commit cbb11911487862a45afdb5306beb85bf136e79ba
author Treehugger Robot <treehugger-gerrit@google.com> Fri Nov 25 10:08:37 2022 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Nov 25 10:08:37 2022 +0000
tree 0878f1581beed3df9fa71c5438ccdd056d9f268d
parent 255de9334196de8dc1291017fc3fdd357b2cbd44
parent 9a444d0499fd8af85916c5474d1eb6239d08746c

Merge "[cleanup] Remove attribute service_manager_type in microdroid"

private/compat/33.0/33.0.ignore.cil

diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 48c8eb4..3750e7d 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -23,6 +23,7 @@
     hal_tv_hdmi_cec_service
     hal_wifi_service
     healthconnect_service
+    hypervisor_restricted_prop
     keystore_config_prop
     ntfs
     permissive_mte_prop

private/init.te

diff --git a/private/init.te b/private/init.te
index 2fd2940..72dedd2 100644
--- a/private/init.te
+++ b/private/init.te
@@ -95,9 +95,6 @@
 # Only init can write normal ro.boot. properties
 neverallow { domain -init } bootloader_prop:property_service set;
 
-# Only init can write ro.boot.hypervisor properties
-neverallow { domain -init } hypervisor_prop:property_service set;
-
 # Only init can write hal.instrumentation.enable
 neverallow { domain -init } hal_instrumentation_prop:property_service set;
 

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index b8503bd..823fa2f 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -640,6 +640,10 @@
 external_storage.cross_user.enabled u:object_r:storage_config_prop:s0 exact bool
 ro.fuse.bpf.enabled u:object_r:storage_config_prop:s0 exact bool
 
+# hypervisor.*: configured by the vendor to advertise capabilities of their
+# hypervisor to virtualizationservice.
+hypervisor.memory_reclaim.supported u:object_r:hypervisor_restricted_prop:s0 exact bool
+
 ro.config.per_app_memcg         u:object_r:lmkd_config_prop:s0 exact bool
 ro.lmk.critical                 u:object_r:lmkd_config_prop:s0 exact int
 ro.lmk.critical_upgrade         u:object_r:lmkd_config_prop:s0 exact bool

private/virtualizationservice.te

diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 46871b7..883ff56 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -71,8 +71,9 @@
 # Allow virtualizationservice to read/write its own sysprop. Only the process can do so.
 set_prop(virtualizationservice, virtualizationservice_prop)
 
-# Allow virtualizationservice to inspect hypervisor capabilities.
+# Allow virtualizationservice to inspect all hypervisor capabilities.
 get_prop(virtualizationservice, hypervisor_prop)
+get_prop(virtualizationservice, hypervisor_restricted_prop)
 
 # Allow writing stats to statsd
 unix_socket_send(virtualizationservice, statsdw, statsd)

public/property.te

diff --git a/public/property.te b/public/property.te
index 14abd0f..00ae1bb 100644
--- a/public/property.te
+++ b/public/property.te
@@ -75,7 +75,6 @@
 system_restricted_prop(gwp_asan_prop)
 system_restricted_prop(hal_instrumentation_prop)
 system_restricted_prop(userdebug_or_eng_prop)
-system_restricted_prop(hypervisor_prop)
 system_restricted_prop(init_service_status_prop)
 system_restricted_prop(libc_debug_prop)
 system_restricted_prop(module_sdkextensions_prop)
@@ -151,6 +150,8 @@
 system_vendor_config_prop(graphics_config_prop)
 system_vendor_config_prop(hdmi_config_prop)
 system_vendor_config_prop(hw_timeout_multiplier_prop)
+system_vendor_config_prop(hypervisor_prop)
+system_vendor_config_prop(hypervisor_restricted_prop)
 system_vendor_config_prop(incremental_prop)
 system_vendor_config_prop(keyguard_config_prop)
 system_vendor_config_prop(keystore_config_prop)