From 81a4dd40d69e26ca6a5f62c71b3ae742d86d9ac3 Mon Sep 17 00:00:00 2001
From: Nick Chalko <nchalko@google.com>
Date: Thu, 11 Feb 2021 09:12:51 -0800
Subject: [PATCH] Add sepolicy swcodec native flag namespace.

Test: add sepolicy, build, check GetServerConfigurableFlag function
Bug: 179286276
Change-Id: Ia16d110900251b3fb3e3959d73524c8814199270
---
 private/compat/30.0/30.0.ignore.cil | 1 +
 private/flags_health_check.te       | 1 +
 private/mediaextractor.te           | 1 +
 private/mediaswcodec.te             | 1 +
 private/property.te                 | 1 +
 private/property_contexts           | 1 +
 private/system_server.te            | 2 ++
 7 files changed, 8 insertions(+)

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 3eace9509..1feb9ebd7 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -22,6 +22,7 @@
     debugfs_mm_events_tracing
     device_config_profcollect_native_boot_prop
     device_config_connectivity_prop
+    device_config_swcodec_native_prop
     device_state_service
     dm_user_device
     dmabuf_heap_device
diff --git a/private/flags_health_check.te b/private/flags_health_check.te
index 983bad685..55d1a9a7b 100644
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te
@@ -14,6 +14,7 @@ set_prop(flags_health_check, device_config_profcollect_native_boot_prop)
 set_prop(flags_health_check, device_config_statsd_native_prop)
 set_prop(flags_health_check, device_config_statsd_native_boot_prop)
 set_prop(flags_health_check, device_config_storage_native_boot_prop)
+set_prop(flags_health_check, device_config_swcodec_native_prop)
 set_prop(flags_health_check, device_config_sys_traced_prop)
 set_prop(flags_health_check, device_config_window_manager_native_boot_prop)
 set_prop(flags_health_check, device_config_configuration_prop)
diff --git a/private/mediaextractor.te b/private/mediaextractor.te
index 7f626c440..7bcf5c82f 100644
--- a/private/mediaextractor.te
+++ b/private/mediaextractor.te
@@ -7,3 +7,4 @@ allow mediaextractor mediaserver_tmpfs:file { getattr map read write };
 allow mediaextractor system_server_tmpfs:file { getattr map read write };
 
 get_prop(mediaextractor, device_config_media_native_prop)
+get_prop(mediaextractor, device_config_swcodec_native_prop)
diff --git a/private/mediaswcodec.te b/private/mediaswcodec.te
index cef802d3d..02079c113 100644
--- a/private/mediaswcodec.te
+++ b/private/mediaswcodec.te
@@ -3,3 +3,4 @@ typeattribute mediaswcodec coredomain;
 init_daemon_domain(mediaswcodec)
 
 get_prop(mediaswcodec, device_config_media_native_prop)
+get_prop(mediaswcodec, device_config_swcodec_native_prop)
diff --git a/private/property.te b/private/property.te
index 5dc75b8b9..1ffb8ee4e 100644
--- a/private/property.te
+++ b/private/property.te
@@ -9,6 +9,7 @@ system_internal_prop(device_config_sys_traced_prop)
 system_internal_prop(device_config_window_manager_native_boot_prop)
 system_internal_prop(device_config_configuration_prop)
 system_internal_prop(device_config_connectivity_prop)
+system_internal_prop(device_config_swcodec_native_prop)
 system_internal_prop(fastbootd_protocol_prop)
 system_internal_prop(gsid_prop)
 system_internal_prop(init_perf_lsm_hooks_prop)
diff --git a/private/property_contexts b/private/property_contexts
index 8778016de..ba018a305 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -231,6 +231,7 @@ persist.device_config.runtime_native_boot.          u:object_r:device_config_run
 persist.device_config.statsd_native.                u:object_r:device_config_statsd_native_prop:s0
 persist.device_config.statsd_native_boot.           u:object_r:device_config_statsd_native_boot_prop:s0
 persist.device_config.storage_native_boot.          u:object_r:device_config_storage_native_boot_prop:s0
+persist.device_config.swcodec_native.               u:object_r:device_config_swcodec_native_prop:s0
 persist.device_config.window_manager_native_boot.   u:object_r:device_config_window_manager_native_boot_prop:s0
 
 # Properties that relate to legacy server configurable flags
diff --git a/private/system_server.te b/private/system_server.te
index e1919e201..5daf955dc 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -668,6 +668,7 @@ set_prop(system_server, device_config_profcollect_native_boot_prop)
 set_prop(system_server, device_config_statsd_native_prop)
 set_prop(system_server, device_config_statsd_native_boot_prop)
 set_prop(system_server, device_config_storage_native_boot_prop)
+set_prop(system_server, device_config_swcodec_native_prop)
 set_prop(system_server, device_config_sys_traced_prop)
 set_prop(system_server, device_config_window_manager_native_boot_prop)
 set_prop(system_server, device_config_configuration_prop)
@@ -1138,6 +1139,7 @@ neverallow {
   device_config_media_native_prop
   device_config_storage_native_boot_prop
   device_config_sys_traced_prop
+  device_config_swcodec_native_prop
   device_config_window_manager_native_boot_prop
 }:property_service set;