From 152f832904620ab51d66a531fad9c53ff85326a9 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer@google.com>
Date: Fri, 16 Dec 2022 16:50:13 -0800
Subject: [PATCH] Allow system_server to set arm64 memtag property

Bug: 262763327
Bug: 244290023
Test: atest MtePolicyTest on user build
Test: manually with TestDPC
Change-Id: If1ed257fede6fa424604eed9775eb3a3b8365afe
---
 private/property.te      | 1 +
 private/system_server.te | 1 +
 2 files changed, 2 insertions(+)

diff --git a/private/property.te b/private/property.te
index cac04d336..dee63696e 100644
--- a/private/property.te
+++ b/private/property.te
@@ -432,6 +432,7 @@ neverallow {
   -init
   -shell
   -system_app
+  -system_server
   -mtectrl
 } {
   arm64_memtag_prop
diff --git a/private/system_server.te b/private/system_server.te
index 54ad242b0..1a19a77cb 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -762,6 +762,7 @@ set_prop(system_server, device_config_virtualization_framework_native_prop)
 set_prop(system_server, device_config_memory_safety_native_prop)
 set_prop(system_server, device_config_remote_key_provisioning_native_prop)
 set_prop(system_server, smart_idle_maint_enabled_prop)
+set_prop(system_server, arm64_memtag_prop)
 
 # Allow query ART device config properties
 get_prop(system_server, device_config_runtime_native_boot_prop)