commit 7e07941d3d9911c5671239a8abb2632ab30e8e69
author Andrew Scull <ascull@google.com> Wed Feb 02 13:54:11 2022 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Feb 02 13:54:11 2022 +0000
tree d49487f8ef76a9419bd653475b329c38ee1951ef
parent fb9d097d03bd61bc9f36cb434b86fa4ffe0d18f5
parent 792b03ddb5ba8e279749b83bfe7bdaf3a3175ff8

Merge changes I82f0c2ef,I013894de

* changes:
  Let VirtualizationService access hypervisor properties
  Tag new hypervisor properties

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index 1474d00..618794e 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -737,7 +737,9 @@
 ro.boot.verifiedbootstate  u:object_r:bootloader_prop:s0 exact string
 ro.boot.veritymode         u:object_r:bootloader_prop:s0 exact string
 # Properties specific to virtualized deployments of Android
+ro.boot.hypervisor.protected_vm.supported   u:object_r:hypervisor_prop:s0 exact bool
 ro.boot.hypervisor.version                  u:object_r:hypervisor_prop:s0 exact string
+ro.boot.hypervisor.vm.supported             u:object_r:hypervisor_prop:s0 exact bool
 
 # These ro.X properties are set to values of ro.boot.X by property_service.
 ro.baseband   u:object_r:bootloader_prop:s0 exact string

private/virtualizationservice.te

diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 5f6375f..05e1664 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -64,6 +64,9 @@
 # Allow virtualizationservice to read/write its own sysprop. Only the process can do so.
 set_prop(virtualizationservice, virtualizationservice_prop)
 
+# Allow virtualizationservice to inspect hypervisor capabilities.
+get_prop(virtualizationservice, hypervisor_prop)
+
 # Allow writing stats to statsd
 unix_socket_send(virtualizationservice, statsdw, statsd)