From 297158486d7252b6a2acc5004c601e6cc9cb3655 Mon Sep 17 00:00:00 2001
From: Ravi Jain <raviajain@google.com>
Date: Fri, 8 Mar 2024 09:14:09 +0000
Subject: [PATCH] dumpstate: touch: Add touch_predump for focaltech

10-01 21:39:00.372 11262 11262 I sh      : type=1400 audit(0.0:20): avc:
denied  { write } for  name="driver_test" dev="proc" ino=4026536282
scontext=u:r:predump_touch:s0 tcontext=u:object_r:proc_touch:s0
tclass=file permissive=1

10-01 21:40:03.076  6244  6244 I sh      : type=1400 audit(0.0:21): avc:
denied  { search } for  name="focaltech_touch" dev="proc" ino=4026535873
scontext=u:r:predump_touch:s0 tcontext=u:object_r:proc_touch:s0
tclass=dir permissive=1

Test: b/318578275
Test: Flash on dogfood device and check touch dump logs
Bug: 287907308
Flag: EXEMPT bugfix
Change-Id: I1652ecc1054b50946159d4c3c0f3995cefa896f5
---
 touch/focaltech/Android.bp                        | 8 ++++++++
 touch/focaltech/predump_focaltech.mk              | 3 +++
 touch/focaltech/predump_sepolicy/file.te          | 2 ++
 touch/focaltech/predump_sepolicy/file_contexts    | 2 ++
 touch/focaltech/predump_sepolicy/genfs_contexts   | 3 +++
 touch/focaltech/predump_sepolicy/predump_touch.te | 3 +++
 6 files changed, 21 insertions(+)
 create mode 100644 touch/focaltech/predump_focaltech.mk
 create mode 100644 touch/focaltech/predump_sepolicy/file.te
 create mode 100644 touch/focaltech/predump_sepolicy/file_contexts
 create mode 100644 touch/focaltech/predump_sepolicy/genfs_contexts
 create mode 100644 touch/focaltech/predump_sepolicy/predump_touch.te

diff --git a/touch/focaltech/Android.bp b/touch/focaltech/Android.bp
index ebaa308..0b53132 100644
--- a/touch/focaltech/Android.bp
+++ b/touch/focaltech/Android.bp
@@ -9,3 +9,11 @@ sh_binary {
     vendor: true,
     sub_dir: "dump",
 }
+
+sh_binary {
+    name: "predump_focaltech.sh",
+    src: "dump_focaltech.sh",
+    init_rc: ["init.touch.rc"],
+    vendor: true,
+    sub_dir: "dump_touch",
+}
diff --git a/touch/focaltech/predump_focaltech.mk b/touch/focaltech/predump_focaltech.mk
new file mode 100644
index 0000000..aff76bc
--- /dev/null
+++ b/touch/focaltech/predump_focaltech.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/focaltech/predump_sepolicy
+
+PRODUCT_PACKAGES += predump_focaltech.sh
diff --git a/touch/focaltech/predump_sepolicy/file.te b/touch/focaltech/predump_sepolicy/file.te
new file mode 100644
index 0000000..696f244
--- /dev/null
+++ b/touch/focaltech/predump_sepolicy/file.te
@@ -0,0 +1,2 @@
+# touch predump script
+type proc_touch, proc_type, fs_type;
diff --git a/touch/focaltech/predump_sepolicy/file_contexts b/touch/focaltech/predump_sepolicy/file_contexts
new file mode 100644
index 0000000..517895b
--- /dev/null
+++ b/touch/focaltech/predump_sepolicy/file_contexts
@@ -0,0 +1,2 @@
+/vendor/bin/dump/predump_focaltech\.sh      u:object_r:predump_touch_exec:s0
+
diff --git a/touch/focaltech/predump_sepolicy/genfs_contexts b/touch/focaltech/predump_sepolicy/genfs_contexts
new file mode 100644
index 0000000..2ac9314
--- /dev/null
+++ b/touch/focaltech/predump_sepolicy/genfs_contexts
@@ -0,0 +1,3 @@
+genfscon proc  /focaltech_touch                                                u:object_r:proc_touch:s0
+
+
diff --git a/touch/focaltech/predump_sepolicy/predump_touch.te b/touch/focaltech/predump_sepolicy/predump_touch.te
new file mode 100644
index 0000000..c34ba49
--- /dev/null
+++ b/touch/focaltech/predump_sepolicy/predump_touch.te
@@ -0,0 +1,3 @@
+# touch predump script
+allow predump_touch proc_touch:dir search;
+allow predump_touch proc_touch:file rw_file_perms;