Add SELinux policy for edgetpu_native device_config prop
The new android property namespace will store the configurations which are set on the server side and read by the EdgeTpu HAL.
Notes:
* This CL is similar to nnapi_native CL: https://android-review.git.corp.google.com/c/platform/system/sepolicy/+/1844919
* The read permission of EdgeTpu HAL will be added in another internal CL.
Test: mm
Bug: 243553703
Bug: 246401730
Change-Id: I5705f679148b313d919f334c51e31f7645aca82a
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 30a7e35..a751c21 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -13,6 +13,7 @@
credential_service
device_as_webcam
device_config_camera_native_prop
+ device_config_edgetpu_native_prop
device_config_memory_safety_native_boot_prop
device_config_memory_safety_native_prop
device_config_vendor_system_native_prop
diff --git a/private/flags_health_check.te b/private/flags_health_check.te
index cc4a5ca..9480b40 100644
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te
@@ -3,6 +3,7 @@
init_daemon_domain(flags_health_check)
set_prop(flags_health_check, device_config_boot_count_prop)
+set_prop(flags_health_check, device_config_edgetpu_native_prop)
set_prop(flags_health_check, device_config_reset_performed_prop)
set_prop(flags_health_check, device_config_runtime_native_boot_prop)
set_prop(flags_health_check, device_config_runtime_native_prop)
diff --git a/private/property_contexts b/private/property_contexts
index fdc6f89..7c9f81f 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -250,6 +250,7 @@
persist.device_config.camera_native. u:object_r:device_config_camera_native_prop:s0
persist.device_config.configuration. u:object_r:device_config_configuration_prop:s0
persist.device_config.connectivity. u:object_r:device_config_connectivity_prop:s0
+persist.device_config.edgetpu_native. u:object_r:device_config_edgetpu_native_prop:s0
persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0
persist.device_config.lmkd_native. u:object_r:device_config_lmkd_native_prop:s0
persist.device_config.media_native. u:object_r:device_config_media_native_prop:s0
diff --git a/private/system_server.te b/private/system_server.te
index 4e5b2e8..b366070 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -739,6 +739,7 @@
set_prop(system_server, cppreopt_prop)
# server configurable flags properties
+set_prop(system_server, device_config_edgetpu_native_prop)
set_prop(system_server, device_config_input_native_boot_prop)
set_prop(system_server, device_config_netd_native_prop)
set_prop(system_server, device_config_nnapi_native_prop)
@@ -1296,6 +1297,7 @@
device_config_lmkd_native_prop
device_config_netd_native_prop
device_config_nnapi_native_prop
+ device_config_edgetpu_native_prop
device_config_runtime_native_boot_prop
device_config_runtime_native_prop
device_config_media_native_prop
diff --git a/public/property.te b/public/property.te
index c41aa91..e4470d6 100644
--- a/public/property.te
+++ b/public/property.te
@@ -66,6 +66,7 @@
system_restricted_prop(build_bootimage_prop)
system_restricted_prop(build_prop)
system_restricted_prop(device_config_camera_native_prop)
+system_restricted_prop(device_config_edgetpu_native_prop)
system_restricted_prop(device_config_nnapi_native_prop)
system_restricted_prop(device_config_runtime_native_boot_prop)
system_restricted_prop(device_config_runtime_native_prop)