omni: add vnc server integration bits
Change-Id: Ic9a52c28ddc0bba4ae519d4f30de1adb6f127496
diff --git a/sepolicy/private/file_contexts b/sepolicy/private/file_contexts
index 1c7011b..a5b933d 100644
--- a/sepolicy/private/file_contexts
+++ b/sepolicy/private/file_contexts
@@ -7,5 +7,7 @@
/sys/block/[^/]+/queue/scheduler u:object_r:sysfs_block_scheduler:s0
/system/bin/fsck\.ntfs u:object_r:fsck_exec:s0
-#/system/bin/fsck\.exfat u:object_r:fsck_exec:s0
/system/bin/mount\.exfat u:object_r:fsck_exec:s0
+
+/system/bin/vncflinger u:object_r:vncflinger_exec:s0
+/system/bin/vncpasswd u:object_r:vncflinger_exec:s0
diff --git a/sepolicy/private/system_app.te b/sepolicy/private/system_app.te
index 08e4db4..e6f46c6 100644
--- a/sepolicy/private/system_app.te
+++ b/sepolicy/private/system_app.te
@@ -1,4 +1,7 @@
#selinux status
allow system_app selinuxfs:file r_file_perms;
+allow system_app vncflinger_exec:file { r_file_perms execute execute_no_trans map };
+# uinput
+allow system_app uhid_device:chr_file rw_file_perms;
diff --git a/sepolicy/private/vncflinger.te b/sepolicy/private/vncflinger.te
new file mode 100644
index 0000000..a6656b5
--- /dev/null
+++ b/sepolicy/private/vncflinger.te
@@ -0,0 +1,24 @@
+type vncflinger_exec, exec_type, file_type;
+type vncflinger, domain;
+typeattribute vncflinger coredomain;
+
+init_daemon_domain(vncflinger)
+binder_use(vncflinger)
+net_domain(vncflinger);
+
+# uinput
+allow vncflinger uhid_device:chr_file rw_file_perms;
+
+# read buffers from surfaceflinger
+allow vncflinger ion_device:chr_file r_file_perms;
+allow vncflinger surfaceflinger_service:service_manager find;
+binder_call(vncflinger, surfaceflinger);
+
+# buffer callbacks
+binder_call(surfaceflinger, vncflinger);
+
+get_prop(vncflinger, hwservicemanager_prop)
+allow vncflinger hal_graphics_allocator:fd use;
+allow vncflinger same_process_hal_file:file { execute read open getattr map };
+hal_client_domain(vncflinger, hal_graphics_allocator);
+hwbinder_use(vncflinger);