[automerger skipped] add support for Google Battery HAL am: 973a6abd75 am: 290836ea35 -s ours
am skip reason: Change-Id Idb3d2af52d13dd8c1fd26eefeaa9852c94358981 with SHA-1 6b075317c4 is in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/12153501
Change-Id: Idac8cea7547c29040258c693aaaacb839f6fc12f
diff --git a/citadel/file_contexts b/citadel/file_contexts
index d749e46..fd80454 100644
--- a/citadel/file_contexts
+++ b/citadel/file_contexts
@@ -4,6 +4,7 @@
/vendor/bin/hw/android\.hardware\.keymaster@4\.1-service\.citadel u:object_r:hal_keymaster_citadel_exec:s0
/vendor/bin/hw/android\.hardware\.rebootescrow-service\.citadel u:object_r:hal_rebootescrow_citadel_exec:s0
/vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel u:object_r:hal_weaver_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.identity@1\.0-service\.citadel u:object_r:hal_identity_citadel_exec:s0
/vendor/bin/hw/citadel_updater u:object_r:citadel_updater_exec:s0
/vendor/bin/hw/citadeld u:object_r:citadeld_exec:s0
/vendor/bin/hw/init_citadel u:object_r:init_citadel_exec:s0
diff --git a/citadel/hal_identity_citadel.te b/citadel/hal_identity_citadel.te
new file mode 100644
index 0000000..e29310c
--- /dev/null
+++ b/citadel/hal_identity_citadel.te
@@ -0,0 +1,9 @@
+type hal_identity_citadel, domain;
+type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type;
+
+vndbinder_use(hal_identity_citadel)
+binder_call(hal_identity_citadel, citadeld)
+allow hal_identity_citadel citadeld_service:service_manager find;
+
+hal_server_domain(hal_identity_citadel, hal_identity)
+init_daemon_domain(hal_identity_citadel)
diff --git a/ramdump/bug_map b/ramdump/bug_map
new file mode 100644
index 0000000..27412d8
--- /dev/null
+++ b/ramdump/bug_map
@@ -0,0 +1,2 @@
+ramdump vendor_hw_plat_prop file 161103878
+ramdump public_vendor_default_prop file 161103878
diff --git a/ramdump/common/file.te b/ramdump/common/file.te
new file mode 100644
index 0000000..e1382df
--- /dev/null
+++ b/ramdump/common/file.te
@@ -0,0 +1,2 @@
+type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
+type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject;
diff --git a/ramdump/common/file_contexts b/ramdump/common/file_contexts
new file mode 100644
index 0000000..c0c087f
--- /dev/null
+++ b/ramdump/common/file_contexts
@@ -0,0 +1,2 @@
+/data/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_data_file:s0
+/mnt/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_mnt_file:s0
diff --git a/ramdump/common/property.te b/ramdump/common/property.te
new file mode 100644
index 0000000..51a37c8
--- /dev/null
+++ b/ramdump/common/property.te
@@ -0,0 +1 @@
+type vendor_ramdump_prop, property_type;
diff --git a/ramdump/common/property_contexts b/ramdump/common/property_contexts
new file mode 100644
index 0000000..25749fa
--- /dev/null
+++ b/ramdump/common/property_contexts
@@ -0,0 +1,2 @@
+ro.boot.ramdump u:object_r:vendor_ramdump_prop:s0
+vendor.debug.ramdump. u:object_r:vendor_ramdump_prop:s0
diff --git a/ramdump/file.te b/ramdump/file.te
new file mode 100644
index 0000000..3fa2b2f
--- /dev/null
+++ b/ramdump/file.te
@@ -0,0 +1 @@
+allow ramdump_vendor_mnt_file self:filesystem associate;
diff --git a/ramdump/file_contexts b/ramdump/file_contexts
new file mode 100644
index 0000000..590e61b
--- /dev/null
+++ b/ramdump/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/ramdump u:object_r:ramdump_exec:s0
diff --git a/ramdump/ramdump.te b/ramdump/ramdump.te
new file mode 100644
index 0000000..d8f0335
--- /dev/null
+++ b/ramdump/ramdump.te
@@ -0,0 +1,39 @@
+type ramdump_exec, exec_type, vendor_file_type, file_type;
+type ramdump, domain;
+
+userdebug_or_eng(`
+ init_daemon_domain(ramdump)
+
+ set_prop(ramdump, vendor_ramdump_prop)
+
+ # f2fs set pin file requires sys_admin
+ allow ramdump self:capability { sys_admin sys_rawio };
+
+ allow ramdump ramdump_vendor_data_file:dir create_dir_perms;
+ allow ramdump ramdump_vendor_data_file:file create_file_perms;
+ allow ramdump proc_cmdline:file r_file_perms;
+
+ allow ramdump block_device:dir search;
+ allow ramdump misc_block_device:blk_file rw_file_perms;
+ allow ramdump userdata_block_device:blk_file rw_file_perms;
+
+ dontaudit ramdump metadata_file:dir search;
+
+ # read /fstab.${ro.hardware}
+ allow ramdump rootfs:file r_file_perms;
+
+ r_dir_file(ramdump, sysfs_type)
+
+ # To access statsd.
+ hwbinder_use(ramdump)
+ get_prop(ramdump, hwservicemanager_prop)
+ allow ramdump fwk_stats_hwservice:hwservice_manager find;
+ binder_call(ramdump, stats_service_server)
+
+ # To implement fusefs (ramdumpfs) under /mnt/vendor/ramdump.
+ allow ramdump fuse:filesystem relabelfrom;
+ allow ramdump fuse_device:chr_file rw_file_perms;
+ allow ramdump mnt_vendor_file:dir r_dir_perms;
+ allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton };
+ allow ramdump ramdump_vendor_mnt_file:filesystem { mount unmount relabelfrom relabelto };
+')
diff --git a/vibrator/common/file_contexts b/vibrator/common/file_contexts
index 8bdbb99..d1b1060 100644
--- a/vibrator/common/file_contexts
+++ b/vibrator/common/file_contexts
@@ -1 +1,2 @@
-/mnt/vendor/persist/haptics(/.*)? u:object_r:persist_haptics_file:s0
+/mnt/vendor/persist/haptics(/.*)? u:object_r:persist_haptics_file:s0
+/persist/haptics(/.*)? u:object_r:persist_haptics_file:s0
diff --git a/vibrator/common/property.te b/vibrator/common/property.te
new file mode 100644
index 0000000..3036935
--- /dev/null
+++ b/vibrator/common/property.te
@@ -0,0 +1 @@
+type vendor_vibrator_prop, property_type;
diff --git a/vibrator/drv2624/hal_vibrator_default.te b/vibrator/drv2624/hal_vibrator_default.te
new file mode 100644
index 0000000..e015251
--- /dev/null
+++ b/vibrator/drv2624/hal_vibrator_default.te
@@ -0,0 +1,7 @@
+allow hal_vibrator_default sysfs_leds:dir search;
+
+allow hal_vibrator_default mnt_vendor_file:dir search;
+allow hal_vibrator_default persist_file:dir search;
+r_dir_file(hal_vibrator_default, persist_haptics_file)
+
+get_prop(hal_vibrator_default, vendor_vibrator_prop);
diff --git a/vibrator/drv2624/property_contexts b/vibrator/drv2624/property_contexts
new file mode 100644
index 0000000..f008230
--- /dev/null
+++ b/vibrator/drv2624/property_contexts
@@ -0,0 +1 @@
+ro.vibrator.hal. u:object_r:vendor_vibrator_prop:s0
diff --git a/vibrator/drv2624/vendor_init.te b/vibrator/drv2624/vendor_init.te
new file mode 100644
index 0000000..417a40c
--- /dev/null
+++ b/vibrator/drv2624/vendor_init.te
@@ -0,0 +1 @@
+set_prop(vendor_init, vendor_vibrator_prop)
diff --git a/wifi_ext/file_contexts b/wifi_ext/file_contexts
new file mode 100644
index 0000000..acbd266
--- /dev/null
+++ b/wifi_ext/file_contexts
@@ -0,0 +1,3 @@
+# Wifi
+/vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor u:object_r:hal_wifi_ext_exec:s0
+/vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor-lazy u:object_r:hal_wifi_ext_exec:s0
diff --git a/wifi_ext/hal_wifi_ext.te b/wifi_ext/hal_wifi_ext.te
new file mode 100644
index 0000000..091f211
--- /dev/null
+++ b/wifi_ext/hal_wifi_ext.te
@@ -0,0 +1,8 @@
+type hal_wifi_ext, domain;
+hal_server_domain(hal_wifi_ext, hal_wifi)
+
+type hal_wifi_ext_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_wifi_ext)
+
+# Allow to start the IWifi:wifi_ext service
+add_hwservice(hal_wifi_ext, hal_wifi_ext_hwservice);
diff --git a/wifi_ext/hwservice.te b/wifi_ext/hwservice.te
new file mode 100644
index 0000000..1fe9148
--- /dev/null
+++ b/wifi_ext/hwservice.te
@@ -0,0 +1,2 @@
+# wifi_ext service
+type hal_wifi_ext_hwservice, hwservice_manager_type;
diff --git a/wifi_ext/hwservice_contexts b/wifi_ext/hwservice_contexts
new file mode 100644
index 0000000..e8de4ce
--- /dev/null
+++ b/wifi_ext/hwservice_contexts
@@ -0,0 +1,2 @@
+# Wifi
+vendor.google.wifi_ext::IWifiExt u:object_r:hal_wifi_ext_hwservice:s0