From 0f84ba2bb54fd89c9e52236ce81c908363ea85d6 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Wed, 28 Sep 2022 10:14:31 +0800
Subject: [PATCH] Put gs_watchdog settings to one place

Bug: 248428203
Test: gs_watchdog is still in system_ext
Change-Id: Iaa0e1871a4459af02a004f7b3b2861b53709c608
---
 device.mk                             | 6 ------
 gs_watchdogd/sepolicy/file_contexts   | 5 +++++
 gs_watchdogd/sepolicy/gs_watchdogd.te | 9 +++++++++
 gs_watchdogd/watchdog.mk              | 6 ++++++
 4 files changed, 20 insertions(+), 6 deletions(-)
 create mode 100644 gs_watchdogd/sepolicy/file_contexts
 create mode 100644 gs_watchdogd/sepolicy/gs_watchdogd.te
 create mode 100644 gs_watchdogd/watchdog.mk

diff --git a/device.mk b/device.mk
index c0f39f6..dc79997 100644
--- a/device.mk
+++ b/device.mk
@@ -21,9 +21,3 @@ PRODUCT_SOONG_NAMESPACES += \
 PRODUCT_PROPERTY_OVERRIDES += \
 	vendor.media.omx=0
 
-# Platform watchdogd
-PRODUCT_PACKAGES += gs_watchdogd
-PRODUCT_SOONG_NAMESPACES += \
-	device/google/gs-common/gs_watchdogd
-SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += \
-	hardware/google/pixel-sepolicy/gs_watchdogd
diff --git a/gs_watchdogd/sepolicy/file_contexts b/gs_watchdogd/sepolicy/file_contexts
new file mode 100644
index 0000000..22dd02b
--- /dev/null
+++ b/gs_watchdogd/sepolicy/file_contexts
@@ -0,0 +1,5 @@
+# Platform watchdogd
+/system_ext/bin/gs_watchdogd            u:object_r:gs_watchdogd_exec:s0
+
+# Devices
+/dev/watchdog[0-9]                      u:object_r:watchdog_device:s0
diff --git a/gs_watchdogd/sepolicy/gs_watchdogd.te b/gs_watchdogd/sepolicy/gs_watchdogd.te
new file mode 100644
index 0000000..538f870
--- /dev/null
+++ b/gs_watchdogd/sepolicy/gs_watchdogd.te
@@ -0,0 +1,9 @@
+# gs_watchdogd seclabel is specified in init.<board>.rc
+type gs_watchdogd, domain, coredomain;
+type gs_watchdogd_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(gs_watchdogd)
+
+allow gs_watchdogd watchdog_device:chr_file rw_file_perms;
+allow gs_watchdogd kmsg_device:chr_file rw_file_perms;
+allow gs_watchdogd sysfs:dir r_dir_perms;
diff --git a/gs_watchdogd/watchdog.mk b/gs_watchdogd/watchdog.mk
new file mode 100644
index 0000000..69cbbbd
--- /dev/null
+++ b/gs_watchdogd/watchdog.mk
@@ -0,0 +1,6 @@
+# Platform watchdogd
+PRODUCT_PACKAGES += gs_watchdogd
+PRODUCT_SOONG_NAMESPACES += \
+	device/google/gs-common/gs_watchdogd
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += \
+	device/google/gs-common/gs_watchdogd/sepolicy