pixel-sepolicy:debugpolicy: initial version
Bug: 194730972
Signed-off-by: Oleg Matcovschi <omatcovschi@google.com>
Change-Id: Iec80b0b9e0a99875dcae478a5e63d94caae86767
diff --git a/debugpolicy/device.te b/debugpolicy/device.te
new file mode 100644
index 0000000..c774e3b
--- /dev/null
+++ b/debugpolicy/device.te
@@ -0,0 +1 @@
+type dpm_block_device, dev_type;
diff --git a/debugpolicy/file.te b/debugpolicy/file.te
new file mode 100644
index 0000000..604ba50
--- /dev/null
+++ b/debugpolicy/file.te
@@ -0,0 +1,2 @@
+# sysfs
+type sysfs_dpm_variant, sysfs_type, fs_type; # dpm variant
diff --git a/debugpolicy/file_contexts b/debugpolicy/file_contexts
new file mode 100644
index 0000000..0f2aaa6
--- /dev/null
+++ b/debugpolicy/file_contexts
@@ -0,0 +1,2 @@
+/dev/block/by-name/dpm_[ab] u:object_r:dpm_block_device:s0
+/vendor/bin/hw/init_dpm\.sh u:object_r:init_dpm_exec:s0
diff --git a/debugpolicy/genfs_contexts b/debugpolicy/genfs_contexts
new file mode 100644
index 0000000..d30809d
--- /dev/null
+++ b/debugpolicy/genfs_contexts
@@ -0,0 +1 @@
+genfscon sysfs /firmware/devicetree/base/dpm/variant u:object_r:sysfs_dpm_variant:s0
diff --git a/debugpolicy/init_dpm.te b/debugpolicy/init_dpm.te
new file mode 100644
index 0000000..b91c561
--- /dev/null
+++ b/debugpolicy/init_dpm.te
@@ -0,0 +1,11 @@
+type init_dpm, domain;
+type init_dpm_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init_dpm)
+
+userdebug_or_eng(`
+allow init_dpm vendor_toolbox_exec:file execute_no_trans;
+allow init_dpm sysfs_dpm_variant:file r_file_perms;
+allow init_dpm block_device:dir search;
+allow init_dpm dpm_block_device:blk_file rw_file_perms;
+')