Add SELinux rules that are common to XR devices.

This starts by adding rules that enable VrHeadsetPowerPolicy to
get and set some specific system properties.

This is the same change as ag/8549530 except that these rules
now live in device/google/vrservices instead of
device/google/daydream.

Bug: 137202034
Test: Booted into Pixel XR and ran 'adb shell pps-tool.sh info'.
      The service is no longer crashing with an "unable to set
      property" exception and seems to be working properly.
Change-Id: I03acd99a2d660388972fc47f5910ba57fcbf6d99
Merged-In: I03acd99a2d660388972fc47f5910ba57fcbf6d99
(cherry picked from commit 0c3a3d4329ac6d2d67c2226672ff8d8d35c21309)

3 files changed, 15 insertions, 0 deletions

diff --git a/xr/sepolicy/README b/xr/sepolicy/README
new file mode 100644
index 0000000..30daeea
--- /dev/null
+++ b/xr/sepolicy/README
@@ -0,0 +1 @@
+These are SELinux policies that can be shared across XR devices.
diff --git a/xr/sepolicy/property.te b/xr/sepolicy/property.te
new file mode 100644
index 0000000..adad644
--- /dev/null
+++ b/xr/sepolicy/property.te
@@ -0,0 +1,10 @@
+# For VrHeadsetPowerPolicyService.
+type vr_performance_prop, property_type, extended_core_property_type;
+type vr_pps_state_prop, property_type, extended_core_property_type;
+type vr_pps_enabled_prop, property_type;
+
+set_prop(platform_app, vr_performance_prop)
+set_prop(platform_app, vr_pps_state_prop)
+get_prop(platform_app, vr_pps_enabled_prop)
+set_prop(surfaceflinger, vr_performance_prop)
+
diff --git a/xr/sepolicy/property_contexts b/xr/sepolicy/property_contexts
new file mode 100644
index 0000000..6e1a18c
--- /dev/null
+++ b/xr/sepolicy/property_contexts
@@ -0,0 +1,4 @@
+# For VrHeadsetPowerPolicyService.
+persist.sys.pps_enabled    u:object_r:vr_pps_enabled_prop:s0
+sys.pps.state              u:object_r:vr_pps_state_prop:s0
+sys.dvr.performance        u:object_r:vr_performance_prop:s0