Uwb: Create a new Uwb system service am: 8119d482ed

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14057967

Change-Id: I8b6f621cfc308e31b746388329af060420f528e9

whitechapel/vendor/google/file.te

@@ -192,3 +192,6 @@ type sysfs_video, sysfs_type, fs_type;
 # TODO(b/184768835): remove this once the bug is fixed
 # LHBM (Local High Brightness Mode)
 type sysfs_lhbm, sysfs_type, fs_type, mlstrustedobject;
+
+# UWB vendor
+type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type;

whitechapel/vendor/google/gmscore_app.te

@@ -1,3 +0,0 @@
-# Allow gmscore to use UwbService APIs
-# TODO (b/183904955): remove
-allow gmscore_app uwb_service:service_manager find;

whitechapel/vendor/google/seapp_contexts

@@ -43,3 +43,6 @@ user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=
 
 # Domain for OFLBasicAgentApp to support NFC/eSIM fw upgrade
 user=_app isPrivApp=true  seinfo=platform name=com.thales.device.ofl.app.basicagent domain=ofl_app type=app_data_file levelFrom=user
+
+# Qorvo UWB system app
+user=system seinfo=platform name=com.qorvo.uwb domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all

whitechapel/vendor/google/service.te

@@ -1,4 +1,4 @@
 type hal_pixel_display_service, service_manager_type, vendor_service;
-type uwb_service, service_manager_type;
+type uwb_vendor_service, service_manager_type, vendor_service;
 type touch_context_service, service_manager_type, vendor_service;
 type hal_uwb_service, service_manager_type, vendor_service;

whitechapel/vendor/google/service_contexts

@@ -2,5 +2,5 @@
 com.google.edgetpu.IEdgeTpuService/default                 u:object_r:edgetpu_service:s0
 com.google.hardware.pixel.display.IDisplay/default         u:object_r:hal_pixel_display_service:s0
 com.google.input.ITouchContextService/default              u:object_r:touch_context_service:s0
-uwb                                                        u:object_r:uwb_service:s0
+uwb_vendor                                                 u:object_r:uwb_vendor_service:s0
 hardware.qorvo.uwb.IUwb/default                            u:object_r:hal_uwb_service:s0

whitechapel/vendor/google/system_app.te

@@ -4,5 +4,3 @@ allow system_app hal_wlc_hwservice:hwservice_manager find;
 binder_call(system_app, hal_wlc)
 
 allow system_app fwk_stats_hwservice:hwservice_manager find;
-
-add_service(system_app, uwb_service)

whitechapel/vendor/google/system_server.te

@@ -1,3 +1,5 @@
 # Allow system server to send sensor data callbacks to GPS and camera HALs
 binder_call(system_server, gpsd);
 binder_call(system_server, hal_camera_default);
+# Allow system server to find vendor uwb service
+allow system_server uwb_vendor_service:service_manager find;

whitechapel/vendor/google/untrusted_app_all.te

@@ -8,7 +8,3 @@ allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map }
 # Allows Exoplayer(and other applications) access to the vstream-secure DMA-BUF heap
 # for secure video playback
 allow untrusted_app_all dmabuf_system_secure_heap_device:chr_file r_file_perms;
-
-# Allows cts tests to test for UwbService presence
-# TODO (b/183904955): remove
-allow untrusted_app_all uwb_service:service_manager find;

whitechapel/vendor/google/uwb_service.te

@@ -1 +0,0 @@
-allow uwb_service hal_uwb_service:service_manager find;

whitechapel/vendor/google/uwb_vendor_app.te

@@ -0,0 +1,10 @@
+type uwb_vendor_app, domain;
+
+app_domain(uwb_vendor_app)
+
+add_service(uwb_vendor_app, uwb_vendor_service)
+
+allow uwb_vendor_app app_api_service:service_manager find;
+allow uwb_vendor_app hal_uwb_service:service_manager find;
+
+allow uwb_vendor_app uwb_vendor_data_file:dir { getattr search };