From 57384abb7e75807b094b9201057310b85e415dc5 Mon Sep 17 00:00:00 2001 From: Mark Chang Date: Mon, 19 Feb 2024 06:12:11 +0000 Subject: [PATCH] Move sepolicy files from hardware/google/pixel-sepolicy. Bug: 325422902 Test: Manual, system booted without sepolicy denied error. Change-Id: I10d20c0b79acf938bd41dcd640a716369ecf779b Signed-off-by: Mark Chang --- touch/twoshay/sepolicy/device.te | 1 + touch/twoshay/sepolicy/dumpstate.te | 2 ++ touch/twoshay/sepolicy/file_contexts | 2 ++ .../twoshay/sepolicy/hal_dumpstate_default.te | 2 ++ touch/twoshay/sepolicy/platform_app.te | 4 +++ touch/twoshay/sepolicy/service.te | 3 +++ touch/twoshay/sepolicy/service_contexts | 3 +++ .../sepolicy/touchflow_debug/file_contexts | 2 ++ touch/twoshay/sepolicy/twoshay.te | 27 +++++++++++++++++++ touch/twoshay/twoshay.mk | 3 +++ 10 files changed, 49 insertions(+) create mode 100644 touch/twoshay/sepolicy/device.te create mode 100644 touch/twoshay/sepolicy/dumpstate.te create mode 100644 touch/twoshay/sepolicy/file_contexts create mode 100644 touch/twoshay/sepolicy/hal_dumpstate_default.te create mode 100644 touch/twoshay/sepolicy/platform_app.te create mode 100644 touch/twoshay/sepolicy/service.te create mode 100644 touch/twoshay/sepolicy/service_contexts create mode 100644 touch/twoshay/sepolicy/touchflow_debug/file_contexts create mode 100644 touch/twoshay/sepolicy/twoshay.te create mode 100644 touch/twoshay/twoshay.mk diff --git a/touch/twoshay/sepolicy/device.te b/touch/twoshay/sepolicy/device.te new file mode 100644 index 0000000..d3ce622 --- /dev/null +++ b/touch/twoshay/sepolicy/device.te @@ -0,0 +1 @@ +type touch_offload_device, dev_type; diff --git a/touch/twoshay/sepolicy/dumpstate.te b/touch/twoshay/sepolicy/dumpstate.te new file mode 100644 index 0000000..90f14b8 --- /dev/null +++ b/touch/twoshay/sepolicy/dumpstate.te @@ -0,0 +1,2 @@ +allow dumpstate touch_context_service:service_manager find; +binder_call(dumpstate, twoshay) diff --git a/touch/twoshay/sepolicy/file_contexts b/touch/twoshay/sepolicy/file_contexts new file mode 100644 index 0000000..09728be --- /dev/null +++ b/touch/twoshay/sepolicy/file_contexts @@ -0,0 +1,2 @@ +/dev/touch_offload u:object_r:touch_offload_device:s0 +/vendor/bin/twoshay u:object_r:twoshay_exec:s0 diff --git a/touch/twoshay/sepolicy/hal_dumpstate_default.te b/touch/twoshay/sepolicy/hal_dumpstate_default.te new file mode 100644 index 0000000..81edc36 --- /dev/null +++ b/touch/twoshay/sepolicy/hal_dumpstate_default.te @@ -0,0 +1,2 @@ +allow hal_dumpstate_default touch_context_service:service_manager find; +binder_call(hal_dumpstate_default, twoshay) diff --git a/touch/twoshay/sepolicy/platform_app.te b/touch/twoshay/sepolicy/platform_app.te new file mode 100644 index 0000000..ac997a9 --- /dev/null +++ b/touch/twoshay/sepolicy/platform_app.te @@ -0,0 +1,4 @@ +allow platform_app gril_antenna_tuning_service:service_manager find; +allow platform_app screen_protector_detector_service:service_manager find; +allow platform_app touch_context_service:service_manager find; +binder_call(platform_app, twoshay) diff --git a/touch/twoshay/sepolicy/service.te b/touch/twoshay/sepolicy/service.te new file mode 100644 index 0000000..4aa064d --- /dev/null +++ b/touch/twoshay/sepolicy/service.te @@ -0,0 +1,3 @@ +type gril_antenna_tuning_service, service_manager_type, hal_service_type; +type screen_protector_detector_service, service_manager_type, hal_service_type; +type touch_context_service, service_manager_type, hal_service_type; diff --git a/touch/twoshay/sepolicy/service_contexts b/touch/twoshay/sepolicy/service_contexts new file mode 100644 index 0000000..f6aa1db --- /dev/null +++ b/touch/twoshay/sepolicy/service_contexts @@ -0,0 +1,3 @@ +com.google.input.ITouchContextService/default u:object_r:touch_context_service:s0 +com.google.input.algos.gril.IGrilAntennaTuningService/default u:object_r:gril_antenna_tuning_service:s0 +com.google.input.algos.spd.IScreenProtectorDetectorService/default u:object_r:screen_protector_detector_service:s0 diff --git a/touch/twoshay/sepolicy/touchflow_debug/file_contexts b/touch/twoshay/sepolicy/touchflow_debug/file_contexts new file mode 100644 index 0000000..17dfe62 --- /dev/null +++ b/touch/twoshay/sepolicy/touchflow_debug/file_contexts @@ -0,0 +1,2 @@ +/vendor/bin/hw/android\.hardware\.input\.processor-reflector u:object_r:hal_input_processor_default_exec:s0 +/vendor/bin/twoshay_touchflow u:object_r:twoshay_exec:s0 diff --git a/touch/twoshay/sepolicy/twoshay.te b/touch/twoshay/sepolicy/twoshay.te new file mode 100644 index 0000000..cd317a0 --- /dev/null +++ b/touch/twoshay/sepolicy/twoshay.te @@ -0,0 +1,27 @@ +type twoshay, domain; +type twoshay_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(twoshay) + +allow twoshay touch_offload_device:chr_file rw_file_perms; +allow twoshay twoshay:capability sys_nice; + +binder_use(twoshay) +add_service(twoshay, gril_antenna_tuning_service) +add_service(twoshay, screen_protector_detector_service) +add_service(twoshay, touch_context_service) + +binder_call(twoshay, platform_app) + +allow twoshay fwk_stats_service:service_manager find; +binder_call(twoshay, stats_service_server) + +# Allow dumpsys output in bugreports. +allow twoshay dumpstate:fd use; +allow twoshay dumpstate:fifo_file write; + +# b/198755236 +dontaudit twoshay twoshay:capability dac_override; + +# b/226830650 +dontaudit twoshay boot_status_prop:file read; diff --git a/touch/twoshay/twoshay.mk b/touch/twoshay/twoshay.mk new file mode 100644 index 0000000..20bf1ba --- /dev/null +++ b/touch/twoshay/twoshay.mk @@ -0,0 +1,3 @@ +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/twoshay/sepolicy +PRODUCT_PACKAGES += twoshay +PRODUCT_SOONG_NAMESPACES += vendor/google/input/twoshay