sepolicy: allow vendor system native experiments property Grant system_server and flags_health_check permission to set the properties that correspond to vendor system native experiments. Bug: 226456604 Test: Build Change-Id: Ib2420cf6eaf1645e7f938db32c93d085dd8950a3

commit: 7057e4abca35a14279a96c467fecbecf897d3d1a [log] [tgz]
author: Richard Chang <richardycc@google.com> Tue Apr 12 08:11:53 2022 +0000
committer: Richard Chang <richardycc@google.com> Tue Apr 12 08:11:53 2022 +0000
tree: 54942b4544ce387cd4435b785c61aa83bce7740f
parent: 4740641ce0b272bcf42ccdb26cf92879ef452df9 [diff]
diff --git a/private/flags_health_check.te b/private/flags_health_check.te
index 69ff58c..1af28c5 100644
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te

@@ -22,6 +22,7 @@
 set_prop(flags_health_check, device_config_configuration_prop)
 set_prop(flags_health_check, device_config_connectivity_prop)
 set_prop(flags_health_check, device_config_surface_flinger_native_boot_prop)
+set_prop(flags_health_check, device_config_vendor_system_native_prop)
 set_prop(flags_health_check, device_config_virtualization_framework_native_prop)
 
 # system property device_config_boot_count_prop is used for deciding when to perform server

diff --git a/private/property.te b/private/property.te
index 834d2df..14221af 100644
--- a/private/property.te
+++ b/private/property.te

@@ -46,6 +46,7 @@
 system_internal_prop(virtualizationservice_prop)
 
 # Properties which can't be written outside system
+system_restricted_prop(device_config_vendor_system_native_prop)
 system_restricted_prop(device_config_virtualization_framework_native_prop)
 
 ###

diff --git a/private/property_contexts b/private/property_contexts
index d244108..b74713c 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -255,6 +255,7 @@
 persist.device_config.storage_native_boot.          u:object_r:device_config_storage_native_boot_prop:s0
 persist.device_config.surface_flinger_native_boot.  u:object_r:device_config_surface_flinger_native_boot_prop:s0
 persist.device_config.swcodec_native.               u:object_r:device_config_swcodec_native_prop:s0
+persist.device_config.vendor_system_native.         u:object_r:device_config_vendor_system_native_prop:s0
 persist.device_config.virtualization_framework_native. u:object_r:device_config_virtualization_framework_native_prop:s0
 persist.device_config.window_manager_native_boot.   u:object_r:device_config_window_manager_native_boot_prop:s0
 

diff --git a/private/system_server.te b/private/system_server.te
index 0fae2b1..64197f2 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -741,6 +741,7 @@
 set_prop(system_server, device_config_configuration_prop)
 set_prop(system_server, device_config_connectivity_prop)
 set_prop(system_server, device_config_surface_flinger_native_boot_prop)
+set_prop(system_server, device_config_vendor_system_native_prop)
 set_prop(system_server, device_config_virtualization_framework_native_prop)
 set_prop(system_server, smart_idle_maint_enabled_prop)
commit	7057e4abca35a14279a96c467fecbecf897d3d1a	[log] [tgz]
author	Richard Chang <richardycc@google.com>	Tue Apr 12 08:11:53 2022 +0000
committer	Richard Chang <richardycc@google.com>	Tue Apr 12 08:11:53 2022 +0000
tree	54942b4544ce387cd4435b785c61aa83bce7740f
parent	4740641ce0b272bcf42ccdb26cf92879ef452df9 [diff]