Add microdroid specific sepolicy
Microdroid will have a separate sepolicy, apart from the core policy.
This is the first step; For now it's a simple copy of system/sepolicy.
For the future work, it will be stripped.
Bug: 189165759
Test: boot microdroid and see selinux enforced
Change-Id: I2fee39f7231560b49c93bd5e8d0feeffada40938
diff --git a/microdroid/sepolicy/system/private/charger.te b/microdroid/sepolicy/system/private/charger.te
new file mode 100644
index 0000000..8be113f
--- /dev/null
+++ b/microdroid/sepolicy/system/private/charger.te
@@ -0,0 +1,31 @@
+typeattribute charger coredomain;
+
+# charger needs to tell init to continue the boot
+# process when running in charger mode.
+set_prop(charger, system_prop)
+set_prop(charger, exported_system_prop)
+set_prop(charger, exported3_system_prop)
+set_prop(charger, charger_status_prop)
+
+get_prop(charger, charger_prop)
+get_prop(charger, charger_config_prop)
+
+# get minui properties
+get_prop(charger, recovery_config_prop)
+
+compatible_property_only(`
+ neverallow {
+ domain
+ -init
+ -dumpstate
+ -charger
+ } charger_prop:file no_rw_file_perms;
+')
+
+neverallow {
+ domain
+ -init
+ -dumpstate
+ -vendor_init
+ -charger
+} { charger_config_prop charger_status_prop }:file no_rw_file_perms;