Update sepolicy for adding nnapi_native namespace.

Test: mm Bug: 201399117 Change-Id: I40a2431b6f5a54deae27fe68f503aff9b99e2793
2021-10-05 15:23:18 +01:00 · 2021-10-05 15:23:18 +01:00 · 91d153e9b5
commit 91d153e9b5
parent aedd65ac20
6 changed files with 10 additions and 0 deletions
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil
@ -7,6 +7,7 @@
  ( new_objects
    artd_service
    camera2_extensions_prop
    device_config_nnapi_native_prop
    extra_free_kbytes
    extra_free_kbytes_exec
    hal_contexthub_service
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te
@ -9,6 +9,7 @@ set_prop(flags_health_check, device_config_runtime_native_prop)
 set_prop(flags_health_check, device_config_input_native_boot_prop)
 set_prop(flags_health_check, device_config_lmkd_native_prop)
 set_prop(flags_health_check, device_config_netd_native_prop)
 set_prop(flags_health_check, device_config_nnapi_native_prop)
 set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
 set_prop(flags_health_check, device_config_media_native_prop)
 set_prop(flags_health_check, device_config_profcollect_native_boot_prop)
--- a/private/property_contexts
+++ b/private/property_contexts
@ -241,6 +241,7 @@ persist.device_config.input_native_boot.            u:object_r:device_config_inp
 persist.device_config.lmkd_native.                  u:object_r:device_config_lmkd_native_prop:s0
 persist.device_config.media_native.                 u:object_r:device_config_media_native_prop:s0
 persist.device_config.netd_native.                  u:object_r:device_config_netd_native_prop:s0
 persist.device_config.nnapi_native.                 u:object_r:device_config_nnapi_native_prop:s0
 persist.device_config.profcollect_native_boot.      u:object_r:device_config_profcollect_native_boot_prop:s0
 persist.device_config.runtime_native.               u:object_r:device_config_runtime_native_prop:s0
 persist.device_config.runtime_native_boot.          u:object_r:device_config_runtime_native_boot_prop:s0
--- a/private/system_server.te
+++ b/private/system_server.te
@ -696,6 +696,7 @@ set_prop(system_server, cppreopt_prop)
 # server configurable flags properties
 set_prop(system_server, device_config_input_native_boot_prop)
 set_prop(system_server, device_config_netd_native_prop)
 set_prop(system_server, device_config_nnapi_native_prop)
 set_prop(system_server, device_config_activity_manager_native_boot_prop)
 set_prop(system_server, device_config_runtime_native_boot_prop)
 set_prop(system_server, device_config_runtime_native_prop)
@ -1217,6 +1218,7 @@ neverallow {
  device_config_input_native_boot_prop
  device_config_lmkd_native_prop
  device_config_netd_native_prop
  device_config_nnapi_native_prop
  device_config_runtime_native_boot_prop
  device_config_runtime_native_prop
  device_config_media_native_prop
--- a/public/hal_neuralnetworks.te
+++ b/public/hal_neuralnetworks.te
@ -28,6 +28,10 @@ allow hal_neuralnetworks_server apk_data_file:file { getattr map read };
 # property to determine whether to deny NNAPI extensions use for apps
 # on product partition (apps in GSI are not allowed to use NNAPI extensions).
 get_prop(hal_neuralnetworks_client, nnapi_ext_deny_product_prop);
 # Allow NN HAL client to read device_config_nnapi_native_prop.
 get_prop(hal_neuralnetworks_client, device_config_nnapi_native_prop)
 # This property is only expected to be found in /product/build.prop,
 # allow to be set only by init.
 neverallow { domain -init } nnapi_ext_deny_product_prop:property_service set;
--- a/public/property.te
+++ b/public/property.te
@ -65,6 +65,7 @@ system_restricted_prop(bq_config_prop)
 system_restricted_prop(build_bootimage_prop)
 system_restricted_prop(build_prop)
 system_restricted_prop(charger_status_prop)
 system_restricted_prop(device_config_nnapi_native_prop)
 system_restricted_prop(device_config_runtime_native_boot_prop)
 system_restricted_prop(device_config_runtime_native_prop)
 system_restricted_prop(fingerprint_prop)