sepolicy updates for adding native flag namespace for lmkd

sepolicy updates for running lmkd experiments.

Bug: 194316048
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I21df3b76cce925639385111bd23adf419f026a65
Merged-In: I21df3b76cce925639385111bd23adf419f026a65
(cherry picked from commit 3f95dc1e5be6d6588e6e73de2a7aab8dd2279191)
Merged-In:I21df3b76cce925639385111bd23adf419f026a65

10 files changed, 16 insertions, 0 deletions

diff --git a/prebuilts/api/31.0/private/flags_health_check.te b/prebuilts/api/31.0/private/flags_health_check.te
index 55d1a9a7b..6b15a3513 100644
--- a/prebuilts/api/31.0/private/flags_health_check.te
+++ b/prebuilts/api/31.0/private/flags_health_check.te
@@ -7,6 +7,7 @@ set_prop(flags_health_check, device_config_reset_performed_prop)
 set_prop(flags_health_check, device_config_runtime_native_boot_prop)
 set_prop(flags_health_check, device_config_runtime_native_prop)
 set_prop(flags_health_check, device_config_input_native_boot_prop)
+set_prop(flags_health_check, device_config_lmkd_native_prop)
 set_prop(flags_health_check, device_config_netd_native_prop)
 set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
 set_prop(flags_health_check, device_config_media_native_prop)
diff --git a/prebuilts/api/31.0/private/lmkd.te b/prebuilts/api/31.0/private/lmkd.te
index ec9a93e29..aee1b7f19 100644
--- a/prebuilts/api/31.0/private/lmkd.te
+++ b/prebuilts/api/31.0/private/lmkd.te
@@ -8,6 +8,9 @@ set_prop(lmkd, system_lmk_prop)
 # Set lmkd.* properties.
 set_prop(lmkd, lmkd_prop)
 
+# Get persist.device_config.lmk_native.* properties.
+get_prop(lmkd, device_config_lmkd_native_prop)
+
 allow lmkd fs_bpf:dir search;
 allow lmkd fs_bpf:file read;
 allow lmkd bpfloader:bpf map_read;
diff --git a/prebuilts/api/31.0/private/property.te b/prebuilts/api/31.0/private/property.te
index 29f4f1a0f..587cf5e2f 100644
--- a/prebuilts/api/31.0/private/property.te
+++ b/prebuilts/api/31.0/private/property.te
@@ -1,6 +1,7 @@
 # Properties used only in /system
 system_internal_prop(adbd_prop)
 system_internal_prop(ctl_snapuserd_prop)
+system_internal_prop(device_config_lmkd_native_prop)
 system_internal_prop(device_config_profcollect_native_boot_prop)
 system_internal_prop(device_config_statsd_native_prop)
 system_internal_prop(device_config_statsd_native_boot_prop)
diff --git a/prebuilts/api/31.0/private/property_contexts b/prebuilts/api/31.0/private/property_contexts
index 4cec7348d..79b7a30ed 100644
--- a/prebuilts/api/31.0/private/property_contexts
+++ b/prebuilts/api/31.0/private/property_contexts
@@ -237,6 +237,7 @@ persist.device_config.attempted_boot_count          u:object_r:device_config_boo
 persist.device_config.configuration.                u:object_r:device_config_configuration_prop:s0
 persist.device_config.connectivity.                 u:object_r:device_config_connectivity_prop:s0
 persist.device_config.input_native_boot.            u:object_r:device_config_input_native_boot_prop:s0
+persist.device_config.lmkd_native.                  u:object_r:device_config_lmkd_native_prop:s0
 persist.device_config.media_native.                 u:object_r:device_config_media_native_prop:s0
 persist.device_config.netd_native.                  u:object_r:device_config_netd_native_prop:s0
 persist.device_config.profcollect_native_boot.      u:object_r:device_config_profcollect_native_boot_prop:s0
diff --git a/prebuilts/api/31.0/private/system_server.te b/prebuilts/api/31.0/private/system_server.te
index 73301c1e9..82b2a1f06 100644
--- a/prebuilts/api/31.0/private/system_server.te
+++ b/prebuilts/api/31.0/private/system_server.te
@@ -698,6 +698,7 @@ set_prop(system_server, device_config_netd_native_prop)
 set_prop(system_server, device_config_activity_manager_native_boot_prop)
 set_prop(system_server, device_config_runtime_native_boot_prop)
 set_prop(system_server, device_config_runtime_native_prop)
+set_prop(system_server, device_config_lmkd_native_prop)
 set_prop(system_server, device_config_media_native_prop)
 set_prop(system_server, device_config_profcollect_native_boot_prop)
 set_prop(system_server, device_config_statsd_native_prop)
@@ -1213,6 +1214,7 @@ neverallow {
   device_config_activity_manager_native_boot_prop
   device_config_connectivity_prop
   device_config_input_native_boot_prop
+  device_config_lmkd_native_prop
   device_config_netd_native_prop
   device_config_runtime_native_boot_prop
   device_config_runtime_native_prop
diff --git a/private/flags_health_check.te b/private/flags_health_check.te
index 55d1a9a7b..6b15a3513 100644
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te
@@ -7,6 +7,7 @@ set_prop(flags_health_check, device_config_reset_performed_prop)
 set_prop(flags_health_check, device_config_runtime_native_boot_prop)
 set_prop(flags_health_check, device_config_runtime_native_prop)
 set_prop(flags_health_check, device_config_input_native_boot_prop)
+set_prop(flags_health_check, device_config_lmkd_native_prop)
 set_prop(flags_health_check, device_config_netd_native_prop)
 set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
 set_prop(flags_health_check, device_config_media_native_prop)
diff --git a/private/lmkd.te b/private/lmkd.te
index ec9a93e29..aee1b7f19 100644
--- a/private/lmkd.te
+++ b/private/lmkd.te
@@ -8,6 +8,9 @@ set_prop(lmkd, system_lmk_prop)
 # Set lmkd.* properties.
 set_prop(lmkd, lmkd_prop)
 
+# Get persist.device_config.lmk_native.* properties.
+get_prop(lmkd, device_config_lmkd_native_prop)
+
 allow lmkd fs_bpf:dir search;
 allow lmkd fs_bpf:file read;
 allow lmkd bpfloader:bpf map_read;
diff --git a/private/property.te b/private/property.te
index 29f4f1a0f..587cf5e2f 100644
--- a/private/property.te
+++ b/private/property.te
@@ -1,6 +1,7 @@
 # Properties used only in /system
 system_internal_prop(adbd_prop)
 system_internal_prop(ctl_snapuserd_prop)
+system_internal_prop(device_config_lmkd_native_prop)
 system_internal_prop(device_config_profcollect_native_boot_prop)
 system_internal_prop(device_config_statsd_native_prop)
 system_internal_prop(device_config_statsd_native_boot_prop)
diff --git a/private/property_contexts b/private/property_contexts
index 4cec7348d..79b7a30ed 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -237,6 +237,7 @@ persist.device_config.attempted_boot_count          u:object_r:device_config_boo
 persist.device_config.configuration.                u:object_r:device_config_configuration_prop:s0
 persist.device_config.connectivity.                 u:object_r:device_config_connectivity_prop:s0
 persist.device_config.input_native_boot.            u:object_r:device_config_input_native_boot_prop:s0
+persist.device_config.lmkd_native.                  u:object_r:device_config_lmkd_native_prop:s0
 persist.device_config.media_native.                 u:object_r:device_config_media_native_prop:s0
 persist.device_config.netd_native.                  u:object_r:device_config_netd_native_prop:s0
 persist.device_config.profcollect_native_boot.      u:object_r:device_config_profcollect_native_boot_prop:s0
diff --git a/private/system_server.te b/private/system_server.te
index 73301c1e9..82b2a1f06 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -698,6 +698,7 @@ set_prop(system_server, device_config_netd_native_prop)
 set_prop(system_server, device_config_activity_manager_native_boot_prop)
 set_prop(system_server, device_config_runtime_native_boot_prop)
 set_prop(system_server, device_config_runtime_native_prop)
+set_prop(system_server, device_config_lmkd_native_prop)
 set_prop(system_server, device_config_media_native_prop)
 set_prop(system_server, device_config_profcollect_native_boot_prop)
 set_prop(system_server, device_config_statsd_native_prop)
@@ -1213,6 +1214,7 @@ neverallow {
   device_config_activity_manager_native_boot_prop
   device_config_connectivity_prop
   device_config_input_native_boot_prop
+  device_config_lmkd_native_prop
   device_config_netd_native_prop
   device_config_runtime_native_boot_prop
   device_config_runtime_native_prop