From 4dd3e1e99ee36f091ce473780ea5a1bd2bb15364 Mon Sep 17 00:00:00 2001
From: Tai Kuo <taikuo@google.com>
Date: Wed, 10 Mar 2021 17:00:16 +0800
Subject: [PATCH] Add touch procfs and sysfs sepolicy

Touch palm sepolicies are not included.

Bug: 173330981
Test: No avc denied log for touch sysfs, procfs access.
Signed-off-by: Tai Kuo <taikuo@google.com>
Change-Id: Idf510e4a9c65e5af0885159353ef85d6b6ec553f
---
 whitechapel/vendor/google/genfs_contexts           | 4 +++-
 whitechapel/vendor/google/hal_dumpstate_default.te | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts
index 759f260b..d01b107d 100644
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@@ -76,8 +76,10 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/6-001f/wakeup/wakeu
 genfscon sysfs /devices/platform/19000000.aoc/usb_control/wakeup/wakeup                       u:object_r:sysfs_wakeup:s0
 
 # Touch
-genfscon sysfs /class/spi_master/spi11/spi11.0                                  u:object_r:sysfs_touch:s0
+genfscon sysfs /devices/platform/10d40000.spi/spi_master/spi11/spi11.0          u:object_r:sysfs_touch:s0
+genfscon sysfs /devices/platform/10950000.spi/spi_master/spi6/spi6.0            u:object_r:sysfs_touch:s0
 genfscon proc  /fts/driver_test                                                 u:object_r:proc_touch:s0
+genfscon proc  /fts_ext/driver_test                                             u:object_r:proc_touch:s0
 genfscon sysfs /devices/virtual/sec/tsp                                         u:object_r:sysfs_touch:s0
 
 # EdgeTPU
diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te
index 4b3b4e4a..a72f1257 100644
--- a/whitechapel/vendor/google/hal_dumpstate_default.te
+++ b/whitechapel/vendor/google/hal_dumpstate_default.te
@@ -44,6 +44,11 @@ allow hal_dumpstate_default aoc_device:chr_file rw_file_perms;
 allow hal_dumpstate_default sysfs_wifi:dir search;
 allow hal_dumpstate_default sysfs_wifi:file r_file_perms;
 
+# Touch sysfs interface
+allow hal_dumpstate_default sysfs_touch:dir r_dir_perms;
+allow hal_dumpstate_default sysfs_touch:file rw_file_perms;
+allow hal_dumpstate_default proc_touch:file rw_file_perms;
+
 allow hal_dumpstate_default sysfs_thermal:dir r_dir_perms;
 allow hal_dumpstate_default sysfs_thermal:file r_file_perms;
 allow hal_dumpstate_default sysfs_thermal:lnk_file read;