Restrict HMS props write access to system server only Bug: 346604998 Flag: EXEMPT sepolicy Test: n/a Change-Id: I6e4fd686bec91ee0ad83788df32f39a3e50e2a49

commit: a782c1b37e03b84a1eab6dd4757db130948d65f8 [log] [tgz]
author: Xiang Wang <xwxw@google.com> Wed Dec 18 21:08:16 2024 -0800
committer: Xiang Wang <xwxw@google.com> Wed Dec 18 21:08:16 2024 -0800
tree: 7bb7a826b934e9dbe323b979841d66375da7e26d
parent: 265f36ce0d43ef13bb8676e08de5f27050339652 [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index aeeb566..a9fe610 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1649,6 +1649,16 @@
 # Allow GameManagerService to read and write persist.graphics.game_default_frame_rate.enabled
 set_prop(system_server, game_manager_config_prop)
 
+# Allow system server to write HintManagerService properties
+set_prop(system_server, hint_manager_config_prop)
+neverallow {
+  domain
+  -init
+  -vendor_init
+  -system_server
+  userdebug_or_eng(`-shell')
+} hint_manager_config_prop:property_service set;
+
 # ThreadNetworkService reads Thread Network properties
 get_prop(system_server, threadnetwork_config_prop)
commit	a782c1b37e03b84a1eab6dd4757db130948d65f8	[log] [tgz]
author	Xiang Wang <xwxw@google.com>	Wed Dec 18 21:08:16 2024 -0800
committer	Xiang Wang <xwxw@google.com>	Wed Dec 18 21:08:16 2024 -0800
tree	7bb7a826b934e9dbe323b979841d66375da7e26d
parent	265f36ce0d43ef13bb8676e08de5f27050339652 [diff] [blame]