Include GIA only on needed, expose GIA permission only if the target service exists

Flag: EXEMPT, bugfix only. Bug: 388685884 Test: Factory, AOSP and Pixel build success. Test: Pixel System Service can access GIA features on Pixel device builds. Test: GIA exists on factory builds. Change-Id: I12f55f1ce1c717da6d6c45edbb92854f7efa53e5 Signed-off-by: Kai Hsieh <kaihsieh@google.com>
2025-01-14 11:23:04 +08:00 · 2025-01-14 11:23:04 +08:00 · fed627115e
commit fed627115e
parent 854d1bb51c
3 changed files with 24 additions and 15 deletions
--- a/input/gia/gia.mk
+++ b/input/gia/gia.mk
@ -1,11 +1,19 @@
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/input/gia/sepolicy
+# GIA is not designed for AOSP
+ifeq (,$(filter aosp_%, $(TARGET_PRODUCT)))
+	BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/input/gia/sepolicy

-PRODUCT_PACKAGES += gia
-PRODUCT_PACKAGES += com.google.input.gia.giaservicemanager
+	# If Pixel System Service exists, allow it to access GIA
+	ifeq (,$(filter factory_%, $(TARGET_PRODUCT)))
+		BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/input/gia/sepolicy-pixelsystemservice
+	endif

-PRODUCT_SOONG_NAMESPACES += vendor/google/interfaces
-PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core
-PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core-servicemanager
+	PRODUCT_PACKAGES += gia
+	PRODUCT_PACKAGES += com.google.input.gia.giaservicemanager

-DEVICE_MANIFEST_FILE += device/google/gs-common/input/gia/aidl/manifest.xml
-DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/input/gia/aidl/compatibility_matrix.xml
+	PRODUCT_SOONG_NAMESPACES += vendor/google/interfaces
+	PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core
+	PRODUCT_SOONG_NAMESPACES += vendor/google/input/gia/core-servicemanager
+
+	DEVICE_MANIFEST_FILE += device/google/gs-common/input/gia/aidl/manifest.xml
+	DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/input/gia/aidl/compatibility_matrix.xml
+endif
--- a/input/gia/sepolicy-pixelsystemservice/gia.te
+++ b/input/gia/sepolicy-pixelsystemservice/gia.te
@ -0,0 +1,8 @@
+# SEPolicies to be configured only if and only if Pixel System Service exists on the device
+
+# allow pixelsystemservice_app to communicate with gia
+binder_use(pixelsystemservice_app)
+hal_client_domain(pixelsystemservice_app, hal_gia)
+
+# allow gia to execute callback for pixelsystemservice_app
+binder_call(gia, pixelsystemservice_app)
--- a/input/gia/sepolicy/gia.te
+++ b/input/gia/sepolicy/gia.te
@ -16,10 +16,3 @@ hal_server_domain(gia, hal_gia)
 # allow gia for accessing touch related system file-nodes
 allow gia sysfs_touch_gti:dir r_dir_perms;
 allow gia sysfs_touch_gti:file rw_file_perms;
-
-# allow pixelsystemservice_app to communicate with gia
-binder_use(pixelsystemservice_app)
-hal_client_domain(pixelsystemservice_app, hal_gia)
-
-# allow gia to execute callback for pixelsystemservice_app
-binder_call(gia, pixelsystemservice_app)