commit d5e44df4bb934f337d2e987b2e088b46af4173f0
author Yen-Chao Chen <davidycchen@google.com> Tue May 02 14:35:08 2023 +0800
committer Yen-Chao Chen <davidycchen@google.com> Tue May 02 14:39:23 2023 +0800
tree 2c0c3dee058f01c0cac2324f2fe4bf27ef913c1e
parent fb8529da4d3cf2d3e76be6734402007037e15cc8

touch: provide permission for TouchInspector app

avc:  denied  { write } for  name="driver_test" dev="proc"
ino=4026535975 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1
app=com.google.touch.touchinspector

avc:  denied  { open } for  path="/proc/fts/driver_test" dev="proc"
ino=4026535975 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1
app=com.google.touch.touchinspector

avc:  denied  { getattr } for  path="/proc/fts/driver_test"
dev="proc" ino=4026535975 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1
app=com.google.touch.touchinspector

avc:  denied  { read } for  name="driver_test" dev="proc"
ino=4026535975 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:proc_touch:s0 tclass=file permissive=1
app=com.google.touch.touchinspector

Bug: 279675034
Test: trigger touch calibration by the app.

Change-Id: Ib1621aa0fd3f10c2e12d7ec8930908ca77c615bb
Signed-off-by: Yen-Chao Chen <davidycchen@google.com>

touch/touchinspector/sepolicy/file.te

diff --git a/touch/touchinspector/sepolicy/file.te b/touch/touchinspector/sepolicy/file.te
new file mode 100644
index 0000000..f9468a0
--- /dev/null
+++ b/touch/touchinspector/sepolicy/file.te
@@ -0,0 +1,3 @@
+userdebug_or_eng(`
+    typeattribute proc_touch mlstrustedobject;
+')

touch/touchinspector/sepolicy/google_touch_app.te

diff --git a/touch/touchinspector/sepolicy/google_touch_app.te b/touch/touchinspector/sepolicy/google_touch_app.te
new file mode 100644
index 0000000..0c6928d
--- /dev/null
+++ b/touch/touchinspector/sepolicy/google_touch_app.te
@@ -0,0 +1,9 @@
+type google_touch_app, domain;
+
+userdebug_or_eng(`
+  app_domain(google_touch_app)
+
+  allow google_touch_app app_api_service:service_manager find;
+
+  allow google_touch_app proc_touch:file rw_file_perms;
+')

touch/touchinspector/sepolicy/seapp_contexts

diff --git a/touch/touchinspector/sepolicy/seapp_contexts b/touch/touchinspector/sepolicy/seapp_contexts
new file mode 100644
index 0000000..659caf4
--- /dev/null
+++ b/touch/touchinspector/sepolicy/seapp_contexts
@@ -0,0 +1,2 @@
+# Touch app
+user=_app seinfo=platform name=com.google.touch.touchinspector domain=google_touch_app type=app_data_file levelFrom=user

touch/touchinspector/touchinspector.mk

diff --git a/touch/touchinspector/touchinspector.mk b/touch/touchinspector/touchinspector.mk
new file mode 100644
index 0000000..d17d8dc
--- /dev/null
+++ b/touch/touchinspector/touchinspector.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/touchinspector/sepolicy
+
+PRODUCT_PACKAGES_DEBUG += TouchInspector