Whitelisting window_manager_native_boot system property Bug: 147096935 Test: build, boot Change-Id: Iadeefa3cfc9bb17eb19b60dbd18de047fa01b673

commit: 7b2a2dff0cad094384daa9456dab2f908912b611 [log] [tgz]
author: Valerie Hau <vhau@google.com> Thu Jan 16 10:52:34 2020 -0800
committer: Steven Moreland <smoreland@google.com> Tue Jan 21 22:54:49 2020 +0000
tree: 760f6c33a6c3344f2ffd692604e6de130eeec144
parent: 89277a412dcc78cb720a70e3974729134d21daff [diff]
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 2811683..582c8de 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil

@@ -27,6 +27,7 @@
     dataloader_manager_service
     device_config_storage_native_boot_prop
     device_config_sys_traced_prop
+    device_config_window_manager_native_boot_prop
     exported_camera_prop
     file_integrity_service
     gmscore_app

diff --git a/private/property_contexts b/private/property_contexts
index 625bf37..21a32b5 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -197,6 +197,7 @@
 persist.device_config.runtime_native_boot.   u:object_r:device_config_runtime_native_boot_prop:s0
 persist.device_config.media_native.          u:object_r:device_config_media_native_prop:s0
 persist.device_config.storage_native_boot.   u:object_r:device_config_storage_native_boot_prop:s0
+persist.device_config.window_manager_native_boot. u:object_r:device_config_window_manager_native_boot_prop:s0
 
 # Properties that relate to legacy server configurable flags
 persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0

diff --git a/private/system_server.te b/private/system_server.te
index 8d4e4f8..cde4385 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -619,6 +619,7 @@
 set_prop(system_server, device_config_media_native_prop)
 set_prop(system_server, device_config_storage_native_boot_prop)
 set_prop(system_server, device_config_sys_traced_prop)
+set_prop(system_server, device_config_window_manager_native_boot_prop)
 
 # BootReceiver to read ro.boot.bootreason
 get_prop(system_server, bootloader_boot_reason_prop)
@@ -990,6 +991,7 @@
   device_config_media_native_prop
   device_config_storage_native_boot_prop
   device_config_sys_traced_prop
+  device_config_window_manager_native_boot_prop
 }:property_service set;
 
 # system_server should never be executing dex2oat. This is either

diff --git a/private/zygote.te b/private/zygote.te
index 6ad6db4..5024dce 100644
--- a/private/zygote.te
+++ b/private/zygote.te

@@ -170,6 +170,10 @@
 get_prop(zygote, device_config_runtime_native_prop)
 get_prop(zygote, device_config_runtime_native_boot_prop)
 
+# Allow the zygote to access window manager native boot feature flags
+# to initialize WindowManager static properties.
+get_prop(zygote, device_config_window_manager_native_boot_prop)
+
 # ingore spurious denials
 dontaudit zygote self:global_capability_class_set sys_resource;
 

diff --git a/public/flags_health_check.te b/public/flags_health_check.te
index af7d96a..cf33ce7 100644
--- a/public/flags_health_check.te
+++ b/public/flags_health_check.te

@@ -12,6 +12,7 @@
 set_prop(flags_health_check, device_config_media_native_prop)
 set_prop(flags_health_check, device_config_storage_native_boot_prop)
 set_prop(flags_health_check, device_config_sys_traced_prop)
+set_prop(flags_health_check, device_config_window_manager_native_boot_prop)
 
 allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
 allow flags_health_check server_configurable_flags_data_file:file create_file_perms;

diff --git a/public/property.te b/public/property.te
index 2cf043a..66f7bcf 100644
--- a/public/property.te
+++ b/public/property.te

@@ -11,6 +11,7 @@
 system_internal_prop(device_config_runtime_native_prop)
 system_internal_prop(device_config_storage_native_boot_prop)
 system_internal_prop(device_config_sys_traced_prop)
+system_internal_prop(device_config_window_manager_native_boot_prop)
 system_internal_prop(firstboot_prop)
 system_internal_prop(gsid_prop)
 system_internal_prop(init_svc_debug_prop)
@@ -629,6 +630,7 @@
     -device_config_media_native_prop
     -device_config_storage_native_boot_prop
     -device_config_sys_traced_prop
+    -device_config_window_manager_native_boot_prop
     -dynamic_system_prop
     -gsid_prop
     -heapprofd_enabled_prop

diff --git a/public/vendor_init.te b/public/vendor_init.te
index eb93d13..2fbe546 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te

@@ -209,6 +209,7 @@
       -device_config_media_native_prop
       -device_config_storage_native_boot_prop
       -device_config_sys_traced_prop
+      -device_config_window_manager_native_boot_prop
       -restorecon_prop
       -netd_stable_secret_prop
       -firstboot_prop
commit	7b2a2dff0cad094384daa9456dab2f908912b611	[log] [tgz]
author	Valerie Hau <vhau@google.com>	Thu Jan 16 10:52:34 2020 -0800
committer	Steven Moreland <smoreland@google.com>	Tue Jan 21 22:54:49 2020 +0000
tree	760f6c33a6c3344f2ffd692604e6de130eeec144
parent	89277a412dcc78cb720a70e3974729134d21daff [diff]