Permissions for input_native_boot flags
For input experiments that are enabled at boot time, allow system_server
to read and write the device config flags.
Bug: 120794829
Test: presubmit
Change-Id: I0f075a7579c593d4e07c3e31be529e34554068a6
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index aeba945..8797d67 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -26,6 +26,7 @@
cpu_variant_prop
dev_cpu_variant
device_config_boot_count_prop
+ device_config_input_native_boot_prop
device_config_netd_native_prop
device_config_reset_performed_prop
device_config_service
diff --git a/private/property_contexts b/private/property_contexts
index 80ccbdf..d7563bc 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -169,6 +169,7 @@
# Properties that relate to server configurable flags
device_config.reset_performed u:object_r:device_config_reset_performed_prop:s0
persist.device_config.attempted_boot_count u:object_r:device_config_boot_count_prop:s0
+persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0
persist.device_config.netd_native. u:object_r:device_config_netd_native_prop:s0
apexd. u:object_r:apexd_prop:s0
diff --git a/private/system_server.te b/private/system_server.te
index 8648738..30235e5 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -582,6 +582,7 @@
set_prop(system_server, cppreopt_prop)
# server configurable flags properties
+set_prop(system_server, device_config_input_native_boot_prop)
set_prop(system_server, device_config_netd_native_prop)
# BootReceiver to read ro.boot.bootreason
@@ -935,6 +936,7 @@
-system_server
-flags_health_check
} {
+ device_config_input_native_boot_prop
device_config_netd_native_prop
}:property_service set;
diff --git a/public/flags_heatlh_check.te b/public/flags_heatlh_check.te
index 257abc6..e5677c3 100644
--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te
@@ -4,7 +4,7 @@
set_prop(flags_health_check, device_config_boot_count_prop)
set_prop(flags_health_check, device_config_reset_performed_prop)
-
+set_prop(flags_health_check, device_config_input_native_boot_prop)
set_prop(flags_health_check, device_config_netd_native_prop)
allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
diff --git a/public/property.te b/public/property.te
index a4893ea..980c3d0 100644
--- a/public/property.te
+++ b/public/property.te
@@ -30,6 +30,7 @@
type default_prop, property_type, core_property_type;
type device_config_boot_count_prop, property_type;
type device_config_reset_performed_prop, property_type;
+type device_config_input_native_boot_prop, property_type;
type device_config_netd_native_prop, property_type;
type device_logging_prop, property_type;
type dhcp_prop, property_type, core_property_type;
@@ -400,6 +401,7 @@
-firstboot_prop
-device_config_reset_performed_prop
-device_config_boot_count_prop
+ -device_config_input_native_boot_prop
-device_config_netd_native_prop
-heapprofd_enabled_prop
-heapprofd_prop
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 178f3fc..ffd5e0c 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -176,6 +176,7 @@
property_type
-device_config_boot_count_prop
-device_config_reset_performed_prop
+ -device_config_input_native_boot_prop
-device_config_netd_native_prop
-restorecon_prop
-netd_stable_secret_prop