Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_google_pixel-sepolicy / 0cc0a15dd94c8f11178ba25d314b1003cef30f4d^2..0cc0a15dd94c8f11178ba25d314b1003cef30f4d / .
commit0cc0a15dd94c8f11178ba25d314b1003cef30f4d[log] [tgz]
authorchenpaul <chenpaul@google.com>Tue Jan 03 08:29:56 2023 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Tue Jan 03 08:29:56 2023 +0000
treeaeb3d4b0419873f3a67f4d45c74cc41df3d635be
parent35db8e4162036f84aa82a31d0e0473307365524e [diff]
parentdb0a7dd6820c5bc77f5e00241390b0e97c616ca0 [diff]
Wifi Diagnostic Tool Sepolicy am: db0a7dd682

Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/20817870

Change-Id: Ie0e23b603bf481625cf3a5786132c00d6aa4e81b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/fingerprint-extension/system_ext/private/file_contexts b/fingerprint-extension/system_ext/private/file_contexts
index e66f969..954424d 100644
--- a/fingerprint-extension/system_ext/private/file_contexts
+++ b/fingerprint-extension/system_ext/private/file_contexts

@@ -1 +1 @@
-/system_ext/bin/fingerprint\.extension\.sh                 u:object_r:init-fingerprint-extension_exec:s0
+/system_ext/bin/fingerprint\.extension                 u:object_r:init-fingerprint-extension_exec:s0

diff --git a/googlebattery/service.te b/googlebattery/service.te
index c363681..e68baa9 100644
--- a/googlebattery/service.te
+++ b/googlebattery/service.te

@@ -1 +1 @@
-type hal_googlebattery_service, vendor_service, service_manager_type;
+type hal_googlebattery_service, hal_service_type, service_manager_type;

diff --git a/hardware_info_app/device.te b/hardware_info_app/device.te
new file mode 100644
index 0000000..ceaf547
--- /dev/null
+++ b/hardware_info_app/device.te

@@ -0,0 +1,2 @@
+# Battery history
+type battery_history_device, dev_type;

diff --git a/hardware_info_app/file.te b/hardware_info_app/file.te
new file mode 100644
index 0000000..f891722
--- /dev/null
+++ b/hardware_info_app/file.te

@@ -0,0 +1,12 @@
+# Storage Health HAL
+type sysfs_scsi_devices_0000, sysfs_type, fs_type;
+
+# PixelStats_vendor
+type sysfs_pixelstats, fs_type, sysfs_type;
+
+# Display
+type sysfs_display, sysfs_type, fs_type;
+
+# SoC
+type sysfs_soc, sysfs_type, fs_type;
+type sysfs_chip_id, sysfs_type, fs_type;

diff --git a/hardware_info_app/hardware_info_app.te b/hardware_info_app/hardware_info_app.te
new file mode 100644
index 0000000..751bb88
--- /dev/null
+++ b/hardware_info_app/hardware_info_app.te

@@ -0,0 +1,26 @@
+type hardware_info_app, domain;
+app_domain(hardware_info_app)
+
+allow hardware_info_app app_api_service:service_manager find;
+
+# Storage
+allow hardware_info_app sysfs_scsi_devices_0000:dir search;
+allow hardware_info_app sysfs_scsi_devices_0000:file r_file_perms;
+
+# Audio
+allow hardware_info_app sysfs_pixelstats:file r_file_perms;
+
+# Batteryinfo
+allow hardware_info_app sysfs_batteryinfo:dir search;
+allow hardware_info_app sysfs_batteryinfo:file r_file_perms;
+
+# Display
+allow hardware_info_app sysfs_display:dir search;
+allow hardware_info_app sysfs_display:file r_file_perms;
+
+# SoC
+allow hardware_info_app sysfs_soc:file r_file_perms;
+allow hardware_info_app sysfs_chip_id:file r_file_perms;
+
+# Batery history
+allow hardware_info_app battery_history_device:chr_file r_file_perms;

diff --git a/hardware_info_app/seapp_contexts b/hardware_info_app/seapp_contexts
new file mode 100644
index 0000000..390f160
--- /dev/null
+++ b/hardware_info_app/seapp_contexts

@@ -0,0 +1,2 @@
+# Hardware Info Collection
+user=_app isPrivApp=true name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user

diff --git a/input/service.te b/input/service.te
index 63681d2..989cd1b 100644
--- a/input/service.te
+++ b/input/service.te

@@ -1 +1 @@
-type touch_context_service, service_manager_type, vendor_service;
+type touch_context_service, service_manager_type, hal_service_type;

diff --git a/storage/vold.te b/storage/vold.te
new file mode 100644
index 0000000..0e40127
--- /dev/null
+++ b/storage/vold.te

@@ -0,0 +1,2 @@
+allow vold sysfs_scsi_devices_0000:file rw_file_perms;
+

diff --git a/wifi_ext/file_contexts b/wifi_ext/file_contexts
index ab8343b..c3e6d84 100644
--- a/wifi_ext/file_contexts
+++ b/wifi_ext/file_contexts

@@ -1,6 +1,8 @@
 # Wifi
 /vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor          u:object_r:hal_wifi_ext_exec:s0
 /vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor-lazy     u:object_r:hal_wifi_ext_exec:s0
+/vendor/bin/hw/vendor\.google\.wifi_ext-service-vendor               u:object_r:hal_wifi_ext_exec:s0
+/vendor/bin/hw/vendor\.google\.wifi_ext-service-vendor-lazy          u:object_r:hal_wifi_ext_exec:s0
 
 # Wifi logger
 /data/vendor/wifi/wlan_logs(/.*)?                               u:object_r:wifi_logging_data_file:s0

diff --git a/wifi_ext/hal_wifi_ext.te b/wifi_ext/hal_wifi_ext.te
index 2ed274e..17a58df 100644
--- a/wifi_ext/hal_wifi_ext.te
+++ b/wifi_ext/hal_wifi_ext.te

@@ -6,6 +6,7 @@
 
 # Allow to start the IWifi:wifi_ext service
 add_hwservice(hal_wifi_ext, hal_wifi_ext_hwservice);
+add_service(hal_wifi_ext, hal_wifi_ext_service)
 
 # Allow to set up bridged interface
 allowxperm hal_wifi_ext self:udp_socket ioctl { SIOCBRADDBR SIOCBRDELBR SIOCBRADDIF SIOCBRDELIF};

diff --git a/wifi_ext/service.te b/wifi_ext/service.te
new file mode 100644
index 0000000..942f3a0
--- /dev/null
+++ b/wifi_ext/service.te

@@ -0,0 +1,2 @@
+# wifi_ext service
+type hal_wifi_ext_service, service_manager_type, hal_service_type;

diff --git a/wifi_ext/service_contexts b/wifi_ext/service_contexts
new file mode 100644
index 0000000..8f782df
--- /dev/null
+++ b/wifi_ext/service_contexts

@@ -0,0 +1,2 @@
+# Wifi
+vendor.google.wifi_ext.IWifiExt/default  u:object_r:hal_wifi_ext_service:s0