commit c56805614c5a277bca55582c2f70344c37895766
author Alex Vakulenko <avakulenko@google.com> Tue Feb 14 15:28:52 2017 -0800
committer Alex Vakulenko <avakulenko@google.com> Wed Feb 15 14:56:49 2017 -0800
tree b911dbf3d968be2d8345ccf35833fabbe2e8b23c
parent 20a639115f525e6cc13523c10bcae0929b9b4313

Add SELinux policies for vr_window_manager

This set of rules is neeeded to allow vr_windows_manager to run
successfully on the system.

Bug: 32541196
Test: `m -j32` succeeds. Sailfish device boots.
Change-Id: I0aec94d80f655a6f47691cf2622dd158ce9e475f

private/file_contexts

diff --git a/private/file_contexts b/private/file_contexts
index 8cd8123..d6a2483 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -246,6 +246,7 @@
 /system/bin/webview_zygote32     u:object_r:webview_zygote_exec:s0
 /system/bin/webview_zygote64     u:object_r:webview_zygote_exec:s0
 /system/bin/virtual_touchpad     u:object_r:virtual_touchpad_exec:s0
+/system/bin/vr_wm                u:object_r:vr_wm_exec:s0
 /system/bin/hw/android\.hardware\.bluetooth@1\.0-service      u:object_r:hal_bluetooth_default_exec:s0
 /system/bin/hw/android\.hidl\.memory@1\.0-service             u:object_r:hal_allocator_exec:s0
 

private/service_contexts

diff --git a/private/service_contexts b/private/service_contexts
index 3b01c0b..2eab12f 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -154,6 +154,7 @@
 vibrator                                  u:object_r:vibrator_service:s0
 virtual_touchpad                          u:object_r:virtual_touchpad_service:s0
 voiceinteraction                          u:object_r:voiceinteraction_service:s0
+vr_window_manager                         u:object_r:vr_window_manager_service:s0
 vrmanager                                 u:object_r:vr_manager_service:s0
 wallpaper                                 u:object_r:wallpaper_service:s0
 webviewupdate                             u:object_r:webviewupdate_service:s0

private/system_app.te

diff --git a/private/system_app.te b/private/system_app.te
index 7539da2..6de3693 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -56,7 +56,7 @@
 
 allow system_app servicemanager:service_manager list;
 # TODO: scope this down? Too broad?
-allow system_app { service_manager_type -netd_service -dumpstate_service -installd_service }:service_manager find;
+allow system_app { service_manager_type -netd_service -dumpstate_service -installd_service -virtual_touchpad_service }:service_manager find;
 
 allow system_app keystore:keystore_key {
     get_state

private/vr_wm.te

diff --git a/private/vr_wm.te b/private/vr_wm.te
new file mode 100644
index 0000000..276d434
--- /dev/null
+++ b/private/vr_wm.te
@@ -0,0 +1,4 @@
+# vr_wm - VR Window Manager
+
+# The vr_wm is started by init.
+init_daemon_domain(vr_wm)