Consolidate sepolicy for twoshay and touchflow targets.
Bug: 187654303
Bug: 187795940
Bug: 198755236
Test: twoshay works on B5, R4, B3, P7; reflector works on O6
Change-Id: I04b98c3b42e886b1900150c175318095e559fa25
Merged-In: I04b98c3b42e886b1900150c175318095e559fa25
diff --git a/input/device.te b/input/device.te
new file mode 100644
index 0000000..d3ce622
--- /dev/null
+++ b/input/device.te
@@ -0,0 +1 @@
+type touch_offload_device, dev_type;
diff --git a/input/dumpstate.te b/input/dumpstate.te
new file mode 100644
index 0000000..b2c0c81
--- /dev/null
+++ b/input/dumpstate.te
@@ -0,0 +1,2 @@
+# b/187795940
+dontaudit dumpstate twoshay:binder call;
diff --git a/input/file_contexts b/input/file_contexts
new file mode 100644
index 0000000..09728be
--- /dev/null
+++ b/input/file_contexts
@@ -0,0 +1,2 @@
+/dev/touch_offload u:object_r:touch_offload_device:s0
+/vendor/bin/twoshay u:object_r:twoshay_exec:s0
diff --git a/input/hal_dumpstate_default.te b/input/hal_dumpstate_default.te
new file mode 100644
index 0000000..81edc36
--- /dev/null
+++ b/input/hal_dumpstate_default.te
@@ -0,0 +1,2 @@
+allow hal_dumpstate_default touch_context_service:service_manager find;
+binder_call(hal_dumpstate_default, twoshay)
diff --git a/input/platform_app.te b/input/platform_app.te
new file mode 100644
index 0000000..17cc511
--- /dev/null
+++ b/input/platform_app.te
@@ -0,0 +1,2 @@
+allow platform_app touch_context_service:service_manager find;
+binder_call(platform_app, twoshay)
diff --git a/input/service.te b/input/service.te
new file mode 100644
index 0000000..63681d2
--- /dev/null
+++ b/input/service.te
@@ -0,0 +1 @@
+type touch_context_service, service_manager_type, vendor_service;
diff --git a/input/service_contexts b/input/service_contexts
new file mode 100644
index 0000000..95e70f8
--- /dev/null
+++ b/input/service_contexts
@@ -0,0 +1 @@
+com.google.input.ITouchContextService/default u:object_r:touch_context_service:s0
diff --git a/input/touchflow_debug/file_contexts b/input/touchflow_debug/file_contexts
new file mode 100644
index 0000000..abde29a
--- /dev/null
+++ b/input/touchflow_debug/file_contexts
@@ -0,0 +1,3 @@
+/vendor/bin/hw/android\.hardware\.input\.classifier@1\.0-reflector u:object_r:hal_input_classifier_default_exec:s0
+/vendor/bin/twoshay_touchflow u:object_r:twoshay_exec:s0
+
diff --git a/input/twoshay.te b/input/twoshay.te
new file mode 100644
index 0000000..eba1cce
--- /dev/null
+++ b/input/twoshay.te
@@ -0,0 +1,16 @@
+type twoshay, domain;
+type twoshay_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(twoshay)
+
+allow twoshay touch_offload_device:chr_file rw_file_perms;
+allow twoshay twoshay:capability sys_nice;
+
+binder_use(twoshay)
+add_service(twoshay, touch_context_service)
+
+allow twoshay fwk_stats_service:service_manager find;
+binder_call(twoshay, stats_service_server)
+
+# b/198755236
+dontaudit twoshay twoshay:capability dac_override;