Add 'sepolicy/' from tag 'android-15.0.0_r1'

git-subtree-dir: sepolicy
git-subtree-mainline: 23ea2af6db
git-subtree-split: 7cf65388f7
Change-Id: Ic33f6c8d9de77d76b7cf976e1d02519e5539f4db

sepolicy/OWNERS

@@ -0,0 +1,4 @@
+include device/google/gs-common:/sepolicy/OWNERS
+
+adamshih@google.com
+

sepolicy/akita-sepolicy.mk

@@ -0,0 +1,4 @@
+# sepolicy exclusively for akita.
+BOARD_SEPOLICY_DIRS += device/google/akita-sepolicy/vendor
+BOARD_SEPOLICY_DIRS += device/google/akita-sepolicy/tracking_denials
+BOARD_SEPOLICY_DIRS += device/google/akita-sepolicy/radio

sepolicy/radio/radio.te

@@ -0,0 +1 @@
+allow radio scheduling_policy_service:service_manager find;

sepolicy/tracking_denials/README.txt

@@ -0,0 +1,2 @@
+This folder stores known errors detected by PTS. Be sure to remove relevant
+files to reproduce error log on latest ROMs.

sepolicy/tracking_denials/bug_map

@@ -0,0 +1 @@
+system_suspend sysfs dir b/305600876

sepolicy/vendor/README.txt

@@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.

sepolicy/vendor/file.te

@@ -0,0 +1 @@
+type sysfs_gps, sysfs_type, fs_type;

sepolicy/vendor/file_contexts

@@ -0,0 +1,19 @@
+# Bluetooth
+/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
+/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
+/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
+
+# GPS
+/dev/gnss_ipc                       u:object_r:vendor_gnss_device:s0
+/dev/gnss_boot                      u:object_r:vendor_gnss_device:s0
+/dev/gnss_dump                      u:object_r:vendor_gnss_device:s0
+
+/vendor/bin/hw/gnssd                u:object_r:gnssd_exec:s0
+/vendor/bin/hw/sctd                 u:object_r:sctd_exec:s0
+/vendor/bin/hw/swcnd                u:object_r:swcnd_exec:s0
+/vendor/bin/hw/spad                 u:object_r:spad_exec:s0
+
+/vendor/bin/hw/android.hardware.gnss-service                   u:object_r:hal_gnss_default_exec:s0
+
+# gnss/gps data/log files
+/data/vendor/gps(/.*)?              u:object_r:vendor_gps_file:s0

sepolicy/vendor/genfs_contexts

@@ -0,0 +1,57 @@
+# Haptics
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0043            u:object_r:sysfs_vibrator:s0
+
+# WLC
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0061                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0061/power_supply               u:object_r:sysfs_batteryinfo:s0
+
+# System Suspend
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0061/power_supply/wireless/wakeup                            u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0061/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-10/10-0069/wakeup/wakeup                                         u:object_r:sysfs_wakeup:s0
+
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-10/10-0036/wakeup/wakeup                                         u:object_r:sysfs_wakeup:s0
+
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply/tcpm-source-psy-0-0025/wakeup              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply/tcpm-source-psy-1-0025/wakeup              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply/tcpm-source-psy-2-0025/wakeup              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply/tcpm-source-psy-3-0025/wakeup              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply/tcpm-source-psy-4-0025/wakeup              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply/tcpm-source-psy-5-0025/wakeup              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/wakeup              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/tcpm-source-psy-7-0025/wakeup              u:object_r:sysfs_wakeup:s0
+# already in zuma-sepolicy/vendor/genfs_contexts
+# genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup            u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply/tcpm-source-psy-9-0025/wakeup              u:object_r:sysfs_wakeup:s0
+
+
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/wakeup                                                  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/wakeup                                                  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply/maxfg/wakeup                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/dc/wakeup                                  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/main-charger/wakeup                        u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/gnssif/wakeup                                                                       u:object_r:sysfs_wakeup:s0
+
+# gps coredump node
+genfscon sysfs /devices/platform/gnssif/coredump                                                                     u:object_r:sysfs_gps:s0

sepolicy/vendor/gnssd.te

@@ -0,0 +1,36 @@
+type gnssd, domain;
+type gnssd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gnssd);
+
+# Allow gnssd to access rild
+binder_call(gnssd, rild);
+binder_call(gnssd, hwservicemanager)
+allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
+allow gnssd radio_device:chr_file rw_file_perms;
+
+# Allow gnssd to acess gnss device
+allow gnssd vendor_gnss_device:chr_file rw_file_perms;
+allow gnssd vendor_gps_file:dir create_dir_perms;
+allow gnssd vendor_gps_file:file create_file_perms;
+allow gnssd vendor_gps_file:fifo_file create_file_perms;
+
+# Allow gnssd to obtain wakelock
+wakelock_use(gnssd)
+
+# Allow a base set of permissions required for network access.
+net_domain(gnssd);
+
+# Allow gnssd to get boot complete
+get_prop(gnssd, bootanim_system_prop)
+
+allow gnssd sysfs_soc:file r_file_perms;
+allow gnssd sysfs_gps:file rw_file_perms;
+
+# Allow gnssd to set GPS property
+set_prop(gnssd, vendor_gps_prop)
+
+# Read RIL property
+get_prop(gnssd, vendor_rild_prop)
+
+# Read modme state
+allow gnssd sysfs_modem_state:file r_file_perms;

sepolicy/vendor/grilservice_app.te

@@ -0,0 +1,2 @@
+allow grilservice_app hal_radio_ext_service:service_manager find;
+binder_call(grilservice_app, hal_radio_ext)

sepolicy/vendor/hal_contexthub_default.te

@@ -0,0 +1,6 @@
+#
+# Context hub multiclient HAL common selinux policies
+#
+# Allow binder call to PixelGnss PPS function.
+binder_call(hal_contexthub_default, hal_gnss_pixel)
+

sepolicy/vendor/hal_gnss_default.te

@@ -0,0 +1,12 @@
+allow hal_gnss_default fwk_sensor_service:service_manager find;
+allow hal_gnss_default gnssd:unix_stream_socket connectto;
+allow hal_gnss_default vendor_gps_file:dir create_dir_perms;
+allow hal_gnss_default vendor_gps_file:file create_file_perms;
+allow hal_gnss_default vendor_gps_file:fifo_file create_file_perms;
+allow hal_gnss_default sysfs_gps:file rw_file_perms;
+
+#Read GPS property
+get_prop(hal_gnss_default, vendor_gps_prop)
+
+# Binder call to pixel-gnss
+binder_call(hal_gnss_default, hal_gnss_pixel)

sepolicy/vendor/hal_power_stats_default.te

@@ -0,0 +1 @@
+r_dir_file(hal_power_stats_default, vendor_gps_file)

sepolicy/vendor/rild.te

@@ -0,0 +1 @@
+binder_call(rild, gnssd)

sepolicy/vendor/sctd.te

@@ -0,0 +1,3 @@
+type sctd, domain;
+type sctd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(sctd);

sepolicy/vendor/servicemanager.te

@@ -0,0 +1,2 @@
+binder_call(servicemanager, hal_gnss_pixel)
+binder_call(servicemanager, hal_gnss_default)

sepolicy/vendor/spad.te

@@ -0,0 +1,3 @@
+type spad, domain;
+type spad_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(spad);

sepolicy/vendor/swcnd.te

@@ -0,0 +1,3 @@
+type swcnd, domain;
+type swcnd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(swcnd);

sepolicy/vendor/vendor_init.te

@@ -0,0 +1,5 @@
+# Camera vendor property
+set_prop(vendor_init, vendor_camera_debug_prop)
+
+# gps vendor property
+set_prop(vendor_init, vendor_gps_prop)