Minimize public policy
Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
diff --git a/private/virtual_touchpad.te b/private/virtual_touchpad.te
index e735172..035b121 100644
--- a/private/virtual_touchpad.te
+++ b/private/virtual_touchpad.te
@@ -1,3 +1,17 @@
typeattribute virtual_touchpad coredomain;
init_daemon_domain(virtual_touchpad)
+
+binder_use(virtual_touchpad)
+binder_service(virtual_touchpad)
+add_service(virtual_touchpad, virtual_touchpad_service)
+
+# Needed to check app permissions.
+binder_call(virtual_touchpad, system_server)
+
+# Requires access to /dev/uinput to create and feed the virtual device.
+allow virtual_touchpad uhid_device:chr_file { w_file_perms ioctl };
+
+# Requires access to the permission service to validate that clients have the
+# appropriate VR permissions.
+allow virtual_touchpad permission_service:service_manager find;