Merge "Allow graphics_config_writable_prop to be modified." am: 10c06cea0d am: 1db27fde47 am: e8157979c1

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2574331 Change-Id: I4f3114d5d98dd252a14ae0b6a081f40a4b94e7f8 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-04 18:57:52 +00:00 · 2023-05-04 18:57:52 +00:00 · d45f8ed733
commit d45f8ed733
parent 8212b528ce e8157979c1
4 changed files with 5 additions and 1 deletions
--- a/private/gpuservice.te
+++ b/private/gpuservice.te
@ -64,6 +64,8 @@ add_service(gpuservice, gpu_service)
 # Needed for enabling write access to persist.graphics.egl from developer option switch UI, through gpuservice.
 set_prop(gpuservice, graphics_config_writable_prop)

+neverallow { domain -init -vendor_init -gpuservice } graphics_config_writable_prop:property_service set;
+
 # Needed for querying permission
 allow gpuservice permission_service:service_manager find;

--- a/public/property.te
+++ b/public/property.te
@ -102,7 +102,6 @@ system_restricted_prop(usb_prop)
 system_restricted_prop(userspace_reboot_exported_prop)
 system_restricted_prop(vold_status_prop)
 system_restricted_prop(vts_status_prop)
-system_restricted_prop(graphics_config_writable_prop)


 compatible_property_only(`
@ -225,6 +224,7 @@ system_public_prop(future_pm_prop)
 system_public_prop(ffs_control_prop)
 system_public_prop(framework_status_prop)
 system_public_prop(gesture_prop)
+system_public_prop(graphics_config_writable_prop)
 system_public_prop(hal_dumpstate_config_prop)
 system_public_prop(sota_prop)
 system_public_prop(hwservicemanager_prop)
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@ -251,6 +251,7 @@ set_prop(vendor_init, lmkd_prop)
 set_prop(vendor_init, logd_prop)
 set_prop(vendor_init, log_tag_prop)
 set_prop(vendor_init, log_prop)
+set_prop(vendor_init, graphics_config_writable_prop)
 set_prop(vendor_init, qemu_hw_prop)
 set_prop(vendor_init, radio_control_prop)
 set_prop(vendor_init, rebootescrow_hal_prop)
--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
@ -13,6 +13,7 @@ get_prop(hal_camera_default, device_config_camera_native_prop);

 # Allow reading graphics properties, specifically for EGL blobcache mode
 get_prop(hal_camera_default, graphics_config_prop);
+get_prop(hal_camera_default, graphics_config_writable_prop);

 # For collecting bugreports.
 allow hal_camera_default dumpstate:fd use;