commit cf8f6ef36309c11bbdbf08f558d88653ef5199be
author Rachel Lee <rnlee@google.com> Thu Jul 01 01:05:22 2021 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Jul 01 01:05:22 2021 +0000
tree 1acf2433d8062f7740f8230f8bd1f6f717025ca4
parent 4678660d831fbffbb6a998551f413de1382628d2
parent b6142ecc22186b208b6cf392e12bf02e35acb23a

Merge "Add sepolicy SF native boot namespace."

private/flags_health_check.te

diff --git a/private/flags_health_check.te b/private/flags_health_check.te
index 55d1a9a..f6675ac 100644
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te
@@ -19,6 +19,7 @@
 set_prop(flags_health_check, device_config_window_manager_native_boot_prop)
 set_prop(flags_health_check, device_config_configuration_prop)
 set_prop(flags_health_check, device_config_connectivity_prop)
+set_prop(flags_health_check, device_config_surface_flinger_native_boot_prop)
 
 # system property device_config_boot_count_prop is used for deciding when to perform server
 # configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a

private/property.te

diff --git a/private/property.te b/private/property.te
index 01d4fd9..d6ddbdf 100644
--- a/private/property.te
+++ b/private/property.te
@@ -10,6 +10,7 @@
 system_internal_prop(device_config_configuration_prop)
 system_internal_prop(device_config_connectivity_prop)
 system_internal_prop(device_config_swcodec_native_prop)
+system_internal_prop(device_config_surface_flinger_native_boot_prop)
 system_internal_prop(fastbootd_protocol_prop)
 system_internal_prop(gsid_prop)
 system_internal_prop(init_perf_lsm_hooks_prop)

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index 62862e9..326232d 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -241,6 +241,7 @@
 persist.device_config.statsd_native.                u:object_r:device_config_statsd_native_prop:s0
 persist.device_config.statsd_native_boot.           u:object_r:device_config_statsd_native_boot_prop:s0
 persist.device_config.storage_native_boot.          u:object_r:device_config_storage_native_boot_prop:s0
+persist.device_config.surface_flinger_native_boot.  u:object_r:device_config_surface_flinger_native_boot_prop:s0
 persist.device_config.swcodec_native.               u:object_r:device_config_swcodec_native_prop:s0
 persist.device_config.window_manager_native_boot.   u:object_r:device_config_window_manager_native_boot_prop:s0
 

private/surfaceflinger.te

diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 8203724..f99ce96 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -61,6 +61,7 @@
 
 # Get properties.
 get_prop(surfaceflinger, qemu_sf_lcd_density_prop)
+get_prop(network_stack, device_config_surface_flinger_native_boot_prop)
 
 # Use open files supplied by an app.
 allow surfaceflinger appdomain:fd use;

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index d76a2a8..8ea6e50 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -708,7 +708,7 @@
 set_prop(system_server, device_config_window_manager_native_boot_prop)
 set_prop(system_server, device_config_configuration_prop)
 set_prop(system_server, device_config_connectivity_prop)
-
+set_prop(system_server, device_config_surface_flinger_native_boot_prop)
 
 # Allow query ART device config properties
 get_prop(system_server, device_config_runtime_native_boot_prop)
@@ -1216,6 +1216,7 @@
   device_config_runtime_native_prop
   device_config_media_native_prop
   device_config_storage_native_boot_prop
+  device_config_surface_flinger_native_boot_prop
   device_config_sys_traced_prop
   device_config_swcodec_native_prop
   device_config_window_manager_native_boot_prop