From 33f5985af36516ec9edcead708b327308a901732 Mon Sep 17 00:00:00 2001
From: Hung-Yeh Lee <hungyeh@google.com>
Date: Thu, 26 Dec 2024 13:56:31 +0800
Subject: [PATCH] display-dump: sepolicy for legacy primary display dump

Create sub-directory for project-specific sepolicy files, and move
legacy sepolicy files to sub-directory.

Bug: 376426334
Test: adb bugreport
Test: adb shell /vendor/bin/dump/dump_*_display
Test: adb shell /vendor/bin/dump/dump_*_second_display
Flag: EXEMPT bugfix
Change-Id: I7de8667b666d7f47c05b147a1f9e7da62ba35e1c
---
 display/sepolicy/dump_display.te                  | 15 ---------------
 display/sepolicy/dump_display_userdebug.te        | 11 -----------
 display/sepolicy/exynos/dump_display.te           | 15 +++++++++++++++
 display/sepolicy/exynos/dump_display_userdebug.te | 11 +++++++++++
 display/sepolicy/{ => exynos}/file.te             |  0
 display/sepolicy/{ => exynos}/file_contexts       |  4 ++--
 display/sepolicy/{ => exynos}/genfs_contexts      |  0
 .../exynos/hal_graphics_composer_default.te       |  3 +++
 display/sepolicy/{ => exynos}/vndservice.te       |  0
 display/sepolicy/{ => exynos}/vndservice_contexts |  0
 display/sepolicy/hal_graphics_composer_default.te |  3 ---
 11 files changed, 31 insertions(+), 31 deletions(-)
 delete mode 100644 display/sepolicy/dump_display.te
 delete mode 100644 display/sepolicy/dump_display_userdebug.te
 create mode 100644 display/sepolicy/exynos/dump_display.te
 create mode 100644 display/sepolicy/exynos/dump_display_userdebug.te
 rename display/sepolicy/{ => exynos}/file.te (100%)
 rename display/sepolicy/{ => exynos}/file_contexts (54%)
 rename display/sepolicy/{ => exynos}/genfs_contexts (100%)
 create mode 100644 display/sepolicy/exynos/hal_graphics_composer_default.te
 rename display/sepolicy/{ => exynos}/vndservice.te (100%)
 rename display/sepolicy/{ => exynos}/vndservice_contexts (100%)
 delete mode 100644 display/sepolicy/hal_graphics_composer_default.te

diff --git a/display/sepolicy/dump_display.te b/display/sepolicy/dump_display.te
deleted file mode 100644
index 3e2cb69..0000000
--- a/display/sepolicy/dump_display.te
+++ /dev/null
@@ -1,15 +0,0 @@
-# Display (dump for bugreport)
-pixel_bugreport(dump_display)
-
-allow dump_display sysfs_display:file r_file_perms;
-allow dump_display vendor_displaycolor_service:service_manager find;
-binder_call(dump_display, hal_graphics_composer_default)
-allow dump_display vendor_dumpsys:file execute_no_trans;
-allow dump_display vendor_shell_exec:file execute_no_trans;
-
-userdebug_or_eng(`
-  allow dump_display vendor_dri_debugfs:dir r_dir_perms;
-  allow dump_display vendor_dri_debugfs:file r_file_perms;
-')
-vndbinder_use(dump_display)
-
diff --git a/display/sepolicy/dump_display_userdebug.te b/display/sepolicy/dump_display_userdebug.te
deleted file mode 100644
index c08fb29..0000000
--- a/display/sepolicy/dump_display_userdebug.te
+++ /dev/null
@@ -1,11 +0,0 @@
-# Display eng/userdebug (dump for bugreport)
-pixel_bugreport(dump_display_userdebug)
-
-userdebug_or_eng(`
-  allow dump_display_userdebug vendor_toolbox_exec:file execute_no_trans;
-  allow dump_display_userdebug vendor_log_file:dir search;
-  allow dump_display_userdebug vendor_hwc_log_file:dir r_dir_perms;
-  allow dump_display_userdebug vendor_hwc_log_file:file r_file_perms;
-  allow dump_display_userdebug debugfs_tracing_instances:dir search;
-  allow dump_display_userdebug debugfs_tracing_instances:file r_file_perms;
-')
diff --git a/display/sepolicy/exynos/dump_display.te b/display/sepolicy/exynos/dump_display.te
new file mode 100644
index 0000000..0b4f0c7
--- /dev/null
+++ b/display/sepolicy/exynos/dump_display.te
@@ -0,0 +1,15 @@
+# Display (dump for bugreport)
+pixel_bugreport(dump_exynos_display)
+
+allow dump_exynos_display sysfs_display:file r_file_perms;
+allow dump_exynos_display vendor_displaycolor_service:service_manager find;
+binder_call(dump_exynos_display, hal_graphics_composer_default)
+allow dump_exynos_display vendor_dumpsys:file execute_no_trans;
+allow dump_exynos_display vendor_shell_exec:file execute_no_trans;
+
+userdebug_or_eng(`
+  allow dump_exynos_display vendor_dri_debugfs:dir r_dir_perms;
+  allow dump_exynos_display vendor_dri_debugfs:file r_file_perms;
+')
+vndbinder_use(dump_exynos_display)
+
diff --git a/display/sepolicy/exynos/dump_display_userdebug.te b/display/sepolicy/exynos/dump_display_userdebug.te
new file mode 100644
index 0000000..1b8dd11
--- /dev/null
+++ b/display/sepolicy/exynos/dump_display_userdebug.te
@@ -0,0 +1,11 @@
+# Display eng/userdebug (dump for bugreport)
+pixel_bugreport(dump_exynos_display_userdebug)
+
+userdebug_or_eng(`
+  allow dump_exynos_display_userdebug vendor_toolbox_exec:file execute_no_trans;
+  allow dump_exynos_display_userdebug vendor_log_file:dir search;
+  allow dump_exynos_display_userdebug vendor_hwc_log_file:dir r_dir_perms;
+  allow dump_exynos_display_userdebug vendor_hwc_log_file:file r_file_perms;
+  allow dump_exynos_display_userdebug debugfs_tracing_instances:dir search;
+  allow dump_exynos_display_userdebug debugfs_tracing_instances:file r_file_perms;
+')
diff --git a/display/sepolicy/file.te b/display/sepolicy/exynos/file.te
similarity index 100%
rename from display/sepolicy/file.te
rename to display/sepolicy/exynos/file.te
diff --git a/display/sepolicy/file_contexts b/display/sepolicy/exynos/file_contexts
similarity index 54%
rename from display/sepolicy/file_contexts
rename to display/sepolicy/exynos/file_contexts
index 66118d0..2a0854f 100644
--- a/display/sepolicy/file_contexts
+++ b/display/sepolicy/exynos/file_contexts
@@ -1,5 +1,5 @@
-/vendor/bin/dump/dump_display_userdebug\.sh      u:object_r:dump_display_userdebug_exec:s0
-/vendor/bin/dump/dump_display                    u:object_r:dump_display_exec:s0
+/vendor/bin/dump/dump_display_userdebug\.sh      u:object_r:dump_exynos_display_userdebug_exec:s0
+/vendor/bin/dump/dump_exynos_display             u:object_r:dump_exynos_display_exec:s0
 
 /data/vendor/log/hwc(/.*)?                       u:object_r:vendor_hwc_log_file:s0
 
diff --git a/display/sepolicy/genfs_contexts b/display/sepolicy/exynos/genfs_contexts
similarity index 100%
rename from display/sepolicy/genfs_contexts
rename to display/sepolicy/exynos/genfs_contexts
diff --git a/display/sepolicy/exynos/hal_graphics_composer_default.te b/display/sepolicy/exynos/hal_graphics_composer_default.te
new file mode 100644
index 0000000..86e2d96
--- /dev/null
+++ b/display/sepolicy/exynos/hal_graphics_composer_default.te
@@ -0,0 +1,3 @@
+allow hal_graphics_composer_default dump_exynos_display:fifo_file { append write };
+allow hal_graphics_composer_default dump_exynos_display:fd use;
+
diff --git a/display/sepolicy/vndservice.te b/display/sepolicy/exynos/vndservice.te
similarity index 100%
rename from display/sepolicy/vndservice.te
rename to display/sepolicy/exynos/vndservice.te
diff --git a/display/sepolicy/vndservice_contexts b/display/sepolicy/exynos/vndservice_contexts
similarity index 100%
rename from display/sepolicy/vndservice_contexts
rename to display/sepolicy/exynos/vndservice_contexts
diff --git a/display/sepolicy/hal_graphics_composer_default.te b/display/sepolicy/hal_graphics_composer_default.te
deleted file mode 100644
index c644559..0000000
--- a/display/sepolicy/hal_graphics_composer_default.te
+++ /dev/null
@@ -1,3 +0,0 @@
-allow hal_graphics_composer_default dump_display:fifo_file { append write };
-allow hal_graphics_composer_default dump_display:fd use;
-