Adjust policy for hypervisor system properties 1. Allow them to be configured by vendor_init. 2. Introduce a new system property hypervisor.memory_reclaim.supported, which is configured by vendor_init and accessed only by virtualizationservice, and is not as widely accessible as the existing hypervisor sysprops. Bug: 235579465 Test: atest MicrodroidTests Change-Id: I952432568a6ab351b5cc155ff5eb0cb0dcddf433

commit: 84bb5eeccb3be4a4618f4b27848f03129677764c [log] [tgz]
author: Keir Fraser <keirf@google.com> Wed Nov 23 14:06:36 2022 +0000
committer: Keir Fraser <keirf@google.com> Thu Nov 24 10:23:58 2022 +0000
tree: 62b85178e1686583a4f6da56224f12a77d9ac6dc
parent: 0065888fe751879514350c66e132386c9ceb7646 [diff] [blame]
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 46871b7..883ff56 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -71,8 +71,9 @@
 # Allow virtualizationservice to read/write its own sysprop. Only the process can do so.
 set_prop(virtualizationservice, virtualizationservice_prop)
 
-# Allow virtualizationservice to inspect hypervisor capabilities.
+# Allow virtualizationservice to inspect all hypervisor capabilities.
 get_prop(virtualizationservice, hypervisor_prop)
+get_prop(virtualizationservice, hypervisor_restricted_prop)
 
 # Allow writing stats to statsd
 unix_socket_send(virtualizationservice, statsdw, statsd)
commit	84bb5eeccb3be4a4618f4b27848f03129677764c	[log] [tgz]
author	Keir Fraser <keirf@google.com>	Wed Nov 23 14:06:36 2022 +0000
committer	Keir Fraser <keirf@google.com>	Thu Nov 24 10:23:58 2022 +0000
tree	62b85178e1686583a4f6da56224f12a77d9ac6dc
parent	0065888fe751879514350c66e132386c9ceb7646 [diff] [blame]