move aoc settings to gs-common
Bug: 248426917
Test: boot with aoc launched
Change-Id: I7f3e65f9b27510bff657ca46c9688932a0352437
diff --git a/aoc/sepolicy/aocd.te b/aoc/sepolicy/aocd.te
new file mode 100644
index 0000000..69b0af0
--- /dev/null
+++ b/aoc/sepolicy/aocd.te
@@ -0,0 +1,21 @@
+type aocd, domain;
+type aocd_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(aocd)
+
+# access persist files
+allow aocd mnt_vendor_file:dir search;
+allow aocd persist_file:dir search;
+r_dir_file(aocd, persist_aoc_file);
+
+# sysfs operations
+allow aocd sysfs_aoc:dir search;
+allow aocd sysfs_aoc_firmware:file w_file_perms;
+
+# dev operations
+allow aocd aoc_device:chr_file rw_file_perms;
+
+# allow inotify to watch for additions/removals from /dev
+allow aocd device:dir r_dir_perms;
+
+# set properties
+set_prop(aocd, vendor_aoc_prop)