Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_google_pixel-sepolicy / b10592276b268fcb6c75a944bbdfe938c399afd5^2..b10592276b268fcb6c75a944bbdfe938c399afd5 / .
commitb10592276b268fcb6c75a944bbdfe938c399afd5[log] [tgz]
authorAlex Florescu <alexflo@google.com>Fri Jun 26 20:30:00 2020 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Fri Jun 26 20:30:00 2020 +0000
treeaa99a43b95f0848766935893622aa4be86f9ac8d
parent7b0d61f76f61252c1bda9f8bf09432bc4c6ac392 [diff]
parent40284ca011743844bf7964e608435db8b4945a1e [diff]
[automerger skipped] Remove Flipendo security policy am: f1249b56a9 -s ours am: 2daa3a7a85 -s ours am: 97b4d748a9 -s ours am: 40284ca011 -s ours

am skip reason: Change-Id I6a945135b5107c39499be0378ca210ac70aaf95d with SHA-1 993da30e11 is in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/11999301

Change-Id: Id60723e04bcbfc1f8a9d1ccd07d1e74959c7e3d8

diff --git a/googlebattery/file.te b/googlebattery/file.te
new file mode 100644
index 0000000..07958e4
--- /dev/null
+++ b/googlebattery/file.te

@@ -0,0 +1 @@
+type sysfs_charge, sysfs_type, fs_type;

diff --git a/googlebattery/file_contexts b/googlebattery/file_contexts
new file mode 100644
index 0000000..f4fc712
--- /dev/null
+++ b/googlebattery/file_contexts

@@ -0,0 +1 @@
+/vendor/bin/hw/vendor\.google\.google_battery@1\.0-service-vendor                     u:object_r:hal_googlebattery_exec:s0

diff --git a/googlebattery/genfs_contexts b/googlebattery/genfs_contexts
new file mode 100644
index 0000000..8e93a8a
--- /dev/null
+++ b/googlebattery/genfs_contexts

@@ -0,0 +1,2 @@
+genfscon sysfs /devices/platform/soc/soc:google,battery/power_supply/battery/charge_deadline                                                                                    u:object_r:sysfs_charge:s0
+genfscon sysfs /devices/platform/soc/soc:google,battery/power_supply/battery/charge_stage                                                                                       u:object_r:sysfs_charge:s0

diff --git a/googlebattery/hal_googlebattery.te b/googlebattery/hal_googlebattery.te
new file mode 100644
index 0000000..54ec279
--- /dev/null
+++ b/googlebattery/hal_googlebattery.te

@@ -0,0 +1,13 @@
+type hal_googlebattery, domain;
+type hal_googlebattery_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_googlebattery)
+
+r_dir_file(hal_googlebattery, sysfs_batteryinfo)
+
+allow hal_googlebattery sysfs_charge:file rw_file_perms;
+allow hal_googlebattery self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+hwbinder_use(hal_googlebattery)
+add_hwservice(hal_googlebattery, hal_googlebattery_hwservice)
+get_prop(hal_googlebattery, hwservicemanager_prop)

diff --git a/googlebattery/hwservice.te b/googlebattery/hwservice.te
new file mode 100644
index 0000000..40323ef
--- /dev/null
+++ b/googlebattery/hwservice.te

@@ -0,0 +1 @@
+type hal_googlebattery_hwservice, hwservice_manager_type;

diff --git a/googlebattery/hwservice_contexts b/googlebattery/hwservice_contexts
new file mode 100644
index 0000000..40f1526
--- /dev/null
+++ b/googlebattery/hwservice_contexts

@@ -0,0 +1 @@
+vendor.google.google_battery::IGoogleBattery                    u:object_r:hal_googlebattery_hwservice:s0

diff --git a/googlebattery/platform_app.te b/googlebattery/platform_app.te
new file mode 100644
index 0000000..0ee586f
--- /dev/null
+++ b/googlebattery/platform_app.te

@@ -0,0 +1,3 @@
+# allow SystemUI to find and bind Google Battery HAL
+allow platform_app hal_googlebattery_hwservice:hwservice_manager find;
+binder_call(platform_app, hal_googlebattery)

diff --git a/googlebattery/system_app.te b/googlebattery/system_app.te
new file mode 100644
index 0000000..05723bf
--- /dev/null
+++ b/googlebattery/system_app.te

@@ -0,0 +1,3 @@
+# To allow Settings to find and bind Google Battery HAL
+allow system_app hal_googlebattery_hwservice:hwservice_manager find;
+binder_call(system_app, hal_googlebattery)

diff --git a/googlebattery/turbo_adapter.te b/googlebattery/turbo_adapter.te
new file mode 100644
index 0000000..33f99cd
--- /dev/null
+++ b/googlebattery/turbo_adapter.te

@@ -0,0 +1,3 @@
+# To find and bind Google Battery HAL
+allow turbo_adapter hal_googlebattery_hwservice:hwservice_manager find;
+binder_call(turbo_adapter, hal_googlebattery)

diff --git a/vibrator/common/file_contexts b/vibrator/common/file_contexts
index 8bdbb99..d1b1060 100644
--- a/vibrator/common/file_contexts
+++ b/vibrator/common/file_contexts

@@ -1 +1,2 @@
-/mnt/vendor/persist/haptics(/.*)?                                                     u:object_r:persist_haptics_file:s0
+/mnt/vendor/persist/haptics(/.*)?   u:object_r:persist_haptics_file:s0
+/persist/haptics(/.*)?              u:object_r:persist_haptics_file:s0

diff --git a/vibrator/common/property.te b/vibrator/common/property.te
new file mode 100644
index 0000000..3036935
--- /dev/null
+++ b/vibrator/common/property.te

@@ -0,0 +1 @@
+type vendor_vibrator_prop, property_type;

diff --git a/vibrator/drv2624/hal_vibrator_default.te b/vibrator/drv2624/hal_vibrator_default.te
new file mode 100644
index 0000000..e015251
--- /dev/null
+++ b/vibrator/drv2624/hal_vibrator_default.te

@@ -0,0 +1,7 @@
+allow hal_vibrator_default sysfs_leds:dir search;
+
+allow hal_vibrator_default mnt_vendor_file:dir search;
+allow hal_vibrator_default persist_file:dir search;
+r_dir_file(hal_vibrator_default, persist_haptics_file)
+
+get_prop(hal_vibrator_default, vendor_vibrator_prop);

diff --git a/vibrator/drv2624/property_contexts b/vibrator/drv2624/property_contexts
new file mode 100644
index 0000000..f008230
--- /dev/null
+++ b/vibrator/drv2624/property_contexts

@@ -0,0 +1 @@
+ro.vibrator.hal.    u:object_r:vendor_vibrator_prop:s0

diff --git a/vibrator/drv2624/vendor_init.te b/vibrator/drv2624/vendor_init.te
new file mode 100644
index 0000000..417a40c
--- /dev/null
+++ b/vibrator/drv2624/vendor_init.te

@@ -0,0 +1 @@
+set_prop(vendor_init, vendor_vibrator_prop)

diff --git a/wifi_ext/file_contexts b/wifi_ext/file_contexts
new file mode 100644
index 0000000..acbd266
--- /dev/null
+++ b/wifi_ext/file_contexts

@@ -0,0 +1,3 @@
+# Wifi
+/vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor          u:object_r:hal_wifi_ext_exec:s0
+/vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor-lazy     u:object_r:hal_wifi_ext_exec:s0

diff --git a/wifi_ext/hal_wifi_ext.te b/wifi_ext/hal_wifi_ext.te
new file mode 100644
index 0000000..091f211
--- /dev/null
+++ b/wifi_ext/hal_wifi_ext.te

@@ -0,0 +1,8 @@
+type hal_wifi_ext, domain;
+hal_server_domain(hal_wifi_ext, hal_wifi)
+
+type hal_wifi_ext_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_wifi_ext)
+
+# Allow to start the IWifi:wifi_ext service
+add_hwservice(hal_wifi_ext, hal_wifi_ext_hwservice);

diff --git a/wifi_ext/hwservice.te b/wifi_ext/hwservice.te
new file mode 100644
index 0000000..1fe9148
--- /dev/null
+++ b/wifi_ext/hwservice.te

@@ -0,0 +1,2 @@
+# wifi_ext service
+type hal_wifi_ext_hwservice, hwservice_manager_type;

diff --git a/wifi_ext/hwservice_contexts b/wifi_ext/hwservice_contexts
new file mode 100644
index 0000000..e8de4ce
--- /dev/null
+++ b/wifi_ext/hwservice_contexts

@@ -0,0 +1,2 @@
+# Wifi
+vendor.google.wifi_ext::IWifiExt                                u:object_r:hal_wifi_ext_hwservice:s0