Add SELinux policies for remote_key_provisioning_native namespace. We need to separate out the feature flags in use by remote key provisioning daemon (RKPD). For this, I have set up a new namespace remote_key_provisioning_native. This change adds the SELinux policies to make sure appropriate permissions are present when accessing the feature flag for read/write. Change-Id: I9e73a623f847a058b6236dd0aa370a7f9a9e6da7 Test: TreeHugger

commit: e1c49f55247353c714777c610dac52cd1f6e16be [log] [tgz]
author: Vikram Gaur <vikramgaur@google.com> Thu Sep 29 21:20:22 2022 +0000
committer: Vikram Gaur <vikramgaur@google.com> Thu Sep 29 21:32:58 2022 +0000
tree: f7763907152be13b8a95c6964ac8da7bde18284a
parent: 38292f168a6180a9ecf5b6d31bcec4a0187d2cbb [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index eb1e46a..375158f 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -755,6 +755,7 @@
 set_prop(system_server, device_config_vendor_system_native_boot_prop)
 set_prop(system_server, device_config_virtualization_framework_native_prop)
 set_prop(system_server, device_config_memory_safety_native_prop)
+set_prop(system_server, device_config_remote_key_provisioning_native_prop)
 set_prop(system_server, smart_idle_maint_enabled_prop)
 
 # Allow query ART device config properties
@@ -1288,6 +1289,7 @@
   device_config_runtime_native_prop
   device_config_media_native_prop
   device_config_mglru_native_prop
+  device_config_remote_key_provisioning_native_prop
   device_config_storage_native_boot_prop
   device_config_surface_flinger_native_boot_prop
   device_config_sys_traced_prop
commit	e1c49f55247353c714777c610dac52cd1f6e16be	[log] [tgz]
author	Vikram Gaur <vikramgaur@google.com>	Thu Sep 29 21:20:22 2022 +0000
committer	Vikram Gaur <vikramgaur@google.com>	Thu Sep 29 21:32:58 2022 +0000
tree	f7763907152be13b8a95c6964ac8da7bde18284a
parent	38292f168a6180a9ecf5b6d31bcec4a0187d2cbb [diff] [blame]