Allow vendor_init to read AVF device configs

Bug: 192819132
Test: build
Change-Id: Iefa4d2d2dc0a13a9a6c95779d6ebde5cb2834295

private/property.te

@@ -43,6 +43,9 @@ system_internal_prop(ctl_mediatranscoding_prop)
 system_internal_prop(ctl_odsign_prop)
 system_internal_prop(virtualizationservice_prop)
 
+# Properties which can't be written outside system
+system_restricted_prop(device_config_virtualization_framework_native_prop)
+
 ###
 ### Neverallow rules
 ###

private/property_contexts

@@ -249,6 +249,7 @@ persist.device_config.statsd_native_boot.           u:object_r:device_config_sta
 persist.device_config.storage_native_boot.          u:object_r:device_config_storage_native_boot_prop:s0
 persist.device_config.surface_flinger_native_boot.  u:object_r:device_config_surface_flinger_native_boot_prop:s0
 persist.device_config.swcodec_native.               u:object_r:device_config_swcodec_native_prop:s0
+persist.device_config.virtualization_framework_native. u:object_r:device_config_virtualization_framework_native_prop:s0
 persist.device_config.window_manager_native_boot.   u:object_r:device_config_window_manager_native_boot_prop:s0
 
 # MM Events config props

private/vendor_init.te

@@ -9,6 +9,9 @@ allow vendor_init system_data_root_file:dir rw_dir_perms;
 # Let vendor_init set service.adb.tcp.port.
 set_prop(vendor_init, adbd_config_prop)
 
+# Let vendor_init react to AVF device config changes
+get_prop(vendor_init, device_config_virtualization_framework_native_prop)
+
 # chown/chmod on devices, e.g. /dev/ttyHS0
 allow vendor_init {
   dev_type