sepolicy updates for adding native flag namespace for lmkd
sepolicy updates for running lmkd experiments.
Bug: 194316048
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I21df3b76cce925639385111bd23adf419f026a65
Merged-In: I21df3b76cce925639385111bd23adf419f026a65
(cherry picked from commit 3f95dc1e5be6d6588e6e73de2a7aab8dd2279191)
Merged-In:I21df3b76cce925639385111bd23adf419f026a65
diff --git a/prebuilts/api/31.0/private/flags_health_check.te b/prebuilts/api/31.0/private/flags_health_check.te
index 55d1a9a..6b15a35 100644
--- a/prebuilts/api/31.0/private/flags_health_check.te
+++ b/prebuilts/api/31.0/private/flags_health_check.te
@@ -7,6 +7,7 @@
set_prop(flags_health_check, device_config_runtime_native_boot_prop)
set_prop(flags_health_check, device_config_runtime_native_prop)
set_prop(flags_health_check, device_config_input_native_boot_prop)
+set_prop(flags_health_check, device_config_lmkd_native_prop)
set_prop(flags_health_check, device_config_netd_native_prop)
set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
set_prop(flags_health_check, device_config_media_native_prop)
diff --git a/prebuilts/api/31.0/private/lmkd.te b/prebuilts/api/31.0/private/lmkd.te
index ec9a93e..aee1b7f 100644
--- a/prebuilts/api/31.0/private/lmkd.te
+++ b/prebuilts/api/31.0/private/lmkd.te
@@ -8,6 +8,9 @@
# Set lmkd.* properties.
set_prop(lmkd, lmkd_prop)
+# Get persist.device_config.lmk_native.* properties.
+get_prop(lmkd, device_config_lmkd_native_prop)
+
allow lmkd fs_bpf:dir search;
allow lmkd fs_bpf:file read;
allow lmkd bpfloader:bpf map_read;
diff --git a/prebuilts/api/31.0/private/property.te b/prebuilts/api/31.0/private/property.te
index 29f4f1a..587cf5e 100644
--- a/prebuilts/api/31.0/private/property.te
+++ b/prebuilts/api/31.0/private/property.te
@@ -1,6 +1,7 @@
# Properties used only in /system
system_internal_prop(adbd_prop)
system_internal_prop(ctl_snapuserd_prop)
+system_internal_prop(device_config_lmkd_native_prop)
system_internal_prop(device_config_profcollect_native_boot_prop)
system_internal_prop(device_config_statsd_native_prop)
system_internal_prop(device_config_statsd_native_boot_prop)
diff --git a/prebuilts/api/31.0/private/property_contexts b/prebuilts/api/31.0/private/property_contexts
index 4cec734..79b7a30 100644
--- a/prebuilts/api/31.0/private/property_contexts
+++ b/prebuilts/api/31.0/private/property_contexts
@@ -237,6 +237,7 @@
persist.device_config.configuration. u:object_r:device_config_configuration_prop:s0
persist.device_config.connectivity. u:object_r:device_config_connectivity_prop:s0
persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0
+persist.device_config.lmkd_native. u:object_r:device_config_lmkd_native_prop:s0
persist.device_config.media_native. u:object_r:device_config_media_native_prop:s0
persist.device_config.netd_native. u:object_r:device_config_netd_native_prop:s0
persist.device_config.profcollect_native_boot. u:object_r:device_config_profcollect_native_boot_prop:s0
diff --git a/prebuilts/api/31.0/private/system_server.te b/prebuilts/api/31.0/private/system_server.te
index 73301c1..82b2a1f 100644
--- a/prebuilts/api/31.0/private/system_server.te
+++ b/prebuilts/api/31.0/private/system_server.te
@@ -698,6 +698,7 @@
set_prop(system_server, device_config_activity_manager_native_boot_prop)
set_prop(system_server, device_config_runtime_native_boot_prop)
set_prop(system_server, device_config_runtime_native_prop)
+set_prop(system_server, device_config_lmkd_native_prop)
set_prop(system_server, device_config_media_native_prop)
set_prop(system_server, device_config_profcollect_native_boot_prop)
set_prop(system_server, device_config_statsd_native_prop)
@@ -1213,6 +1214,7 @@
device_config_activity_manager_native_boot_prop
device_config_connectivity_prop
device_config_input_native_boot_prop
+ device_config_lmkd_native_prop
device_config_netd_native_prop
device_config_runtime_native_boot_prop
device_config_runtime_native_prop
diff --git a/private/flags_health_check.te b/private/flags_health_check.te
index 55d1a9a..6b15a35 100644
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te
@@ -7,6 +7,7 @@
set_prop(flags_health_check, device_config_runtime_native_boot_prop)
set_prop(flags_health_check, device_config_runtime_native_prop)
set_prop(flags_health_check, device_config_input_native_boot_prop)
+set_prop(flags_health_check, device_config_lmkd_native_prop)
set_prop(flags_health_check, device_config_netd_native_prop)
set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
set_prop(flags_health_check, device_config_media_native_prop)
diff --git a/private/lmkd.te b/private/lmkd.te
index ec9a93e..aee1b7f 100644
--- a/private/lmkd.te
+++ b/private/lmkd.te
@@ -8,6 +8,9 @@
# Set lmkd.* properties.
set_prop(lmkd, lmkd_prop)
+# Get persist.device_config.lmk_native.* properties.
+get_prop(lmkd, device_config_lmkd_native_prop)
+
allow lmkd fs_bpf:dir search;
allow lmkd fs_bpf:file read;
allow lmkd bpfloader:bpf map_read;
diff --git a/private/property.te b/private/property.te
index 29f4f1a..587cf5e 100644
--- a/private/property.te
+++ b/private/property.te
@@ -1,6 +1,7 @@
# Properties used only in /system
system_internal_prop(adbd_prop)
system_internal_prop(ctl_snapuserd_prop)
+system_internal_prop(device_config_lmkd_native_prop)
system_internal_prop(device_config_profcollect_native_boot_prop)
system_internal_prop(device_config_statsd_native_prop)
system_internal_prop(device_config_statsd_native_boot_prop)
diff --git a/private/property_contexts b/private/property_contexts
index 4cec734..79b7a30 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -237,6 +237,7 @@
persist.device_config.configuration. u:object_r:device_config_configuration_prop:s0
persist.device_config.connectivity. u:object_r:device_config_connectivity_prop:s0
persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0
+persist.device_config.lmkd_native. u:object_r:device_config_lmkd_native_prop:s0
persist.device_config.media_native. u:object_r:device_config_media_native_prop:s0
persist.device_config.netd_native. u:object_r:device_config_netd_native_prop:s0
persist.device_config.profcollect_native_boot. u:object_r:device_config_profcollect_native_boot_prop:s0
diff --git a/private/system_server.te b/private/system_server.te
index 73301c1..82b2a1f 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -698,6 +698,7 @@
set_prop(system_server, device_config_activity_manager_native_boot_prop)
set_prop(system_server, device_config_runtime_native_boot_prop)
set_prop(system_server, device_config_runtime_native_prop)
+set_prop(system_server, device_config_lmkd_native_prop)
set_prop(system_server, device_config_media_native_prop)
set_prop(system_server, device_config_profcollect_native_boot_prop)
set_prop(system_server, device_config_statsd_native_prop)
@@ -1213,6 +1214,7 @@
device_config_activity_manager_native_boot_prop
device_config_connectivity_prop
device_config_input_native_boot_prop
+ device_config_lmkd_native_prop
device_config_netd_native_prop
device_config_runtime_native_boot_prop
device_config_runtime_native_prop
