pipa: Add xiaomi pen sepolicy

Change-Id: Ic1b91a264f67c67a2e6126cd08ddcbc766b894f0

BoardConfig.mk

@@ -23,6 +23,9 @@ TARGET_KERNEL_CONFIG += vendor/xiaomi/pipa.config
 # Properties
 TARGET_VENDOR_PROP += $(DEVICE_PATH)/vendor.prop
 
+# Sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/vendor
+
 # Wi-Fi
 SOONG_CONFIG_XIAOMI_KONA_WIFI_SYMLINK_VERSION := v2
 

sepolicy/vendor/device.te

@@ -0,0 +1,2 @@
+# Xiaomi Touch
+type xiaomi_touch_device, dev_type;

sepolicy/vendor/file_contexts

@@ -0,0 +1,5 @@
+# Pen
+/vendor/bin/xiaomi-pen		u:object_r:xiaomi_pen_exec:s0
+
+# Xiaomi Touch
+/dev/xiaomi-touch			u:object_r:xiaomi_touch_device:s0

sepolicy/vendor/property.te

@@ -0,0 +1 @@
+system_public_prop(vendor_pen_prop);

sepolicy/vendor/property_contexts

@@ -0,0 +1 @@
+persist.vendor.parts.pen		u:object_r:vendor_pen_prop:s0

sepolicy/vendor/system_app.te

@@ -0,0 +1 @@
+set_prop(system_app, vendor_pen_prop)

sepolicy/vendor/vendor_init.te

@@ -0,0 +1 @@
+get_prop(vendor_init, vendor_pen_prop)

sepolicy/vendor/xiaomi_pen.te

@@ -0,0 +1,8 @@
+# Pen
+type xiaomi_pen, domain;
+
+type xiaomi_pen_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(xiaomi_pen)
+
+allow xiaomi_pen xiaomi_touch_device:chr_file { ioctl open read write };