Merge "[SEPolicy][sota_app]Move sota_app to gs-common." into udc-d1-dev am: 89ee4a6375 am: 5e6b0cc8d6 am: 00a2093ab7
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs-common/+/23658709
Change-Id: I5d01c648a99a2ca726254a82cbbb6f0f5966431c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/dauntless/sepolicy/citadeld.te b/dauntless/sepolicy/citadeld.te
index 86cb61c..60c633c 100644
--- a/dauntless/sepolicy/citadeld.te
+++ b/dauntless/sepolicy/citadeld.te
@@ -11,3 +11,5 @@
allow citadeld citadel_device:chr_file rw_file_perms;
allow citadeld fwk_stats_service:service_manager find;
allow citadeld hal_power_stats_vendor_service:service_manager find;
+
+set_prop(citadeld, vendor_nos_citadel_version);
diff --git a/dauntless/sepolicy/property.te b/dauntless/sepolicy/property.te
new file mode 100644
index 0000000..2e1c4ec
--- /dev/null
+++ b/dauntless/sepolicy/property.te
@@ -0,0 +1 @@
+vendor_internal_prop(vendor_nos_citadel_version)
diff --git a/dauntless/sepolicy/property_contexts b/dauntless/sepolicy/property_contexts
new file mode 100644
index 0000000..835de17
--- /dev/null
+++ b/dauntless/sepolicy/property_contexts
@@ -0,0 +1 @@
+vendor.nos.citadel.version u:object_r:vendor_nos_citadel_version:s0
diff --git a/gpu/gpu.mk b/gpu/gpu.mk
new file mode 100644
index 0000000..d1c3a6d
--- /dev/null
+++ b/gpu/gpu.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gpu/sepolicy
+
+PRODUCT_PACKAGES += gpu_probe
diff --git a/gpu/sepolicy/file_contexts b/gpu/sepolicy/file_contexts
new file mode 100644
index 0000000..3752908
--- /dev/null
+++ b/gpu/sepolicy/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/gpu_probe u:object_r:gpu_probe_exec:s0
diff --git a/gpu/sepolicy/gpu_probe.te b/gpu/sepolicy/gpu_probe.te
new file mode 100644
index 0000000..d8ffb78
--- /dev/null
+++ b/gpu/sepolicy/gpu_probe.te
@@ -0,0 +1,8 @@
+# gpu_probe
+type gpu_probe_exec, exec_type, vendor_file_type, file_type;
+type gpu_probe, domain;
+
+init_daemon_domain(gpu_probe)
+allow gpu_probe gpu_device:chr_file rw_file_perms;
+
+perfetto_producer(gpu_probe)
diff --git a/pixelsystemservice/pixelsystemservice.mk b/pixelsystemservice/pixelsystemservice.mk
new file mode 100644
index 0000000..fcabe89
--- /dev/null
+++ b/pixelsystemservice/pixelsystemservice.mk
@@ -0,0 +1,5 @@
+PRODUCT_SOONG_NAMESPACES += vendor/google/apps/PersistentBackgroundServices
+PRODUCT_PACKAGES += \
+ PersistentBackgroundServices
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/pixelsystemservice/sepolicy
diff --git a/pixelsystemservice/sepolicy/pixelsystemservice_app.te b/pixelsystemservice/sepolicy/pixelsystemservice_app.te
new file mode 100644
index 0000000..f120058
--- /dev/null
+++ b/pixelsystemservice/sepolicy/pixelsystemservice_app.te
@@ -0,0 +1,6 @@
+type pixelsystemservice_app, domain, coredomain;
+
+app_domain(pixelsystemservice_app);
+
+# Standard system services
+allow pixelsystemservice_app app_api_service:service_manager find;
diff --git a/pixelsystemservice/sepolicy/seapp_contexts b/pixelsystemservice/sepolicy/seapp_contexts
new file mode 100644
index 0000000..f1c1262
--- /dev/null
+++ b/pixelsystemservice/sepolicy/seapp_contexts
@@ -0,0 +1,2 @@
+# Pixel System Service
+user=_app seinfo=platform name=com.google.android.pixelsystemservice domain=pixelsystemservice_app type=app_data_file levelFrom=all