drgreen/android_device_google_gs-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move sepolicy files from hardware/google/pixel-sepolicy.

Browse Source 
Bug: 325422902
Test: Manual, system booted without sepolicy denied error.
Change-Id: I10d20c0b79acf938bd41dcd640a716369ecf779b
Signed-off-by: Mark Chang <changmark@google.com>
This commit is contained in:
Mark Chang 2024-02-19 06:12:11 +00:00
parent 14c6c627ef
commit 57384abb7e
10 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
touch/twoshay/sepolicy/device.te Normal file
View File

@ -0,0 +1 @@
type touch_offload_device, dev_type;

2
touch/twoshay/sepolicy/dumpstate.te Normal file
View File

@ -0,0 +1,2 @@
allow dumpstate touch_context_service:service_manager find;
binder_call(dumpstate, twoshay)

2
touch/twoshay/sepolicy/file_contexts Normal file
View File

@ -0,0 +1,2 @@
/dev/touch_offload u:object_r:touch_offload_device:s0
/vendor/bin/twoshay u:object_r:twoshay_exec:s0

2
touch/twoshay/sepolicy/hal_dumpstate_default.te Normal file
View File

@ -0,0 +1,2 @@
allow hal_dumpstate_default touch_context_service:service_manager find;
binder_call(hal_dumpstate_default, twoshay)

4
touch/twoshay/sepolicy/platform_app.te Normal file
View File

@ -0,0 +1,4 @@
allow platform_app gril_antenna_tuning_service:service_manager find;
allow platform_app screen_protector_detector_service:service_manager find;
allow platform_app touch_context_service:service_manager find;
binder_call(platform_app, twoshay)

3
touch/twoshay/sepolicy/service.te Normal file
View File

@ -0,0 +1,3 @@
type gril_antenna_tuning_service, service_manager_type, hal_service_type;
type screen_protector_detector_service, service_manager_type, hal_service_type;
type touch_context_service, service_manager_type, hal_service_type;

3
touch/twoshay/sepolicy/service_contexts Normal file
View File

@ -0,0 +1,3 @@
com.google.input.ITouchContextService/default u:object_r:touch_context_service:s0
com.google.input.algos.gril.IGrilAntennaTuningService/default u:object_r:gril_antenna_tuning_service:s0
com.google.input.algos.spd.IScreenProtectorDetectorService/default u:object_r:screen_protector_detector_service:s0

2
touch/twoshay/sepolicy/touchflow_debug/file_contexts Normal file
View File

@ -0,0 +1,2 @@
/vendor/bin/hw/android\.hardware\.input\.processor-reflector u:object_r:hal_input_processor_default_exec:s0
/vendor/bin/twoshay_touchflow u:object_r:twoshay_exec:s0

27
touch/twoshay/sepolicy/twoshay.te Normal file
View File

@ -0,0 +1,27 @@
type twoshay, domain;
type twoshay_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(twoshay)
allow twoshay touch_offload_device:chr_file rw_file_perms;
allow twoshay twoshay:capability sys_nice;
binder_use(twoshay)
add_service(twoshay, gril_antenna_tuning_service)
add_service(twoshay, screen_protector_detector_service)
add_service(twoshay, touch_context_service)
binder_call(twoshay, platform_app)
allow twoshay fwk_stats_service:service_manager find;
binder_call(twoshay, stats_service_server)
# Allow dumpsys output in bugreports.
allow twoshay dumpstate:fd use;
allow twoshay dumpstate:fifo_file write;
# b/198755236
dontaudit twoshay twoshay:capability dac_override;
# b/226830650
dontaudit twoshay boot_status_prop:file read;

3
touch/twoshay/twoshay.mk Normal file
View File

@ -0,0 +1,3 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/twoshay/sepolicy
PRODUCT_PACKAGES += twoshay
PRODUCT_SOONG_NAMESPACES += vendor/google/input/twoshay