Adding new CTPM sepolicy and domain.
Right now the ConnectivityThermalPowerManager is part of the
platform_app sepolicy domain. platform_app's don't have access to the
power_stats_hal. So following the security principle of least privilege
we need to define our own domain with the permissions we previously had
as part of the old domain.
Test: Compiled and loaded onto device and saw no "avc: denied" sepolicy
errors
Bug: 202028512
Ignore-AOSP-First: CTPM is a pixel only feature for thermal / power
mitigation
Change-Id: I140b704fc39959ba683c09ebe9ea65f7bf94452b
diff --git a/connectivity_thermal_power_manager/connectivity_thermal_power_manager.te b/connectivity_thermal_power_manager/connectivity_thermal_power_manager.te
new file mode 100644
index 0000000..54b2e8c
--- /dev/null
+++ b/connectivity_thermal_power_manager/connectivity_thermal_power_manager.te
@@ -0,0 +1,15 @@
+# platform_apps cannot access PowerHAL, so we need to define our own domain.
+# Since we're defining and moving CTPM to its own domain, we need to assign
+# all of the previous permissions that we had as a platform_app
+
+type connectivity_thermal_power_manager, domain, coredomain, system_suspend_internal_server;
+
+app_domain(connectivity_thermal_power_manager)
+
+# register previous permissions we had as a platform_app
+allow connectivity_thermal_power_manager radio_service:service_manager find;
+allow connectivity_thermal_power_manager app_api_service:service_manager find;
+allow connectivity_thermal_power_manager system_api_service:service_manager find;
+
+# access power stats
+hal_client_domain(connectivity_thermal_power_manager, hal_power_stats);
diff --git a/connectivity_thermal_power_manager/seapp_contexts b/connectivity_thermal_power_manager/seapp_contexts
new file mode 100644
index 0000000..28b2e0c
--- /dev/null
+++ b/connectivity_thermal_power_manager/seapp_contexts
@@ -0,0 +1 @@
+user=_app seinfo=platform name=com.google.android.connectivitythermalpowermanager domain=connectivity_thermal_power_manager type=app_data_file levelFrom=all