restricted_prop(device_config_media_native_prop)
system_restricted_prop(device_config_runtime_native_boot_prop)
system_restricted_prop(device_config_runtime_native_prop)
system_restricted_prop(fingerprint_prop)