Merge "Allow graphics_config_writable_prop to be modified." into udc-dev
diff --git a/prebuilts/api/34.0/private/gpuservice.te b/prebuilts/api/34.0/private/gpuservice.te
index 08c3902..297a876 100644
--- a/prebuilts/api/34.0/private/gpuservice.te
+++ b/prebuilts/api/34.0/private/gpuservice.te
@@ -64,6 +64,8 @@
# Needed for enabling write access to persist.graphics.egl from developer option switch UI, through gpuservice.
set_prop(gpuservice, graphics_config_writable_prop)
+neverallow { domain -init -vendor_init -gpuservice } graphics_config_writable_prop:property_service set;
+
# Needed for querying permission
allow gpuservice permission_service:service_manager find;
diff --git a/prebuilts/api/34.0/public/property.te b/prebuilts/api/34.0/public/property.te
index 335301e..5ee8d60 100644
--- a/prebuilts/api/34.0/public/property.te
+++ b/prebuilts/api/34.0/public/property.te
@@ -102,7 +102,6 @@
system_restricted_prop(userspace_reboot_exported_prop)
system_restricted_prop(vold_status_prop)
system_restricted_prop(vts_status_prop)
-system_restricted_prop(graphics_config_writable_prop)
compatible_property_only(`
@@ -225,6 +224,7 @@
system_public_prop(ffs_control_prop)
system_public_prop(framework_status_prop)
system_public_prop(gesture_prop)
+system_public_prop(graphics_config_writable_prop)
system_public_prop(hal_dumpstate_config_prop)
system_public_prop(sota_prop)
system_public_prop(hwservicemanager_prop)
diff --git a/prebuilts/api/34.0/public/vendor_init.te b/prebuilts/api/34.0/public/vendor_init.te
index 288d035..3942c27 100644
--- a/prebuilts/api/34.0/public/vendor_init.te
+++ b/prebuilts/api/34.0/public/vendor_init.te
@@ -251,6 +251,7 @@
set_prop(vendor_init, logd_prop)
set_prop(vendor_init, log_tag_prop)
set_prop(vendor_init, log_prop)
+set_prop(vendor_init, graphics_config_writable_prop)
set_prop(vendor_init, qemu_hw_prop)
set_prop(vendor_init, radio_control_prop)
set_prop(vendor_init, rebootescrow_hal_prop)
diff --git a/private/gpuservice.te b/private/gpuservice.te
index 08c3902..297a876 100644
--- a/private/gpuservice.te
+++ b/private/gpuservice.te
@@ -64,6 +64,8 @@
# Needed for enabling write access to persist.graphics.egl from developer option switch UI, through gpuservice.
set_prop(gpuservice, graphics_config_writable_prop)
+neverallow { domain -init -vendor_init -gpuservice } graphics_config_writable_prop:property_service set;
+
# Needed for querying permission
allow gpuservice permission_service:service_manager find;
diff --git a/public/property.te b/public/property.te
index 335301e..5ee8d60 100644
--- a/public/property.te
+++ b/public/property.te
@@ -102,7 +102,6 @@
system_restricted_prop(userspace_reboot_exported_prop)
system_restricted_prop(vold_status_prop)
system_restricted_prop(vts_status_prop)
-system_restricted_prop(graphics_config_writable_prop)
compatible_property_only(`
@@ -225,6 +224,7 @@
system_public_prop(ffs_control_prop)
system_public_prop(framework_status_prop)
system_public_prop(gesture_prop)
+system_public_prop(graphics_config_writable_prop)
system_public_prop(hal_dumpstate_config_prop)
system_public_prop(sota_prop)
system_public_prop(hwservicemanager_prop)
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 288d035..3942c27 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -251,6 +251,7 @@
set_prop(vendor_init, logd_prop)
set_prop(vendor_init, log_tag_prop)
set_prop(vendor_init, log_prop)
+set_prop(vendor_init, graphics_config_writable_prop)
set_prop(vendor_init, qemu_hw_prop)
set_prop(vendor_init, radio_control_prop)
set_prop(vendor_init, rebootescrow_hal_prop)
diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te
index ff28a03..710e2df 100644
--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
@@ -13,6 +13,7 @@
# Allow reading graphics properties, specifically for EGL blobcache mode
get_prop(hal_camera_default, graphics_config_prop);
+get_prop(hal_camera_default, graphics_config_writable_prop);
# For collecting bugreports.
allow hal_camera_default dumpstate:fd use;