Allow for server-side configuration of libstagefright am: 1b32bccc1a am: 3e8fbf6a4d

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2762467

Change-Id: I1685cfb8cac9cd8ffaca1ad78b272ae3db8240eb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

prebuilts/api/31.0/public/domain.te

@@ -353,6 +353,10 @@ with_asan(`allow domain system_asan_options_file:file r_file_perms;')
 allow domain apex_mnt_dir:dir { getattr search };
 allow domain apex_mnt_dir:lnk_file r_file_perms;
 
+# Allow everyone to read media server-configurable flags, so that libstagefright can be
+# configured using server-configurable flags
+get_prop(domain, device_config_media_native_prop)
+
 ###
 ### neverallow rules
 ###

prebuilts/api/31.0/public/property.te

@@ -8,7 +8,6 @@ system_internal_prop(bootloader_boot_reason_prop)
 system_internal_prop(device_config_activity_manager_native_boot_prop)
 system_internal_prop(device_config_boot_count_prop)
 system_internal_prop(device_config_input_native_boot_prop)
-system_internal_prop(device_config_media_native_prop)
 system_internal_prop(device_config_netd_native_prop)
 system_internal_prop(device_config_reset_performed_prop)
 system_internal_prop(firstboot_prop)
@@ -65,6 +64,7 @@ system_restricted_prop(bq_config_prop)
 system_restricted_prop(build_bootimage_prop)
 system_restricted_prop(build_prop)
 system_restricted_prop(charger_status_prop)
+system_restricted_prop(device_config_media_native_prop)
 system_restricted_prop(device_config_runtime_native_boot_prop)
 system_restricted_prop(device_config_runtime_native_prop)
 system_restricted_prop(fingerprint_prop)

prebuilts/api/32.0/public/domain.te

@@ -353,6 +353,10 @@ with_asan(`allow domain system_asan_options_file:file r_file_perms;')
 allow domain apex_mnt_dir:dir { getattr search };
 allow domain apex_mnt_dir:lnk_file r_file_perms;
 
+# Allow everyone to read media server-configurable flags, so that libstagefright can be
+# configured using server-configurable flags
+get_prop(domain, device_config_media_native_prop)
+
 ###
 ### neverallow rules
 ###

prebuilts/api/32.0/public/property.te

@@ -8,7 +8,6 @@ system_internal_prop(bootloader_boot_reason_prop)
 system_internal_prop(device_config_activity_manager_native_boot_prop)
 system_internal_prop(device_config_boot_count_prop)
 system_internal_prop(device_config_input_native_boot_prop)
-system_internal_prop(device_config_media_native_prop)
 system_internal_prop(device_config_netd_native_prop)
 system_internal_prop(device_config_reset_performed_prop)
 system_internal_prop(firstboot_prop)
@@ -65,6 +64,7 @@ system_restricted_prop(bq_config_prop)
 system_restricted_prop(build_bootimage_prop)
 system_restricted_prop(build_prop)
 system_restricted_prop(charger_status_prop)
+system_restricted_prop(device_config_media_native_prop)
 system_restricted_prop(device_config_runtime_native_boot_prop)
 system_restricted_prop(device_config_runtime_native_prop)
 system_restricted_prop(fingerprint_prop)

prebuilts/api/33.0/public/domain.te

@@ -360,6 +360,10 @@ with_asan(`allow domain system_asan_options_file:file r_file_perms;')
 allow domain apex_mnt_dir:dir { getattr search };
 allow domain apex_mnt_dir:lnk_file r_file_perms;
 
+# Allow everyone to read media server-configurable flags, so that libstagefright can be
+# configured using server-configurable flags
+get_prop(domain, device_config_media_native_prop)
+
 ###
 ### neverallow rules
 ###

prebuilts/api/33.0/public/property.te

@@ -8,7 +8,6 @@ system_internal_prop(bootloader_boot_reason_prop)
 system_internal_prop(device_config_activity_manager_native_boot_prop)
 system_internal_prop(device_config_boot_count_prop)
 system_internal_prop(device_config_input_native_boot_prop)
-system_internal_prop(device_config_media_native_prop)
 system_internal_prop(device_config_netd_native_prop)
 system_internal_prop(device_config_reset_performed_prop)
 system_internal_prop(firstboot_prop)
@@ -63,6 +62,7 @@ system_restricted_prop(boottime_public_prop)
 system_restricted_prop(bq_config_prop)
 system_restricted_prop(build_bootimage_prop)
 system_restricted_prop(build_prop)
+system_restricted_prop(device_config_media_native_prop)
 system_restricted_prop(device_config_nnapi_native_prop)
 system_restricted_prop(device_config_runtime_native_boot_prop)
 system_restricted_prop(device_config_runtime_native_prop)

public/domain.te

@@ -360,6 +360,10 @@ with_asan(`allow domain system_asan_options_file:file r_file_perms;')
 allow domain apex_mnt_dir:dir { getattr search };
 allow domain apex_mnt_dir:lnk_file r_file_perms;
 
+# Allow everyone to read media server-configurable flags, so that libstagefright can be
+# configured using server-configurable flags
+get_prop(domain, device_config_media_native_prop)
+
 ###
 ### neverallow rules
 ###

public/property.te

@@ -8,7 +8,6 @@ system_internal_prop(bootloader_boot_reason_prop)
 system_internal_prop(device_config_activity_manager_native_boot_prop)
 system_internal_prop(device_config_boot_count_prop)
 system_internal_prop(device_config_input_native_boot_prop)
-system_internal_prop(device_config_media_native_prop)
 system_internal_prop(device_config_netd_native_prop)
 system_internal_prop(device_config_reset_performed_prop)
 system_internal_prop(firstboot_prop)
@@ -63,6 +62,7 @@ system_restricted_prop(boottime_public_prop)
 system_restricted_prop(bq_config_prop)
 system_restricted_prop(build_bootimage_prop)
 system_restricted_prop(build_prop)
+system_restricted_prop(device_config_media_native_prop)
 system_restricted_prop(device_config_nnapi_native_prop)
 system_restricted_prop(device_config_runtime_native_boot_prop)
 system_restricted_prop(device_config_runtime_native_prop)