Merge "Move gxp sepolicies to gs-common" into main

gxp/dump.mk

@@ -1,4 +0,0 @@
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gxp/sepolicy/
-
-PRODUCT_PACKAGES_DEBUG += dump_gxp
-

gxp/gxp.mk

@@ -0,0 +1,13 @@
+# GXP logging service
+PRODUCT_PACKAGES += \
+	android.hardware.gxp.logging@service-gxp-logging
+# GXP metrics logger library
+PRODUCT_PACKAGES += \
+	gxp_metrics_logger
+# GXP C-API library
+PRODUCT_PACKAGES += libgxp
+# GXP Debug dump.
+PRODUCT_PACKAGES_DEBUG += dump_gxp
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gxp/sepolicy
+

gxp/sepolicy/device.te

@@ -0,0 +1,2 @@
+# GXP device
+type gxp_device, dev_type, mlstrustedobject;

gxp/sepolicy/dump_gxp.te

@@ -7,5 +7,7 @@ userdebug_or_eng(`
   allow dump_gxp sscoredump_vendor_data_coredump_file:file r_file_perms;
   allow dump_gxp sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
   allow dump_gxp sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+  # Allow dump_gxp to access gxp properties.
+  get_prop(google_camera_app, vendor_gxp_prop)
 ')
 

gxp/sepolicy/file.te

@@ -0,0 +1,2 @@
+# Gxp sysfs file
+type sysfs_gxp, sysfs_type, fs_type;

gxp/sepolicy/file_contexts

@@ -1,2 +1,12 @@
+# GXP Vendor library
+/vendor/lib(64)?/libgxp\.so                                                 u:object_r:same_process_hal_file:s0
+
+# GXP logging service
+/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging          u:object_r:gxp_logging_exec:s0
+
+# GXP Metrics Collection Library
+/vendor/lib(64)?/gxp_metrics_logger\.so                                     u:object_r:same_process_hal_file:s0
+
+# Allow collection of debug dump.
 /vendor/bin/dump/dump_gxp                                                   u:object_r:dump_gxp_exec:s0
 

gxp/sepolicy/gxp_logging.te

@@ -0,0 +1,21 @@
+type gxp_logging, domain;
+type gxp_logging_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gxp_logging)
+
+# The logging service accesses /dev/gxp
+allow gxp_logging gxp_device:chr_file rw_file_perms;
+
+# Allow logging service to access /sys/class/gxp
+allow gxp_logging sysfs_gxp:dir search;
+allow gxp_logging sysfs_gxp:file rw_file_perms;
+
+# Allow logging service to log to stats service for reporting metrics.
+allow gxp_logging fwk_stats_service:service_manager find;
+binder_call(gxp_logging, system_server);
+binder_use(gxp_logging)
+
+# Allow logging service to read gxp properties.
+get_prop(gxp_logging, vendor_gxp_prop)
+
+# Allow gxp tracing service to send packets to Perfetto
+userdebug_or_eng(`perfetto_producer(gxp_logging)')

gxp/sepolicy/hal_camera_default.te

@@ -0,0 +1,3 @@
+# Allow the camera hal to access the GXP device and Properties.
+allow hal_camera_default gxp_device:chr_file rw_file_perms;
+get_prop(hal_camera_default, vendor_gxp_prop)

gxp/sepolicy/property.te

@@ -0,0 +1,3 @@
+# Gxp Android properties
+system_vendor_config_prop(vendor_gxp_prop)
+

gxp/sepolicy/property_contexts

@@ -0,0 +1,3 @@
+# GXP Android Property.
+vendor.gxp.                                u:object_r:vendor_gxp_prop:s0
+

gxp/sepolicy/vendor_init.te

@@ -0,0 +1,3 @@
+# Gxp Android Properties.
+set_prop(vendor_init, vendor_gxp_prop)
+