watchdogd: Add sepolicy for platform watchdog daemon Bug: 238701471 Change-Id: I4eae2c1ea9b2a77df9b2064ab42108584fe61b8c

commit: 343d8ec0520f2adfcf45b080a8c92d1ee9e1312a [log] [tgz]
author: Woody Lin <woodylin@google.com> Thu Jul 14 17:02:51 2022 +0800
committer: Woody Lin <woodylin@google.com> Tue Jul 19 15:13:58 2022 +0800
tree: a725f47fedf035545bbc76be55d49c12f6c0286e
parent: b879b3d1bfd79345d4d4a4840d6e04f5d80aa9e9 [diff]
diff --git a/gs_watchdogd/file_contexts b/gs_watchdogd/file_contexts
new file mode 100644
index 0000000..22dd02b
--- /dev/null
+++ b/gs_watchdogd/file_contexts

@@ -0,0 +1,5 @@
+# Platform watchdogd
+/system_ext/bin/gs_watchdogd            u:object_r:gs_watchdogd_exec:s0
+
+# Devices
+/dev/watchdog[0-9]                      u:object_r:watchdog_device:s0

diff --git a/gs_watchdogd/gs_watchdogd.te b/gs_watchdogd/gs_watchdogd.te
new file mode 100644
index 0000000..0823508
--- /dev/null
+++ b/gs_watchdogd/gs_watchdogd.te

@@ -0,0 +1,10 @@
+# gs_watchdogd seclabel is specified in init.<board>.rc
+type gs_watchdogd, domain, coredomain;
+type gs_watchdogd_exec, system_file_type, exec_type, file_type;
+
+typeattribute gs_watchdogd coredomain;
+init_daemon_domain(gs_watchdogd)
+
+allow gs_watchdogd watchdog_device:chr_file rw_file_perms;
+allow gs_watchdogd kmsg_device:chr_file rw_file_perms;
+allow gs_watchdogd sysfs:dir r_dir_perms;
commit	343d8ec0520f2adfcf45b080a8c92d1ee9e1312a	[log] [tgz]
author	Woody Lin <woodylin@google.com>	Thu Jul 14 17:02:51 2022 +0800
committer	Woody Lin <woodylin@google.com>	Tue Jul 19 15:13:58 2022 +0800
tree	a725f47fedf035545bbc76be55d49c12f6c0286e
parent	b879b3d1bfd79345d4d4a4840d6e04f5d80aa9e9 [diff]