From 678fb46c3c3072ec5a0fa2b7d3a346a20b06bfa8 Mon Sep 17 00:00:00 2001
From: Klines Jiang <klinesjiang@google.com>
Date: Tue, 22 Aug 2023 03:32:15 +0000
Subject: [PATCH] [SELinux] Add gyotaku_app doamin to gs-common.

Bug: 296836878

Test: Local build and tested pass.
Change-Id: Ie76c7017098b7f5d4a8703c40e3c9e87e80f2801
Merged-In: Ie76c7017098b7f5d4a8703c40e3c9e87e80f2801
---
 gyotaku_app/gyotaku.mk              |  8 ++++++++
 gyotaku_app/sepolicy/gyotaku_app.te | 25 +++++++++++++++++++++++++
 gyotaku_app/sepolicy/seapp_contexts |  2 ++
 3 files changed, 35 insertions(+)
 create mode 100644 gyotaku_app/gyotaku.mk
 create mode 100644 gyotaku_app/sepolicy/gyotaku_app.te
 create mode 100644 gyotaku_app/sepolicy/seapp_contexts

diff --git a/gyotaku_app/gyotaku.mk b/gyotaku_app/gyotaku.mk
new file mode 100644
index 0000000..d1d45c0
--- /dev/null
+++ b/gyotaku_app/gyotaku.mk
@@ -0,0 +1,8 @@
+ifneq ($(TARGET_BUILD_VARIANT), user)
+  ifeq (,$(filter aosp_%, $(TARGET_PRODUCT))) # Skip aosp target product
+    PRODUCT_PACKAGES_DEBUG += \
+        Gyotaku
+
+    BOARD_SEPOLICY_DIRS += device/google/gs-common/gyotaku_app/sepolicy/
+  endif
+endif
diff --git a/gyotaku_app/sepolicy/gyotaku_app.te b/gyotaku_app/sepolicy/gyotaku_app.te
new file mode 100644
index 0000000..80123cf
--- /dev/null
+++ b/gyotaku_app/sepolicy/gyotaku_app.te
@@ -0,0 +1,25 @@
+type gyotaku_app, domain;
+
+userdebug_or_eng(`
+  app_domain(gyotaku_app)
+  net_domain(gyotaku_app)
+
+  # For Gyotaku app common use
+  allow gyotaku_app app_api_service:service_manager find;
+  allow gyotaku_app privapp_data_file:lnk_file read;
+  allow gyotaku_app system_app_data_file:dir create_dir_perms;
+  allow gyotaku_app system_app_data_file:file create_file_perms;
+
+  # For access /proc/fs/f2fs/* storage use
+  allow gyotaku_app proc_f2fs:dir search;
+  allow gyotaku_app proc_f2fs:file r_file_perms;
+
+  # For access /proc/stat use
+  allow gyotaku_app proc_stat:file r_file_perms;
+
+  # For getproperty isDebuggable use
+  get_prop(gyotaku_app, userdebug_or_eng_prop)
+
+  # For persistent property use
+  get_prop(gyotaku_app, logpersistd_logging_prop);
+')
diff --git a/gyotaku_app/sepolicy/seapp_contexts b/gyotaku_app/sepolicy/seapp_contexts
new file mode 100644
index 0000000..b1c6248
--- /dev/null
+++ b/gyotaku_app/sepolicy/seapp_contexts
@@ -0,0 +1,2 @@
+# Gyotaku app
+user=system seinfo=platform name=com.google.android.apps.internal.gyotaku domain=gyotaku_app type=system_app_data_file levelFrom=all