Update sepolicy with new native boot flag for activity_manager

Whitelist the persistent system properties that will be used as
flags in activity manager experiments.

Bug: 120794810
Test: m, flash, test getting flag value in ActivityManagerService.java
Change-Id: I90a10bc87d6db3a64347b62fd02e6f0b12ac9fa8
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 634d4a7..7c1a78d 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -25,6 +25,7 @@
     content_suggestions_service
     cpu_variant_prop
     dev_cpu_variant
+    device_config_activity_manager_native_boot_prop
     device_config_boot_count_prop
     device_config_input_native_boot_prop
     device_config_netd_native_prop
diff --git a/private/property_contexts b/private/property_contexts
index d7563bc..3296a04 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -168,6 +168,7 @@
 
 # Properties that relate to server configurable flags
 device_config.reset_performed           u:object_r:device_config_reset_performed_prop:s0
+persist.device_config.activity_manager_native_boot. u:object_r:device_config_activity_manager_native_boot_prop:s0
 persist.device_config.attempted_boot_count        u:object_r:device_config_boot_count_prop:s0
 persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0
 persist.device_config.netd_native.           u:object_r:device_config_netd_native_prop:s0
diff --git a/private/system_server.te b/private/system_server.te
index 2dcab1e..8aa7785 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -584,6 +584,7 @@
 # server configurable flags properties
 set_prop(system_server, device_config_input_native_boot_prop)
 set_prop(system_server, device_config_netd_native_prop)
+set_prop(system_server, device_config_activity_manager_native_boot_prop)
 
 # BootReceiver to read ro.boot.bootreason
 get_prop(system_server, bootloader_boot_reason_prop)
@@ -940,6 +941,7 @@
   -system_server
   -flags_health_check
 } {
+  device_config_activity_manager_native_boot_prop
   device_config_input_native_boot_prop
   device_config_netd_native_prop
 }:property_service set;
diff --git a/public/flags_heatlh_check.te b/public/flags_heatlh_check.te
index e5677c3..835a82a 100644
--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te
@@ -6,6 +6,7 @@
 set_prop(flags_health_check, device_config_reset_performed_prop)
 set_prop(flags_health_check, device_config_input_native_boot_prop)
 set_prop(flags_health_check, device_config_netd_native_prop)
+set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
 
 allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
 allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
diff --git a/public/property.te b/public/property.te
index 980c3d0..379c4d3 100644
--- a/public/property.te
+++ b/public/property.te
@@ -28,6 +28,7 @@
 type debuggerd_prop, property_type, core_property_type;
 type debug_prop, property_type, core_property_type;
 type default_prop, property_type, core_property_type;
+type device_config_activity_manager_native_boot_prop, property_type;
 type device_config_boot_count_prop, property_type;
 type device_config_reset_performed_prop, property_type;
 type device_config_input_native_boot_prop, property_type;
@@ -399,6 +400,7 @@
     -ffs_prop
     -fingerprint_prop
     -firstboot_prop
+    -device_config_activity_manager_native_boot_prop
     -device_config_reset_performed_prop
     -device_config_boot_count_prop
     -device_config_input_native_boot_prop
diff --git a/public/vendor_init.te b/public/vendor_init.te
index ffd5e0c..d9dc72f 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -174,6 +174,7 @@
 not_compatible_property(`
     set_prop(vendor_init, {
       property_type
+      -device_config_activity_manager_native_boot_prop
       -device_config_boot_count_prop
       -device_config_reset_performed_prop
       -device_config_input_native_boot_prop