Merge "sepolicy: allow vendor system native boot experiments property" am: 6d5bb236da am: 3d45f3fd2f

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2183135

Change-Id: I6b145993e76f79042da49d9ae8a9254ba3576856
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil

@@ -18,6 +18,7 @@
     device_config_nnapi_native_prop
     device_config_surface_flinger_native_boot_prop
     device_config_vendor_system_native_prop
+    device_config_vendor_system_native_boot_prop
     dice_maintenance_service
     dice_node_service
     diced

prebuilts/api/33.0/private/flags_health_check.te

@@ -24,6 +24,7 @@ set_prop(flags_health_check, device_config_configuration_prop)
 set_prop(flags_health_check, device_config_connectivity_prop)
 set_prop(flags_health_check, device_config_surface_flinger_native_boot_prop)
 set_prop(flags_health_check, device_config_vendor_system_native_prop)
+set_prop(flags_health_check, device_config_vendor_system_native_boot_prop)
 set_prop(flags_health_check, device_config_virtualization_framework_native_prop)
 
 # system property device_config_boot_count_prop is used for deciding when to perform server

prebuilts/api/33.0/private/property_contexts

@@ -257,6 +257,7 @@ persist.device_config.storage_native_boot.          u:object_r:device_config_sto
 persist.device_config.surface_flinger_native_boot.  u:object_r:device_config_surface_flinger_native_boot_prop:s0
 persist.device_config.swcodec_native.               u:object_r:device_config_swcodec_native_prop:s0
 persist.device_config.vendor_system_native.         u:object_r:device_config_vendor_system_native_prop:s0
+persist.device_config.vendor_system_native_boot.    u:object_r:device_config_vendor_system_native_boot_prop:s0
 persist.device_config.virtualization_framework_native. u:object_r:device_config_virtualization_framework_native_prop:s0
 persist.device_config.window_manager_native_boot.   u:object_r:device_config_window_manager_native_boot_prop:s0
 

prebuilts/api/33.0/private/system_server.te

@@ -752,6 +752,7 @@ set_prop(system_server, device_config_configuration_prop)
 set_prop(system_server, device_config_connectivity_prop)
 set_prop(system_server, device_config_surface_flinger_native_boot_prop)
 set_prop(system_server, device_config_vendor_system_native_prop)
+set_prop(system_server, device_config_vendor_system_native_boot_prop)
 set_prop(system_server, device_config_virtualization_framework_native_prop)
 set_prop(system_server, smart_idle_maint_enabled_prop)
 

prebuilts/api/33.0/public/property.te

@@ -68,6 +68,7 @@ system_restricted_prop(device_config_runtime_native_boot_prop)
 system_restricted_prop(device_config_runtime_native_prop)
 system_restricted_prop(device_config_surface_flinger_native_boot_prop)
 system_restricted_prop(device_config_vendor_system_native_prop)
+system_restricted_prop(device_config_vendor_system_native_boot_prop)
 system_restricted_prop(fingerprint_prop)
 system_restricted_prop(gwp_asan_prop)
 system_restricted_prop(hal_instrumentation_prop)

prebuilts/api/33.0/public/vendor_init.te

@@ -274,6 +274,7 @@ set_prop(vendor_init, dck_prop)
 
 # Allow vendor_init to read vendor_system_native device config changes
 get_prop(vendor_init, device_config_vendor_system_native_prop)
+get_prop(vendor_init, device_config_vendor_system_native_boot_prop)
 
 ###
 ### neverallow rules

private/compat/32.0/32.0.ignore.cil

@@ -18,6 +18,7 @@
     device_config_nnapi_native_prop
     device_config_surface_flinger_native_boot_prop
     device_config_vendor_system_native_prop
+    device_config_vendor_system_native_boot_prop
     dice_maintenance_service
     dice_node_service
     diced

private/flags_health_check.te

@@ -24,6 +24,7 @@ set_prop(flags_health_check, device_config_configuration_prop)
 set_prop(flags_health_check, device_config_connectivity_prop)
 set_prop(flags_health_check, device_config_surface_flinger_native_boot_prop)
 set_prop(flags_health_check, device_config_vendor_system_native_prop)
+set_prop(flags_health_check, device_config_vendor_system_native_boot_prop)
 set_prop(flags_health_check, device_config_virtualization_framework_native_prop)
 set_prop(flags_health_check, device_config_memory_safety_native_prop)
 

private/property_contexts

@@ -262,6 +262,7 @@ persist.device_config.storage_native_boot.          u:object_r:device_config_sto
 persist.device_config.surface_flinger_native_boot.  u:object_r:device_config_surface_flinger_native_boot_prop:s0
 persist.device_config.swcodec_native.               u:object_r:device_config_swcodec_native_prop:s0
 persist.device_config.vendor_system_native.         u:object_r:device_config_vendor_system_native_prop:s0
+persist.device_config.vendor_system_native_boot.    u:object_r:device_config_vendor_system_native_boot_prop:s0
 persist.device_config.virtualization_framework_native. u:object_r:device_config_virtualization_framework_native_prop:s0
 persist.device_config.window_manager_native_boot.   u:object_r:device_config_window_manager_native_boot_prop:s0
 persist.device_config.memory_safety_native.         u:object_r:device_config_memory_safety_native_prop:s0

private/system_server.te

@@ -750,6 +750,7 @@ set_prop(system_server, device_config_configuration_prop)
 set_prop(system_server, device_config_connectivity_prop)
 set_prop(system_server, device_config_surface_flinger_native_boot_prop)
 set_prop(system_server, device_config_vendor_system_native_prop)
+set_prop(system_server, device_config_vendor_system_native_boot_prop)
 set_prop(system_server, device_config_virtualization_framework_native_prop)
 set_prop(system_server, device_config_memory_safety_native_prop)
 set_prop(system_server, smart_idle_maint_enabled_prop)

public/property.te

@@ -68,6 +68,7 @@ system_restricted_prop(device_config_runtime_native_boot_prop)
 system_restricted_prop(device_config_runtime_native_prop)
 system_restricted_prop(device_config_surface_flinger_native_boot_prop)
 system_restricted_prop(device_config_vendor_system_native_prop)
+system_restricted_prop(device_config_vendor_system_native_boot_prop)
 system_restricted_prop(fingerprint_prop)
 system_restricted_prop(gwp_asan_prop)
 system_restricted_prop(hal_instrumentation_prop)

public/vendor_init.te

@@ -274,6 +274,7 @@ set_prop(vendor_init, dck_prop)
 
 # Allow vendor_init to read vendor_system_native device config changes
 get_prop(vendor_init, device_config_vendor_system_native_prop)
+get_prop(vendor_init, device_config_vendor_system_native_boot_prop)
 
 ###
 ### neverallow rules