Add sepolicy for mmd system properties
mmd uses "mmd." and "persist.device_config.mmd_native." prefixed system
properties to configure itself.
Bug: 375431994
Test: manual
Change-Id: Idf7c8d4f1a314595cd75d494f8a55a3d26773514
diff --git a/private/flags_health_check.te b/private/flags_health_check.te
index c6785dd..db7f08f 100644
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te
@@ -34,6 +34,7 @@
set_prop(flags_health_check, device_config_remote_key_provisioning_native_prop)
set_prop(flags_health_check, device_config_camera_native_prop)
set_prop(flags_health_check, device_config_tethering_u_or_later_native_prop)
+set_prop(flags_health_check, device_config_mmd_native_prop)
set_prop(flags_health_check, next_boot_prop)
allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
diff --git a/private/mmd.te b/private/mmd.te
index 4e49519..d299bd8 100644
--- a/private/mmd.te
+++ b/private/mmd.te
@@ -7,6 +7,7 @@
# Set mmd.enabled_aconfig properties.
set_prop(mmd, mmd_prop)
+get_prop(mmd, device_config_mmd_native_prop)
# mmd binder setup
add_service(mmd, mmd_service)
diff --git a/private/property.te b/private/property.te
index e8d1eee..3109253 100644
--- a/private/property.te
+++ b/private/property.te
@@ -10,6 +10,7 @@
system_internal_prop(device_config_core_experiments_team_internal_prop)
system_internal_prop(device_config_lmkd_native_prop)
system_internal_prop(device_config_mglru_native_prop)
+system_internal_prop(device_config_mmd_native_prop)
system_internal_prop(device_config_profcollect_native_boot_prop)
system_internal_prop(device_config_remote_key_provisioning_native_prop)
system_internal_prop(device_config_statsd_native_prop)
diff --git a/private/property_contexts b/private/property_contexts
index eab1e86..6b825cb 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -305,6 +305,7 @@
persist.device_config.memory_safety_native_boot. u:object_r:device_config_memory_safety_native_boot_prop:s0
persist.device_config.memory_safety_native. u:object_r:device_config_memory_safety_native_prop:s0
persist.device_config.tethering_u_or_later_native. u:object_r:device_config_tethering_u_or_later_native_prop:s0
+persist.device_config.mmd_native. u:object_r:device_config_mmd_native_prop:s0
# Prop indicates the apex that bundles input configuration files (*.idc,*.kl,*.kcm)
input_device.config_file.apex u:object_r:input_device_config_prop:s0 exact string
@@ -1778,4 +1779,5 @@
trusty.security_vm.keymint.enabled u:object_r:trusty_security_vm_sys_vendor_prop:s0 exact bool
# Properties for mmd
+mmd. u:object_r:mmd_prop:s0
mmd.enabled_aconfig u:object_r:mmd_prop:s0 exact bool
diff --git a/private/system_server.te b/private/system_server.te
index aeeb566..a901466 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -816,6 +816,7 @@
set_prop(system_server, device_config_memory_safety_native_prop)
set_prop(system_server, device_config_remote_key_provisioning_native_prop)
set_prop(system_server, device_config_tethering_u_or_later_native_prop)
+set_prop(system_server, device_config_mmd_native_prop)
set_prop(system_server, smart_idle_maint_enabled_prop)
set_prop(system_server, arm64_memtag_prop)
@@ -1397,6 +1398,7 @@
device_config_aconfig_flags_prop
device_config_window_manager_native_boot_prop
device_config_tethering_u_or_later_native_prop
+ device_config_mmd_native_prop
next_boot_prop
}:property_service set;