From 5e8ab96efb898bb04ea3e5f5ec80902209e2e4ad Mon Sep 17 00:00:00 2001
From: Chris Paulo <chrispaulo@google.com>
Date: Tue, 30 Aug 2022 00:29:28 +0000
Subject: [PATCH 1/2] [DO NOT MERGE] device/sepolicy: Add sepolicy for vibrator
 hal

Added sepolicy for vibrator hal specific to device

uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { read } for property=vibrator.adaptive_haptics.enabled pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1'
avc: denied { open } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1
avc: denied { getattr } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1
avc: denied { map } for comm="odrefresh" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:odrefresh:s0 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1
avc: denied { write } for comm="android.hardwar" name="chre" dev="tmpfs" ino=1094 scontext=u:r:hal_vibrator_default:s0 tcontext=u:object_r:chre_socket:s0 tclass=sock_file permissive=1
avc: denied { connectto } for comm="android.hardwar" path="/dev/socket/chre" scontext=u:r:hal_vibrator_default:s0 tcontext=u:r:chre:s0 tclass=unix_stream_socket permissive=1
avc: denied { open } for comm="binder:8084_3" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 app=com.google.android.gms
avc: denied { getattr } for comm="binder:8084_3" path="/dev/__properties__/u:object_r:adaptive_haptics_prop:s0" dev="tmpfs" ino=80 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:adaptive_haptics_prop:s0 tclass=file permissive=1 app=com.google.android.gms

Bug: 198239103
Test: Verified functionality
Signed-off-by: Chris Paulo <chrispaulo@google.com>
Change-Id: I1f38a069c06c5cc142236aed9cb34eede77c0315
---
 bluejay-sepolicy.mk            | 1 +
 vendor/file_contexts           | 2 ++
 vendor/hal_vibrator_default.te | 3 +++
 vendor/property_contexts       | 2 ++
 vendor/vendor_init.te          | 2 ++
 5 files changed, 10 insertions(+)
 create mode 100644 vendor/file_contexts
 create mode 100644 vendor/hal_vibrator_default.te
 create mode 100644 vendor/property_contexts
 create mode 100644 vendor/vendor_init.te

diff --git a/bluejay-sepolicy.mk b/bluejay-sepolicy.mk
index cb5229b..5a2b557 100644
--- a/bluejay-sepolicy.mk
+++ b/bluejay-sepolicy.mk
@@ -1,2 +1,3 @@
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/bluejay
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/vendor
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials_bluejay
diff --git a/vendor/file_contexts b/vendor/file_contexts
new file mode 100644
index 0000000..66359fc
--- /dev/null
+++ b/vendor/file_contexts
@@ -0,0 +1,2 @@
+# Haptics
+/vendor/bin/hw/android\.hardware\.vibrator-service\.cs40l26-private-bluejay   u:object_r:hal_vibrator_default_exec:s0
diff --git a/vendor/hal_vibrator_default.te b/vendor/hal_vibrator_default.te
new file mode 100644
index 0000000..8cb0c72
--- /dev/null
+++ b/vendor/hal_vibrator_default.te
@@ -0,0 +1,3 @@
+# Allow Vibrator HAL to communicate with daemon via socket
+allow hal_vibrator_default chre:unix_stream_socket connectto;
+allow hal_vibrator_default chre_socket:sock_file write;
diff --git a/vendor/property_contexts b/vendor/property_contexts
new file mode 100644
index 0000000..4222a57
--- /dev/null
+++ b/vendor/property_contexts
@@ -0,0 +1,2 @@
+# Haptics
+persist.vendor.vibrator.hal.    u:object_r:vendor_vibrator_prop:s0
diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te
new file mode 100644
index 0000000..6641c23
--- /dev/null
+++ b/vendor/vendor_init.te
@@ -0,0 +1,2 @@
+# Haptics
+get_prop(vendor_init, adaptive_haptics_prop)

From bfd77dc818dcc0adf3797fccbfe85cfcee59b77a Mon Sep 17 00:00:00 2001
From: Tai Kuo <taikuo@google.com>
Date: Thu, 16 Feb 2023 22:24:57 +0800
Subject: [PATCH 2/2] Revert "[DO NOT MERGE] device/sepolicy: Add sepolicy for
 vibrator hal"

This reverts commit 5e8ab96efb898bb04ea3e5f5ec80902209e2e4ad.

Bug: 198239103
Test: build pass on git_tm-qpr-dev-plus-aosp
Test: build pass on git_stage-aosp-master
Change-Id: I64fa53bef8a88b219ddb154dc919a1313f4e9db7
---
 bluejay-sepolicy.mk            | 1 -
 vendor/file_contexts           | 2 --
 vendor/hal_vibrator_default.te | 3 ---
 vendor/property_contexts       | 2 --
 vendor/vendor_init.te          | 2 --
 5 files changed, 10 deletions(-)
 delete mode 100644 vendor/file_contexts
 delete mode 100644 vendor/hal_vibrator_default.te
 delete mode 100644 vendor/property_contexts
 delete mode 100644 vendor/vendor_init.te

diff --git a/bluejay-sepolicy.mk b/bluejay-sepolicy.mk
index 5a2b557..cb5229b 100644
--- a/bluejay-sepolicy.mk
+++ b/bluejay-sepolicy.mk
@@ -1,3 +1,2 @@
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/bluejay
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/vendor
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials_bluejay
diff --git a/vendor/file_contexts b/vendor/file_contexts
deleted file mode 100644
index 66359fc..0000000
--- a/vendor/file_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# Haptics
-/vendor/bin/hw/android\.hardware\.vibrator-service\.cs40l26-private-bluejay   u:object_r:hal_vibrator_default_exec:s0
diff --git a/vendor/hal_vibrator_default.te b/vendor/hal_vibrator_default.te
deleted file mode 100644
index 8cb0c72..0000000
--- a/vendor/hal_vibrator_default.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Allow Vibrator HAL to communicate with daemon via socket
-allow hal_vibrator_default chre:unix_stream_socket connectto;
-allow hal_vibrator_default chre_socket:sock_file write;
diff --git a/vendor/property_contexts b/vendor/property_contexts
deleted file mode 100644
index 4222a57..0000000
--- a/vendor/property_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# Haptics
-persist.vendor.vibrator.hal.    u:object_r:vendor_vibrator_prop:s0
diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te
deleted file mode 100644
index 6641c23..0000000
--- a/vendor/vendor_init.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# Haptics
-get_prop(vendor_init, adaptive_haptics_prop)