Allow suspend_control to access xHCI wakeup node am: a506ed1e06
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16370946
Change-Id: I17198ed93403abe1b6526b385218847616b52c5b
diff --git a/edgetpu/file_contexts b/edgetpu/file_contexts
index 9255e74..dcaacdc 100644
--- a/edgetpu/file_contexts
+++ b/edgetpu/file_contexts
@@ -6,12 +6,12 @@
# EdgeTPU service binaries and libraries
/system_ext/bin/hw/vendor\.google\.edgetpu_app_service@1\.0-service u:object_r:edgetpu_app_server_exec:s0
-/vendor/lib64/com\.google\.edgetpu_app_service-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/com\.google\.edgetpu_app_service-V1-ndk\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/libedgetpu_client\.google\.so u:object_r:same_process_hal_file:s0
# EdgeTPU vendor service
/vendor/bin/hw/vendor\.google\.edgetpu_vendor_service@1\.0-service u:object_r:edgetpu_vendor_server_exec:s0
-/vendor/lib64/com\.google\.edgetpu_vendor_service-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/com\.google\.edgetpu_vendor_service-V1-ndk\.so u:object_r:same_process_hal_file:s0
# EdgeTPU runtime libraries
/vendor/lib64/libedgetpu_util\.so u:object_r:same_process_hal_file:s0
diff --git a/whitechapel/vendor/google/dumpstate.te b/whitechapel/vendor/google/dumpstate.te
index d4dd87b..cdf6e8e 100644
--- a/whitechapel/vendor/google/dumpstate.te
+++ b/whitechapel/vendor/google/dumpstate.te
@@ -1,6 +1,6 @@
dump_hal(hal_telephony)
dump_hal(hal_graphics_composer)
-dump_hal(hal_uwb)
+dump_hal(hal_uwb_vendor)
userdebug_or_eng(`
allow dumpstate media_rw_data_file:file append;
diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index 604e650..a708d8d 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -177,7 +177,7 @@
/data/vendor/camera(/.*)? u:object_r:vendor_camera_data_file:s0
/vendor/lib(64)?/lib_aion_buffer\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGralloc4Wrapper\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/pixel-power-ext-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/pixel-power-ext-V1-ndk\.so u:object_r:same_process_hal_file:s0
/dev/stmvl53l1_ranging u:object_r:rls_device:s0
@@ -352,7 +352,7 @@
# Uwb
# R4
-/vendor/bin/hw/hardware\.qorvo\.uwb-service u:object_r:hal_uwb_default_exec:s0
+/vendor/bin/hw/hardware\.qorvo\.uwb-service u:object_r:hal_uwb_vendor_default_exec:s0
/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0
/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0
/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0
@@ -381,7 +381,7 @@
/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/gralloc\.gs101\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/vulkan\.gs101\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/arm\.graphics-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/arm\.graphics-V1-ndk\.so u:object_r:same_process_hal_file:s0
# Fingerprint
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
@@ -434,7 +434,7 @@
/vendor/bin/wlc_upt/wlc_fw_update\.sh u:object_r:wlcfwupdate_exec:s0
# Statsd service to support EdgeTPU metrics logging service.
-/vendor/lib64/android\.frameworks\.stats-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/libprotobuf-cpp-lite-3\.9\.1\.so u:object_r:same_process_hal_file:s0
diff --git a/whitechapel/vendor/google/hal_uwb.te b/whitechapel/vendor/google/hal_uwb.te
deleted file mode 100644
index d099568..0000000
--- a/whitechapel/vendor/google/hal_uwb.te
+++ /dev/null
@@ -1,15 +0,0 @@
-# HwBinder IPC from client to server
-binder_call(hal_uwb_client, hal_uwb_server)
-binder_call(hal_uwb_server, hal_uwb_client)
-
-hal_attribute_service(hal_uwb, hal_uwb_service)
-
-binder_call(hal_uwb_server, servicemanager)
-
-# allow hal_uwb to set wpan interfaces up and down
-allow hal_uwb self:udp_socket create_socket_perms;
-allowxperm hal_uwb self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR SIOCETHTOOL };
-allow hal_uwb self:global_capability_class_set { net_admin };
-
-# allow hal_uwb to speak to nl802154 in the kernel
-allow hal_uwb self:netlink_generic_socket create_socket_perms_no_ioctl;
diff --git a/whitechapel/vendor/google/hal_uwb_default.te b/whitechapel/vendor/google/hal_uwb_default.te
deleted file mode 100644
index 8165dc2..0000000
--- a/whitechapel/vendor/google/hal_uwb_default.te
+++ /dev/null
@@ -1,11 +0,0 @@
-type hal_uwb_default, domain;
-type hal_uwb_default_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(hal_uwb_default)
-
-add_service(hal_uwb_default, hal_uwb_service)
-
-hal_server_domain(hal_uwb_default, hal_uwb)
-binder_call(hal_uwb_default, uwb_vendor_app)
-
-allow hal_uwb_default uwb_data_vendor:dir create_dir_perms;
-allow hal_uwb_default uwb_data_vendor:file create_file_perms;
diff --git a/whitechapel/vendor/google/hal_uwb_vendor.te b/whitechapel/vendor/google/hal_uwb_vendor.te
new file mode 100644
index 0000000..ccfc170
--- /dev/null
+++ b/whitechapel/vendor/google/hal_uwb_vendor.te
@@ -0,0 +1,15 @@
+# HwBinder IPC from client to server
+binder_call(hal_uwb_vendor_client, hal_uwb_vendor_server)
+binder_call(hal_uwb_vendor_server, hal_uwb_vendor_client)
+
+hal_attribute_service(hal_uwb_vendor, hal_uwb_vendor_service)
+
+binder_call(hal_uwb_vendor_server, servicemanager)
+
+# allow hal_uwb_vendor to set wpan interfaces up and down
+allow hal_uwb_vendor self:udp_socket create_socket_perms;
+allowxperm hal_uwb_vendor self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR SIOCETHTOOL };
+allow hal_uwb_vendor self:global_capability_class_set { net_admin };
+
+# allow hal_uwb_vendor to speak to nl802154 in the kernel
+allow hal_uwb_vendor self:netlink_generic_socket create_socket_perms_no_ioctl;
diff --git a/whitechapel/vendor/google/hal_uwb_vendor_default.te b/whitechapel/vendor/google/hal_uwb_vendor_default.te
new file mode 100644
index 0000000..9361687
--- /dev/null
+++ b/whitechapel/vendor/google/hal_uwb_vendor_default.te
@@ -0,0 +1,11 @@
+type hal_uwb_vendor_default, domain;
+type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_uwb_vendor_default)
+
+add_service(hal_uwb_vendor_default, hal_uwb_vendor_service)
+
+hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor)
+binder_call(hal_uwb_vendor_default, uwb_vendor_app)
+
+allow hal_uwb_vendor_default uwb_data_vendor:dir create_dir_perms;
+allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms;
\ No newline at end of file
diff --git a/whitechapel/vendor/google/service.te b/whitechapel/vendor/google/service.te
index 6012e87..aa60e3f 100644
--- a/whitechapel/vendor/google/service.te
+++ b/whitechapel/vendor/google/service.te
@@ -1,3 +1,3 @@
type hal_pixel_display_service, service_manager_type, vendor_service;
type uwb_vendor_service, service_manager_type, vendor_service;
-type hal_uwb_service, service_manager_type, vendor_service;
+type hal_uwb_vendor_service, service_manager_type, vendor_service;
diff --git a/whitechapel/vendor/google/service_contexts b/whitechapel/vendor/google/service_contexts
index 9112cd4..812105a 100644
--- a/whitechapel/vendor/google/service_contexts
+++ b/whitechapel/vendor/google/service_contexts
@@ -1,3 +1,3 @@
com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0
uwb_vendor u:object_r:uwb_vendor_service:s0
-hardware.qorvo.uwb.IUwb/default u:object_r:hal_uwb_service:s0
+hardware.qorvo.uwb.IUwb/default u:object_r:hal_uwb_vendor_service:s0
diff --git a/whitechapel/vendor/google/uwb_vendor_app.te b/whitechapel/vendor/google/uwb_vendor_app.te
index 7a9dddc..8822343 100644
--- a/whitechapel/vendor/google/uwb_vendor_app.te
+++ b/whitechapel/vendor/google/uwb_vendor_app.te
@@ -5,20 +5,19 @@
add_service(uwb_vendor_app, uwb_vendor_service)
not_recovery(`
-hal_client_domain(uwb_vendor_app, hal_uwb)
+hal_client_domain(uwb_vendor_app, hal_uwb_vendor)
allow uwb_vendor_app app_api_service:service_manager find;
-allow uwb_vendor_app hal_uwb_service:service_manager find;
+allow uwb_vendor_app hal_uwb_vendor_service:service_manager find;
allow uwb_vendor_app nfc_service:service_manager find;
allow uwb_vendor_app radio_service:service_manager find;
allow uwb_vendor_app uwb_vendor_data_file:file create_file_perms;
allow uwb_vendor_app uwb_vendor_data_file:dir create_dir_perms;
+allow hal_uwb_vendor_default self:global_capability_class_set { sys_nice };
+allow hal_uwb_vendor_default kernel:process { setsched };
get_prop(uwb_vendor_app, vendor_secure_element_prop)
-allow hal_uwb_default self:global_capability_class_set { sys_nice };
-allow hal_uwb_default kernel:process { setsched };
-
-binder_call(uwb_vendor_app, hal_uwb_default)
+binder_call(uwb_vendor_app, hal_uwb_vendor_default)
')