Merge "touch: provide permission for TouchInspector app" into udc-d1-dev
diff --git a/touch/touchinspector/sepolicy/file.te b/touch/touchinspector/sepolicy/file.te
new file mode 100644
index 0000000..f9468a0
--- /dev/null
+++ b/touch/touchinspector/sepolicy/file.te
@@ -0,0 +1,3 @@
+userdebug_or_eng(`
+ typeattribute proc_touch mlstrustedobject;
+')
diff --git a/touch/touchinspector/sepolicy/google_touch_app.te b/touch/touchinspector/sepolicy/google_touch_app.te
new file mode 100644
index 0000000..0c6928d
--- /dev/null
+++ b/touch/touchinspector/sepolicy/google_touch_app.te
@@ -0,0 +1,9 @@
+type google_touch_app, domain;
+
+userdebug_or_eng(`
+ app_domain(google_touch_app)
+
+ allow google_touch_app app_api_service:service_manager find;
+
+ allow google_touch_app proc_touch:file rw_file_perms;
+')
diff --git a/touch/touchinspector/sepolicy/seapp_contexts b/touch/touchinspector/sepolicy/seapp_contexts
new file mode 100644
index 0000000..659caf4
--- /dev/null
+++ b/touch/touchinspector/sepolicy/seapp_contexts
@@ -0,0 +1,2 @@
+# Touch app
+user=_app seinfo=platform name=com.google.touch.touchinspector domain=google_touch_app type=app_data_file levelFrom=user
diff --git a/touch/touchinspector/touchinspector.mk b/touch/touchinspector/touchinspector.mk
new file mode 100644
index 0000000..d17d8dc
--- /dev/null
+++ b/touch/touchinspector/touchinspector.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/touchinspector/sepolicy
+
+PRODUCT_PACKAGES_DEBUG += TouchInspector