Label GPU power_policy sysfs node am: a7aa46862d
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16091105
Change-Id: Ia0a271554b8640cd32f1293c8e96405abf9f31b6
diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
deleted file mode 100644
index 9d50844..0000000
--- a/private/mediaprovider_app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-dontaudit mediaprovider_app sysfs_vendor_sched:dir search;
-
diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te
index 1a3571b..fa9d5ce 100644
--- a/tracking_denials/dumpstate.te
+++ b/tracking_denials/dumpstate.te
@@ -1,6 +1,4 @@
# b/185723618
dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find };
-# b/187795940
-dontaudit dumpstate twoshay:binder call;
# b/190337283
dontaudit dumpstate debugfs_wakeup_sources:file read;
diff --git a/usf/sensor_hal.te b/usf/sensor_hal.te
index e071b9b..22a4208 100644
--- a/usf/sensor_hal.te
+++ b/usf/sensor_hal.te
@@ -49,6 +49,12 @@
# Allow sensor HAL to read AoC dumpstate.
allow hal_sensors_default sysfs_aoc_dumpstate:file r_file_perms;
+# Allow access for dynamic sensor properties.
+get_prop(hal_sensors_default, vendor_dynamic_sensor_prop)
+
+# Allow access to raw HID devices for dynamic sensors.
+allow hal_sensors_default hidraw_device:chr_file rw_file_perms;
+
#
# Suez type enforcements.
#
diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te
index bc3c947..7cd2c7f 100644
--- a/whitechapel/vendor/google/device.te
+++ b/whitechapel/vendor/google/device.te
@@ -26,9 +26,6 @@
# Bt Wifi Coexistence device
type wb_coexistence_dev, dev_type;
-# Touch
-type touch_offload_device, dev_type;
-
# LWIS (Lightweight Imaging Subsystem) devices, used by Lyric camera HAL
type lwis_device, dev_type;
@@ -55,3 +52,7 @@
# Battery history
type battery_history_device, dev_type;
+
+# Raw HID device
+type hidraw_device, dev_type;
+
diff --git a/whitechapel/vendor/google/euiccpixel_app.te b/whitechapel/vendor/google/euiccpixel_app.te
index db3d0ae..32f958b 100644
--- a/whitechapel/vendor/google/euiccpixel_app.te
+++ b/whitechapel/vendor/google/euiccpixel_app.te
@@ -10,6 +10,7 @@
set_prop(euiccpixel_app, vendor_secure_element_prop)
set_prop(euiccpixel_app, vendor_modem_prop)
+get_prop(euiccpixel_app, dck_prop)
userdebug_or_eng(`
net_domain(euiccpixel_app)
diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index bc03a78..604e650 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -383,10 +383,6 @@
/vendor/lib(64)?/hw/vulkan\.gs101\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/arm\.graphics-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0
-# Touch
-/dev/touch_offload u:object_r:touch_offload_device:s0
-/vendor/bin/twoshay u:object_r:twoshay_exec:s0
-
# Fingerprint
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
@@ -441,3 +437,7 @@
/vendor/lib64/android\.frameworks\.stats-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/libprotobuf-cpp-lite-3\.9\.1\.so u:object_r:same_process_hal_file:s0
+
+# Raw HID device
+/dev/hidraw[0-9]* u:object_r:hidraw_device:s0
+
diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts
index 386efc8..afdb631 100644
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@@ -69,9 +69,9 @@
# Vibrator
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/4-005a u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l25a u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-0042 u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l25a u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l25a u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l25a-dual u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l25a u:object_r:sysfs_vibrator:s0
# Fingerprint
genfscon sysfs /devices/platform/odm/odm:fp_fpc1020 u:object_r:sysfs_fingerprint:s0
diff --git a/whitechapel/vendor/google/hal_audio_default.te b/whitechapel/vendor/google/hal_audio_default.te
index 5ee9946..1f3edbe 100644
--- a/whitechapel/vendor/google/hal_audio_default.te
+++ b/whitechapel/vendor/google/hal_audio_default.te
@@ -23,6 +23,9 @@
get_prop(hal_audio_default, vendor_audio_prop);
+hal_client_domain(hal_audio_default, hal_health);
+allow hal_audio_default fwk_sensor_hwservice:hwservice_manager find;
+
userdebug_or_eng(`
allow hal_audio_default self:unix_stream_socket create_stream_socket_perms;
allow hal_audio_default audio_vendor_data_file:sock_file { create unlink };
diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te
index b5608c1..612b3c0 100644
--- a/whitechapel/vendor/google/hal_dumpstate_default.te
+++ b/whitechapel/vendor/google/hal_dumpstate_default.te
@@ -64,9 +64,6 @@
allow hal_dumpstate_default sysfs_thermal:file r_file_perms;
allow hal_dumpstate_default sysfs_thermal:lnk_file read;
-allow hal_dumpstate_default touch_context_service:service_manager find;
-binder_call(hal_dumpstate_default, twoshay)
-
# Modem logs
allow hal_dumpstate_default modem_efs_file:dir search;
allow hal_dumpstate_default modem_efs_file:file r_file_perms;
diff --git a/whitechapel/vendor/google/modem_diagnostics.te b/whitechapel/vendor/google/modem_diagnostics.te
index 7908be1..9fa772b 100644
--- a/whitechapel/vendor/google/modem_diagnostics.te
+++ b/whitechapel/vendor/google/modem_diagnostics.te
@@ -29,4 +29,7 @@
allow modem_diagnostic_app modem_img_file:lnk_file r_file_perms;
allow modem_diagnostic_app hal_vendor_oem_hwservice:hwservice_manager find;
+
+ allow modem_diagnostic_app sysfs_batteryinfo:file r_file_perms;
+ allow modem_diagnostic_app sysfs_batteryinfo:dir search;
')
diff --git a/whitechapel/vendor/google/platform_app.te b/whitechapel/vendor/google/platform_app.te
index 66e7721..70480be 100644
--- a/whitechapel/vendor/google/platform_app.te
+++ b/whitechapel/vendor/google/platform_app.te
@@ -13,9 +13,6 @@
allow platform_app fwk_stats_service:service_manager find;
binder_use(platform_app)
-allow platform_app touch_context_service:service_manager find;
-binder_call(platform_app, twoshay)
-
# Fingerprint (UDFPS) GHBM/LHBM toggle
get_prop(platform_app, fingerprint_ghbm_prop)
diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te
index 4b671a4..bb0894f 100644
--- a/whitechapel/vendor/google/property.te
+++ b/whitechapel/vendor/google/property.te
@@ -49,3 +49,7 @@
# Fingerprint
vendor_internal_prop(vendor_fingerprint_fake_prop)
+
+# Dynamic sensor
+vendor_internal_prop(vendor_dynamic_sensor_prop)
+
diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts
index 5d2f018..18a6059 100644
--- a/whitechapel/vendor/google/property_contexts
+++ b/whitechapel/vendor/google/property_contexts
@@ -104,3 +104,7 @@
# Fingerprint
vendor.fingerprint.disable.fake u:object_r:vendor_fingerprint_fake_prop:s0
+
+# Dynamic sensor
+vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0
+
diff --git a/whitechapel/vendor/google/service.te b/whitechapel/vendor/google/service.te
index 99e9948..6012e87 100644
--- a/whitechapel/vendor/google/service.te
+++ b/whitechapel/vendor/google/service.te
@@ -1,4 +1,3 @@
type hal_pixel_display_service, service_manager_type, vendor_service;
type uwb_vendor_service, service_manager_type, vendor_service;
-type touch_context_service, service_manager_type, vendor_service;
type hal_uwb_service, service_manager_type, vendor_service;
diff --git a/whitechapel/vendor/google/service_contexts b/whitechapel/vendor/google/service_contexts
index 687f8cc..9112cd4 100644
--- a/whitechapel/vendor/google/service_contexts
+++ b/whitechapel/vendor/google/service_contexts
@@ -1,4 +1,3 @@
com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0
-com.google.input.ITouchContextService/default u:object_r:touch_context_service:s0
uwb_vendor u:object_r:uwb_vendor_service:s0
hardware.qorvo.uwb.IUwb/default u:object_r:hal_uwb_service:s0
diff --git a/whitechapel/vendor/google/twoshay.te b/whitechapel/vendor/google/twoshay.te
deleted file mode 100644
index fafd064..0000000
--- a/whitechapel/vendor/google/twoshay.te
+++ /dev/null
@@ -1,16 +0,0 @@
-type twoshay, domain;
-type twoshay_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(twoshay)
-
-allow twoshay touch_offload_device:chr_file rw_file_perms;
-allow twoshay twoshay:capability sys_nice;
-
-binder_use(twoshay)
-add_service(twoshay, touch_context_service)
-
-# b/193224954
-dontaudit twoshay twoshay:capability dac_override;
-
-allow twoshay fwk_stats_service:service_manager find;
-binder_call(twoshay, stats_service_server)