Put gs_watchdog settings to one place
Bug: 248428203
Test: gs_watchdog is still in system_ext
Change-Id: Iaa0e1871a4459af02a004f7b3b2861b53709c608
diff --git a/device.mk b/device.mk
index c0f39f6..dc79997 100644
--- a/device.mk
+++ b/device.mk
@@ -21,9 +21,3 @@
PRODUCT_PROPERTY_OVERRIDES += \
vendor.media.omx=0
-# Platform watchdogd
-PRODUCT_PACKAGES += gs_watchdogd
-PRODUCT_SOONG_NAMESPACES += \
- device/google/gs-common/gs_watchdogd
-SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += \
- hardware/google/pixel-sepolicy/gs_watchdogd
diff --git a/gs_watchdogd/sepolicy/file_contexts b/gs_watchdogd/sepolicy/file_contexts
new file mode 100644
index 0000000..22dd02b
--- /dev/null
+++ b/gs_watchdogd/sepolicy/file_contexts
@@ -0,0 +1,5 @@
+# Platform watchdogd
+/system_ext/bin/gs_watchdogd u:object_r:gs_watchdogd_exec:s0
+
+# Devices
+/dev/watchdog[0-9] u:object_r:watchdog_device:s0
diff --git a/gs_watchdogd/sepolicy/gs_watchdogd.te b/gs_watchdogd/sepolicy/gs_watchdogd.te
new file mode 100644
index 0000000..538f870
--- /dev/null
+++ b/gs_watchdogd/sepolicy/gs_watchdogd.te
@@ -0,0 +1,9 @@
+# gs_watchdogd seclabel is specified in init.<board>.rc
+type gs_watchdogd, domain, coredomain;
+type gs_watchdogd_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(gs_watchdogd)
+
+allow gs_watchdogd watchdog_device:chr_file rw_file_perms;
+allow gs_watchdogd kmsg_device:chr_file rw_file_perms;
+allow gs_watchdogd sysfs:dir r_dir_perms;
diff --git a/gs_watchdogd/watchdog.mk b/gs_watchdogd/watchdog.mk
new file mode 100644
index 0000000..69cbbbd
--- /dev/null
+++ b/gs_watchdogd/watchdog.mk
@@ -0,0 +1,6 @@
+# Platform watchdogd
+PRODUCT_PACKAGES += gs_watchdogd
+PRODUCT_SOONG_NAMESPACES += \
+ device/google/gs-common/gs_watchdogd
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += \
+ device/google/gs-common/gs_watchdogd/sepolicy