Merge "Whitelisting window_manager_native_boot system property" am: b9b2acff99 am: 622e779b7a am: b848357c5f

Change-Id: I213f33b122e7453988496615d7773445085763c5

private/compat/29.0/29.0.ignore.cil

@@ -31,6 +31,7 @@
     dataloader_manager_service
     device_config_storage_native_boot_prop
     device_config_sys_traced_prop
+    device_config_window_manager_native_boot_prop
     exported_camera_prop
     file_integrity_service
     fwk_automotive_display_hwservice

private/property_contexts

@@ -198,6 +198,7 @@ persist.device_config.runtime_native.        u:object_r:device_config_runtime_na
 persist.device_config.runtime_native_boot.   u:object_r:device_config_runtime_native_boot_prop:s0
 persist.device_config.media_native.          u:object_r:device_config_media_native_prop:s0
 persist.device_config.storage_native_boot.   u:object_r:device_config_storage_native_boot_prop:s0
+persist.device_config.window_manager_native_boot. u:object_r:device_config_window_manager_native_boot_prop:s0
 
 # Properties that relate to legacy server configurable flags
 persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0

private/system_server.te

@@ -621,6 +621,7 @@ set_prop(system_server, device_config_runtime_native_prop)
 set_prop(system_server, device_config_media_native_prop)
 set_prop(system_server, device_config_storage_native_boot_prop)
 set_prop(system_server, device_config_sys_traced_prop)
+set_prop(system_server, device_config_window_manager_native_boot_prop)
 
 # BootReceiver to read ro.boot.bootreason
 get_prop(system_server, bootloader_boot_reason_prop)
@@ -1005,6 +1006,7 @@ neverallow {
   device_config_media_native_prop
   device_config_storage_native_boot_prop
   device_config_sys_traced_prop
+  device_config_window_manager_native_boot_prop
 }:property_service set;
 
 # system_server should never be executing dex2oat. This is either

private/zygote.te

@@ -170,6 +170,10 @@ get_prop(zygote, exported_overlay_prop)
 get_prop(zygote, device_config_runtime_native_prop)
 get_prop(zygote, device_config_runtime_native_boot_prop)
 
+# Allow the zygote to access window manager native boot feature flags
+# to initialize WindowManager static properties.
+get_prop(zygote, device_config_window_manager_native_boot_prop)
+
 # ingore spurious denials
 dontaudit zygote self:global_capability_class_set sys_resource;
 

public/flags_health_check.te

@@ -12,6 +12,7 @@ set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
 set_prop(flags_health_check, device_config_media_native_prop)
 set_prop(flags_health_check, device_config_storage_native_boot_prop)
 set_prop(flags_health_check, device_config_sys_traced_prop)
+set_prop(flags_health_check, device_config_window_manager_native_boot_prop)
 
 allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
 allow flags_health_check server_configurable_flags_data_file:file create_file_perms;

public/property.te

@@ -11,6 +11,7 @@ system_internal_prop(device_config_runtime_native_boot_prop)
 system_internal_prop(device_config_runtime_native_prop)
 system_internal_prop(device_config_storage_native_boot_prop)
 system_internal_prop(device_config_sys_traced_prop)
+system_internal_prop(device_config_window_manager_native_boot_prop)
 system_internal_prop(firstboot_prop)
 system_internal_prop(gsid_prop)
 system_internal_prop(init_perf_lsm_hooks_prop)
@@ -632,6 +633,7 @@ compatible_property_only(`
     -device_config_media_native_prop
     -device_config_storage_native_boot_prop
     -device_config_sys_traced_prop
+    -device_config_window_manager_native_boot_prop
     -dynamic_system_prop
     -gsid_prop
     -heapprofd_enabled_prop

public/vendor_init.te

@@ -210,6 +210,7 @@ not_compatible_property(`
       -device_config_media_native_prop
       -device_config_storage_native_boot_prop
       -device_config_sys_traced_prop
+      -device_config_window_manager_native_boot_prop
       -restorecon_prop
       -netd_stable_secret_prop
       -firstboot_prop