Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / aedd65ac207c8ec310b1f0a7f34bcc74370cf1d6^! / .
commitaedd65ac207c8ec310b1f0a7f34bcc74370cf1d6[log] [tgz]
authorAndrew Scull <ascull@google.com>Fri Oct 08 12:13:46 2021 +0000
committerAndrew Scull <ascull@google.com>Fri Oct 08 14:51:30 2021 +0000
tree136839e7d163fde8e0894bddb0be2d264cdc90d3
parenta5d1958d3ec0ed74124a43f6a2b11880b78de102 [diff]
Allow vendor_init to read AVF device configs

Bug: 192819132
Test: build
Change-Id: Iefa4d2d2dc0a13a9a6c95779d6ebde5cb2834295

diff --git a/private/property.te b/private/property.te
index 32cdc75..b196a1b 100644
--- a/private/property.te
+++ b/private/property.te

@@ -43,6 +43,9 @@
 system_internal_prop(ctl_odsign_prop)
 system_internal_prop(virtualizationservice_prop)
 
+# Properties which can't be written outside system
+system_restricted_prop(device_config_virtualization_framework_native_prop)
+
 ###
 ### Neverallow rules
 ###

diff --git a/private/property_contexts b/private/property_contexts
index 1b35d3b..8f08dd3 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -249,6 +249,7 @@
 persist.device_config.storage_native_boot.          u:object_r:device_config_storage_native_boot_prop:s0
 persist.device_config.surface_flinger_native_boot.  u:object_r:device_config_surface_flinger_native_boot_prop:s0
 persist.device_config.swcodec_native.               u:object_r:device_config_swcodec_native_prop:s0
+persist.device_config.virtualization_framework_native. u:object_r:device_config_virtualization_framework_native_prop:s0
 persist.device_config.window_manager_native_boot.   u:object_r:device_config_window_manager_native_boot_prop:s0
 
 # MM Events config props

diff --git a/private/vendor_init.te b/private/vendor_init.te
index 2e616f3..70b3ef9 100644
--- a/private/vendor_init.te
+++ b/private/vendor_init.te

@@ -9,6 +9,9 @@
 # Let vendor_init set service.adb.tcp.port.
 set_prop(vendor_init, adbd_config_prop)
 
+# Let vendor_init react to AVF device config changes
+get_prop(vendor_init, device_config_virtualization_framework_native_prop)
+
 # chown/chmod on devices, e.g. /dev/ttyHS0
 allow vendor_init {
   dev_type