From 6aa44527b87b74d7e1140d1c74c3aeffcfc4a786 Mon Sep 17 00:00:00 2001
From: Matt Pape <mpape@google.com>
Date: Fri, 7 Dec 2018 08:27:29 -0800
Subject: [PATCH] SEPolicy updates for DeviceConfig Service.

Add a DeviceConfig service in system_server to edit configuration flags.
This is intended to be a command line tool for local overrides and/or
tool for tests that adopt shell permissions.

Test: None
Bug:109919982
Bug:113101834
Change-Id: Ib7bed752849b1ed102747e3202dd7aed48d2c6d5
---
 private/compat/28.0/28.0.ignore.cil | 3 ++-
 private/service_contexts            | 1 +
 public/service.te                   | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index f9f4ebfcc..d85285354 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -20,8 +20,9 @@
     cpu_variant_prop
     dev_cpu_variant
     device_config_boot_count_prop
-    device_config_reset_performed_prop
     device_config_flags_health_check_prop
+    device_config_reset_performed_prop
+    device_config_service
     face_service
     face_vendor_data_file
     fastbootd
diff --git a/private/service_contexts b/private/service_contexts
index 7f1b38f41..43479b32a 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -38,6 +38,7 @@ coverage                                  u:object_r:coverage_service:s0
 cpuinfo                                   u:object_r:cpuinfo_service:s0
 crossprofileapps                          u:object_r:crossprofileapps_service:s0
 dbinfo                                    u:object_r:dbinfo_service:s0
+device_config                             u:object_r:device_config_service:s0
 device_policy                             u:object_r:device_policy_service:s0
 device_identifiers                        u:object_r:device_identifiers_service:s0
 deviceidle                                u:object_r:deviceidle_service:s0
diff --git a/public/service.te b/public/service.te
index ce87ba9ff..8a59bff92 100644
--- a/public/service.te
+++ b/public/service.te
@@ -71,6 +71,7 @@ type country_detector_service, app_api_service, ephemeral_app_api_service, syste
 type coverage_service, system_server_service, service_manager_type;
 type cpuinfo_service, system_api_service, system_server_service, service_manager_type;
 type dbinfo_service, system_api_service, system_server_service, service_manager_type;
+type device_config_service, system_server_service, service_manager_type;
 type device_policy_service, app_api_service, system_server_service, service_manager_type;
 type deviceidle_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type device_identifiers_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-- 
GitLab