From d76d46457ddedbff58d1733407466ac6eea26475 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Mon, 19 Sep 2022 11:27:15 +0800
Subject: [PATCH] move trusty dump from gs201 to gs-common

Bug: 244504232
Test: adb bugreport
Change-Id: I0c286f5e98d5a9c5497f7f89dcd58a8dc0c2b572
---
 trusty/Android.bp              | 10 ++++++++++
 trusty/dump_trusty.sh          |  3 +++
 trusty/sepolicy/device.te      |  1 +
 trusty/sepolicy/dump_trusty.te |  4 ++++
 trusty/sepolicy/file_contexts  |  3 +++
 trusty/trusty.mk               |  3 +++
 6 files changed, 24 insertions(+)
 create mode 100644 trusty/Android.bp
 create mode 100644 trusty/dump_trusty.sh
 create mode 100644 trusty/sepolicy/device.te
 create mode 100644 trusty/sepolicy/dump_trusty.te
 create mode 100644 trusty/sepolicy/file_contexts
 create mode 100644 trusty/trusty.mk

diff --git a/trusty/Android.bp b/trusty/Android.bp
new file mode 100644
index 0000000..536fbd3
--- /dev/null
+++ b/trusty/Android.bp
@@ -0,0 +1,10 @@
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+sh_binary {
+    name: "dump_trusty.sh",
+    src: "dump_trusty.sh",
+    vendor: true,
+    sub_dir: "dump",
+}
diff --git a/trusty/dump_trusty.sh b/trusty/dump_trusty.sh
new file mode 100644
index 0000000..9592cd3
--- /dev/null
+++ b/trusty/dump_trusty.sh
@@ -0,0 +1,3 @@
+#!/vendor/bin/sh
+echo "--- Trusty TEE0 Logs ---"
+cat /dev/trusty-log0
diff --git a/trusty/sepolicy/device.te b/trusty/sepolicy/device.te
new file mode 100644
index 0000000..bb85670
--- /dev/null
+++ b/trusty/sepolicy/device.te
@@ -0,0 +1 @@
+type trusty_log_device, dev_type;
diff --git a/trusty/sepolicy/dump_trusty.te b/trusty/sepolicy/dump_trusty.te
new file mode 100644
index 0000000..d4e0d6e
--- /dev/null
+++ b/trusty/sepolicy/dump_trusty.te
@@ -0,0 +1,4 @@
+pixel_bugreport(dump_trusty)
+
+allow dump_trusty trusty_log_device:chr_file r_file_perms;
+allow dump_trusty vendor_toolbox_exec:file execute_no_trans;
diff --git a/trusty/sepolicy/file_contexts b/trusty/sepolicy/file_contexts
new file mode 100644
index 0000000..d961e84
--- /dev/null
+++ b/trusty/sepolicy/file_contexts
@@ -0,0 +1,3 @@
+/vendor/bin/dump/dump_trusty\.sh      u:object_r:dump_trusty_exec:s0
+
+/dev/trusty-log0                      u:object_r:trusty_log_device:s0
diff --git a/trusty/trusty.mk b/trusty/trusty.mk
new file mode 100644
index 0000000..1786817
--- /dev/null
+++ b/trusty/trusty.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/trusty/sepolicy
+
+PRODUCT_PACKAGES += dump_trusty.sh