Update sepolicy for GPU profiling properties.

A device must indicate whether GPU profiling is supported or not through
setting these two properties properly. CTS needs to read these two
properties in order to run corresponding compliance tests. Hence need to
update sepolicy for these two properties.

Bug: b/157832445
Test: Test on Pixel 4
Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3
Merged-In: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3

prebuilts/api/30.0/private/app.te

@@ -35,3 +35,6 @@ neverallow { appdomain -shell userdebug_or_eng(`-su') }
     { domain -appdomain -crash_dump -rs }:process { transition };
 neverallow { appdomain -shell userdebug_or_eng(`-su') }
     { domain -appdomain }:process { dyntransition };
+
+# Allow to read graphics related properties.
+get_prop(appdomain, graphics_config_prop)

prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil

@@ -46,6 +46,7 @@
     file_integrity_service
     fwk_automotive_display_hwservice
     gmscore_app
+    graphics_config_prop
     hal_can_bus_hwservice
     hal_can_controller_hwservice
     hal_identity_service

prebuilts/api/30.0/private/property.te

@@ -329,3 +329,10 @@ neverallow {
 } {
   userspace_reboot_test_prop
 }:property_service set;
+
+neverallow {
+  -init
+  -vendor_init
+} {
+  graphics_config_prop
+}:property_service set;

prebuilts/api/30.0/private/property_contexts

@@ -699,3 +699,7 @@ cache_key.package_info                   u:object_r:binder_cache_system_server_p
 cache_key.bluetooth.                     u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string
 cache_key.system_server.                 u:object_r:binder_cache_system_server_prop:s0 prefix string
 cache_key.telephony.                     u:object_r:binder_cache_telephony_server_prop:s0 prefix string
+
+# Graphics related properties
+graphics.gpu.profiler.support          u:object_r:graphics_config_prop:s0 exact bool
+graphics.gpu.profiler.vulkan_layer_apk u:object_r:graphics_config_prop:s0 exact string

prebuilts/api/30.0/private/shell.te

@@ -140,3 +140,6 @@ get_prop(shell, system_boot_reason_prop)
 get_prop(shell, init_perf_lsm_hooks_prop)
 
 userdebug_or_eng(`set_prop(shell, persist_debug_prop)')
+
+# Allow to read graphics related properties.
+get_prop(shell, graphics_config_prop)

prebuilts/api/30.0/public/property.te

@@ -104,6 +104,7 @@ system_vendor_config_prop(exported_camera_prop)
 system_vendor_config_prop(exported_config_prop)
 system_vendor_config_prop(exported_default_prop)
 system_vendor_config_prop(exported3_default_prop)
+system_vendor_config_prop(graphics_config_prop)
 system_vendor_config_prop(incremental_prop)
 system_vendor_config_prop(media_variant_prop)
 system_vendor_config_prop(storage_config_prop)

private/app.te

@@ -46,3 +46,6 @@ neverallow { appdomain -shell userdebug_or_eng(`-su') }
 
 # Don't allow regular apps access to storage configuration properties.
 neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms;
+
+# Allow to read graphics related properties.
+get_prop(appdomain, graphics_config_prop)

private/compat/29.0/29.0.ignore.cil

@@ -48,6 +48,7 @@
     fwk_automotive_display_hwservice
     gmscore_app
     gnss_device
+    graphics_config_prop
     hal_can_bus_hwservice
     hal_can_controller_hwservice
     hal_identity_service

private/property.te

@@ -399,3 +399,10 @@ neverallow {
   -hal_telephony_server
   not_compatible_property(`-vendor_init')
 } telephony_status_prop:property_service set;
+
+neverallow {
+  -init
+  -vendor_init
+} {
+  graphics_config_prop
+}:property_service set;

private/property_contexts

@@ -851,3 +851,7 @@ telephony.lteOnCdmaDevice         u:object_r:telephony_config_prop:s0 exact int
 persist.dbg.volte_avail_ovr       u:object_r:telephony_config_prop:s0 exact int
 persist.dbg.vt_avail_ovr          u:object_r:telephony_config_prop:s0 exact int
 persist.dbg.wfc_avail_ovr         u:object_r:telephony_config_prop:s0 exact int
+
+# Graphics related properties
+graphics.gpu.profiler.support          u:object_r:graphics_config_prop:s0 exact bool
+graphics.gpu.profiler.vulkan_layer_apk u:object_r:graphics_config_prop:s0 exact string

private/shell.te

@@ -140,3 +140,6 @@ get_prop(shell, system_boot_reason_prop)
 get_prop(shell, init_perf_lsm_hooks_prop)
 
 userdebug_or_eng(`set_prop(shell, persist_debug_prop)')
+
+# Allow to read graphics related properties.
+get_prop(shell, graphics_config_prop)

public/property.te

@@ -114,6 +114,7 @@ system_vendor_config_prop(exported_config_prop)
 system_vendor_config_prop(exported_default_prop)
 system_vendor_config_prop(exported3_default_prop)
 system_vendor_config_prop(ffs_config_prop)
+system_vendor_config_prop(graphics_config_prop)
 system_vendor_config_prop(hdmi_config_prop)
 system_vendor_config_prop(incremental_prop)
 system_vendor_config_prop(lmkd_config_prop)