selinux policy for buffer queue config

Test: boot and check for no policy violations

Change-Id: I1ea2a79b9a45b503dcb061c196c5af1d0ddab653

private/compat/29.0/29.0.ignore.cil

@@ -24,6 +24,7 @@
     binderfs_logs
     binderfs_logs_proc
     boringssl_self_test
+    bq_config_prop
     charger_prop
     cold_boot_done_prop
     platform_compat_service

private/domain.te

@@ -67,6 +67,9 @@ get_prop(domain, linker_prop);
 # Read access to sdkextensions props
 get_prop(domain, module_sdkextensions_prop)
 
+# Read access to bq configuration values
+get_prop(domain, bq_config_prop);
+
 # For now, everyone can access core property files
 # Device specific properties are not granted by default
 not_compatible_property(`

private/property_contexts

@@ -235,3 +235,9 @@ persist.com.android.sdkext.          u:object_r:module_sdkextensions_prop:s0
 # Userspace reboot properties
 sys.userspace_reboot.log.         u:object_r:userspace_reboot_log_prop:s0
 persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0
+
+# Integer property which is used in libgui to configure the number of frames
+# tracked by buffer queue's frame event timing history. The property is set
+# by devices with video decoding pipelines long enough to overflow the default
+# history size.
+ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0

public/property.te

@@ -64,6 +64,7 @@ compatible_property_only(`
 # Properties used by binder caches
 system_restricted_prop(binder_cache_bluetooth_server_prop)
 system_restricted_prop(binder_cache_system_server_prop)
+system_restricted_prop(bq_config_prop)
 system_restricted_prop(linker_prop)
 system_restricted_prop(module_sdkextensions_prop)
 system_restricted_prop(nnapi_ext_deny_product_prop)