From 8cac55487b2da4349c90341e8cda1a4e6098f939 Mon Sep 17 00:00:00 2001
From: Tai Kuo <taikuo@google.com>
Date: Wed, 10 Mar 2021 17:05:47 +0800
Subject: [PATCH] gs101-sepolicy: Add twoshay permissions

Add twoshay and touch input context library permissions

Bug: 173330899
Bug: 173330981
Test: check boot-time twoshay startup and no denials.
Signed-off-by: Steve Pfetsch <spfetsch@google.com>
Change-Id: I68aace66f49c2af1ebfd4bde7082039f9caf3f64
Signed-off-by: Tai Kuo <taikuo@google.com>
---
 whitechapel/vendor/google/device.te     | 3 +++
 whitechapel/vendor/google/file_contexts | 4 ++++
 whitechapel/vendor/google/twoshay.te    | 8 ++++++++
 3 files changed, 15 insertions(+)
 create mode 100644 whitechapel/vendor/google/twoshay.te

diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te
index 375c91c3..9287dd13 100644
--- a/whitechapel/vendor/google/device.te
+++ b/whitechapel/vendor/google/device.te
@@ -30,6 +30,9 @@ type cpuctl_device, dev_type;
 # Bt Wifi Coexistence device
 type wb_coexistence_dev, dev_type;
 
+# Touch
+type touch_offload_device, dev_type;
+
 # LWIS (Lightweight Imaging Subsystem) devices, used by Lyric camera HAL
 type lwis_device, dev_type;
 
diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index 68bcf67f..d257d295 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -363,6 +363,10 @@
 /vendor/lib(64)?/hw/gralloc\.gs101\.so                                           u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/hw/vulkan\.gs101\.so                                            u:object_r:same_process_hal_file:s0
 
+# Touch
+/dev/touch_offload                                                               u:object_r:touch_offload_device:s0
+/vendor/bin/twoshay                                                              u:object_r:twoshay_exec:s0
+
 # Fingerprint
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix        u:object_r:hal_fingerprint_default_exec:s0
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.fpc           u:object_r:hal_fingerprint_default_exec:s0
diff --git a/whitechapel/vendor/google/twoshay.te b/whitechapel/vendor/google/twoshay.te
new file mode 100644
index 00000000..139294d6
--- /dev/null
+++ b/whitechapel/vendor/google/twoshay.te
@@ -0,0 +1,8 @@
+type twoshay, domain;
+type twoshay_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(twoshay)
+
+allow twoshay touch_offload_device:chr_file rw_file_perms;
+allow twoshay twoshay:capability sys_nice;
+