From 019653dd200702724c34dcfe3339c73c8c73c587 Mon Sep 17 00:00:00 2001
From: Inseob Kim <inseob@google.com>
Date: Wed, 13 Sep 2023 04:24:29 +0000
Subject: [PATCH] Move brownout_detection definition to system_ext

Because brownout detection app is installed to system_ext.

Bug: 296512192
Test: build panther and boot
Test: Automatically filed b/300277478
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:155ec7653f2aaf01ca0495c2fcd51ea5728bbb04)
Merged-In: Ia381f01bbfeb8576a4f9b58ca24aeeeb436060b7
Change-Id: Ia381f01bbfeb8576a4f9b58ca24aeeeb436060b7
---
 battery_mitigation/bcl.mk                            |  4 +++-
 .../sepolicy/brownout_detection_app.te               | 12 ------------
 .../system_ext/private/brownout_detection_app.te     |  8 ++++++++
 .../sepolicy/{ => system_ext/private}/seapp_contexts |  0
 .../system_ext/public/brownout_detection_app.te      |  1 +
 .../sepolicy/{ => vendor}/battery_mitigation.te      |  0
 .../sepolicy/vendor/brownout_detection_app.te        |  3 +++
 battery_mitigation/sepolicy/{ => vendor}/file.te     |  0
 .../sepolicy/{ => vendor}/file_contexts              |  0
 .../sepolicy/{ => vendor}/genfs_contexts             |  0
 battery_mitigation/sepolicy/{ => vendor}/property.te |  0
 .../sepolicy/{ => vendor}/property_contexts          |  0
 .../sepolicy/{ => vendor}/vendor_init.te             |  0
 13 files changed, 15 insertions(+), 13 deletions(-)
 delete mode 100644 battery_mitigation/sepolicy/brownout_detection_app.te
 create mode 100644 battery_mitigation/sepolicy/system_ext/private/brownout_detection_app.te
 rename battery_mitigation/sepolicy/{ => system_ext/private}/seapp_contexts (100%)
 create mode 100644 battery_mitigation/sepolicy/system_ext/public/brownout_detection_app.te
 rename battery_mitigation/sepolicy/{ => vendor}/battery_mitigation.te (100%)
 create mode 100644 battery_mitigation/sepolicy/vendor/brownout_detection_app.te
 rename battery_mitigation/sepolicy/{ => vendor}/file.te (100%)
 rename battery_mitigation/sepolicy/{ => vendor}/file_contexts (100%)
 rename battery_mitigation/sepolicy/{ => vendor}/genfs_contexts (100%)
 rename battery_mitigation/sepolicy/{ => vendor}/property.te (100%)
 rename battery_mitigation/sepolicy/{ => vendor}/property_contexts (100%)
 rename battery_mitigation/sepolicy/{ => vendor}/vendor_init.te (100%)

diff --git a/battery_mitigation/bcl.mk b/battery_mitigation/bcl.mk
index 87e0f95..2973d2f 100644
--- a/battery_mitigation/bcl.mk
+++ b/battery_mitigation/bcl.mk
@@ -3,5 +3,7 @@ ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
 PRODUCT_PACKAGES += BrownoutDetection
 endif
 
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/battery_mitigation/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/battery_mitigation/sepolicy/vendor
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/battery_mitigation/sepolicy/system_ext/private
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/battery_mitigation/sepolicy/system_ext/public
 PRODUCT_SOONG_NAMESPACES += device/google/gs-common/battery_mitigation
diff --git a/battery_mitigation/sepolicy/brownout_detection_app.te b/battery_mitigation/sepolicy/brownout_detection_app.te
deleted file mode 100644
index b8d1380..0000000
--- a/battery_mitigation/sepolicy/brownout_detection_app.te
+++ /dev/null
@@ -1,12 +0,0 @@
-type brownout_detection_app, domain, coredomain;
-
-# TODO(b/296512192): move brownout_detection_app out of vendor sepolicy
-typeattribute brownout_detection_app vendor_seapp_assigns_coredomain_violators;
-
-userdebug_or_eng(`
-  app_domain(brownout_detection_app)
-  net_domain(brownout_detection_app)
-  allow brownout_detection_app app_api_service:service_manager find;
-  allow brownout_detection_app system_api_service:service_manager find;
-  get_prop(brownout_detection_app, vendor_brownout_reason_prop)
-')
diff --git a/battery_mitigation/sepolicy/system_ext/private/brownout_detection_app.te b/battery_mitigation/sepolicy/system_ext/private/brownout_detection_app.te
new file mode 100644
index 0000000..c342cbf
--- /dev/null
+++ b/battery_mitigation/sepolicy/system_ext/private/brownout_detection_app.te
@@ -0,0 +1,8 @@
+typeattribute brownout_detection_app coredomain;
+
+userdebug_or_eng(`
+  app_domain(brownout_detection_app)
+  net_domain(brownout_detection_app)
+  allow brownout_detection_app app_api_service:service_manager find;
+  allow brownout_detection_app system_api_service:service_manager find;
+')
diff --git a/battery_mitigation/sepolicy/seapp_contexts b/battery_mitigation/sepolicy/system_ext/private/seapp_contexts
similarity index 100%
rename from battery_mitigation/sepolicy/seapp_contexts
rename to battery_mitigation/sepolicy/system_ext/private/seapp_contexts
diff --git a/battery_mitigation/sepolicy/system_ext/public/brownout_detection_app.te b/battery_mitigation/sepolicy/system_ext/public/brownout_detection_app.te
new file mode 100644
index 0000000..7eec57a
--- /dev/null
+++ b/battery_mitigation/sepolicy/system_ext/public/brownout_detection_app.te
@@ -0,0 +1 @@
+type brownout_detection_app, domain;
diff --git a/battery_mitigation/sepolicy/battery_mitigation.te b/battery_mitigation/sepolicy/vendor/battery_mitigation.te
similarity index 100%
rename from battery_mitigation/sepolicy/battery_mitigation.te
rename to battery_mitigation/sepolicy/vendor/battery_mitigation.te
diff --git a/battery_mitigation/sepolicy/vendor/brownout_detection_app.te b/battery_mitigation/sepolicy/vendor/brownout_detection_app.te
new file mode 100644
index 0000000..e2c602f
--- /dev/null
+++ b/battery_mitigation/sepolicy/vendor/brownout_detection_app.te
@@ -0,0 +1,3 @@
+userdebug_or_eng(`
+  get_prop(brownout_detection_app, vendor_brownout_reason_prop)
+')
diff --git a/battery_mitigation/sepolicy/file.te b/battery_mitigation/sepolicy/vendor/file.te
similarity index 100%
rename from battery_mitigation/sepolicy/file.te
rename to battery_mitigation/sepolicy/vendor/file.te
diff --git a/battery_mitigation/sepolicy/file_contexts b/battery_mitigation/sepolicy/vendor/file_contexts
similarity index 100%
rename from battery_mitigation/sepolicy/file_contexts
rename to battery_mitigation/sepolicy/vendor/file_contexts
diff --git a/battery_mitigation/sepolicy/genfs_contexts b/battery_mitigation/sepolicy/vendor/genfs_contexts
similarity index 100%
rename from battery_mitigation/sepolicy/genfs_contexts
rename to battery_mitigation/sepolicy/vendor/genfs_contexts
diff --git a/battery_mitigation/sepolicy/property.te b/battery_mitigation/sepolicy/vendor/property.te
similarity index 100%
rename from battery_mitigation/sepolicy/property.te
rename to battery_mitigation/sepolicy/vendor/property.te
diff --git a/battery_mitigation/sepolicy/property_contexts b/battery_mitigation/sepolicy/vendor/property_contexts
similarity index 100%
rename from battery_mitigation/sepolicy/property_contexts
rename to battery_mitigation/sepolicy/vendor/property_contexts
diff --git a/battery_mitigation/sepolicy/vendor_init.te b/battery_mitigation/sepolicy/vendor/vendor_init.te
similarity index 100%
rename from battery_mitigation/sepolicy/vendor_init.te
rename to battery_mitigation/sepolicy/vendor/vendor_init.te