From a49c3a54797192c87fbd2b52a81163bcab616008 Mon Sep 17 00:00:00 2001
From: Ken Yang <yangken@google.com>
Date: Thu, 5 Jan 2023 09:24:08 +0000
Subject: [PATCH] WLC: Cleanup the sysfs_wlc policies

The sepolicy must be self-contained without including wirelss_charger to
avoid build break in AOSP

Bug: 263830018
Change-Id: I4eee380ae61f83c5563ee8842a94fd1fb9e520ef
Signed-off-by: Ken Yang <yangken@google.com>
---
 usf/sensor_hal.te                                  | 1 -
 whitechapel/vendor/google/file.te                  | 3 +++
 whitechapel/vendor/google/hal_dumpstate_default.te | 3 ---
 whitechapel/vendor/google/hal_health_default.te    | 1 -
 whitechapel/vendor/google/hal_wireless_charger.te  | 2 ++
 whitechapel/vendor/google/pixelstats_vendor.te     | 3 ---
 whitechapel/vendor/google/service.te               | 3 +++
 whitechapel/vendor/google/service_contexts         | 2 ++
 whitechapel/vendor/google/shell.te                 | 1 -
 9 files changed, 10 insertions(+), 9 deletions(-)
 create mode 100644 whitechapel/vendor/google/hal_wireless_charger.te

diff --git a/usf/sensor_hal.te b/usf/sensor_hal.te
index 595aeef6..b54c1bb3 100644
--- a/usf/sensor_hal.te
+++ b/usf/sensor_hal.te
@@ -37,7 +37,6 @@ allow hal_sensors_default sysfs_leds:file rw_file_perms;
 
 # Allow access to the power supply files for MagCC.
 r_dir_file(hal_sensors_default, sysfs_batteryinfo)
-allow hal_sensors_default sysfs_wlc:dir r_dir_perms;
 
 # Allow access to sensor service for sensor_listener.
 binder_call(hal_sensors_default, system_server);
diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index c60ec008..cb5e495f 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -186,3 +186,6 @@ type radio_vendor_data_file, file_type, data_file_type;
 userdebug_or_eng(`
   typeattribute radio_vendor_data_file mlstrustedobject;
 ')
+
+# WLC
+type sysfs_wlc, sysfs_type, fs_type;
diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te
index 9f87b53e..4bc1bba7 100644
--- a/whitechapel/vendor/google/hal_dumpstate_default.te
+++ b/whitechapel/vendor/google/hal_dumpstate_default.te
@@ -13,9 +13,6 @@ vndbinder_use(hal_dumpstate_default)
 allow hal_dumpstate_default vendor_gps_file:dir r_dir_perms;
 allow hal_dumpstate_default vendor_gps_file:file r_file_perms;
 
-allow hal_dumpstate_default sysfs_wlc:dir search;
-allow hal_dumpstate_default sysfs_wlc:file r_file_perms;
-
 allow hal_dumpstate_default shell_data_file:file getattr;
 
 allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms;
diff --git a/whitechapel/vendor/google/hal_health_default.te b/whitechapel/vendor/google/hal_health_default.te
index a28e5c12..c371547c 100644
--- a/whitechapel/vendor/google/hal_health_default.te
+++ b/whitechapel/vendor/google/hal_health_default.te
@@ -9,7 +9,6 @@ r_dir_file(hal_health_default, sysfs_scsi_devices_0000)
 allow hal_health_default fwk_stats_service:service_manager find;
 binder_use(hal_health_default)
 
-allow hal_health_default sysfs_wlc:dir search;
 allow hal_health_default sysfs_batteryinfo:file w_file_perms;
 allow hal_health_default sysfs_thermal:dir search;
 allow hal_health_default sysfs_thermal:file w_file_perms;
diff --git a/whitechapel/vendor/google/hal_wireless_charger.te b/whitechapel/vendor/google/hal_wireless_charger.te
new file mode 100644
index 00000000..04b3e5e2
--- /dev/null
+++ b/whitechapel/vendor/google/hal_wireless_charger.te
@@ -0,0 +1,2 @@
+type hal_wireless_charger, domain;
+type hal_wireless_charger_exec, exec_type, vendor_file_type, file_type;
diff --git a/whitechapel/vendor/google/pixelstats_vendor.te b/whitechapel/vendor/google/pixelstats_vendor.te
index 12234047..4d1a6677 100644
--- a/whitechapel/vendor/google/pixelstats_vendor.te
+++ b/whitechapel/vendor/google/pixelstats_vendor.te
@@ -10,9 +10,6 @@ allow pixelstats_vendor fwk_stats_service:service_manager find;
 allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms;
 allow pixelstats_vendor sysfs_pixelstats:file r_file_perms;
 
-# Wireless charge
-allow pixelstats_vendor sysfs_wlc:dir search;
-allow pixelstats_vendor sysfs_wlc:file rw_file_perms;
 
 # Pca charge
 allow pixelstats_vendor sysfs_pca:file rw_file_perms;
diff --git a/whitechapel/vendor/google/service.te b/whitechapel/vendor/google/service.te
index 7d105d49..08f5ad82 100644
--- a/whitechapel/vendor/google/service.te
+++ b/whitechapel/vendor/google/service.te
@@ -1,3 +1,6 @@
 type hal_pixel_display_service, service_manager_type, hal_service_type;
 type hal_uwb_vendor_service, service_manager_type, hal_service_type;
 type edgetpu_dba_service, app_api_service, service_manager_type;
+
+# WLC
+type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type;
diff --git a/whitechapel/vendor/google/service_contexts b/whitechapel/vendor/google/service_contexts
index d00c633e..3569b943 100644
--- a/whitechapel/vendor/google/service_contexts
+++ b/whitechapel/vendor/google/service_contexts
@@ -4,3 +4,5 @@ android.hardware.drm.IDrmFactory/widevine                  u:object_r:hal_drm_se
 
 # EdgeTPU DBA Service
 com.google.edgetpu.dba.IDevice/default                     u:object_r:edgetpu_dba_service:s0
+
+vendor.google.wireless_charger.IWirelessCharger/default                      u:object_r:hal_wireless_charger_service:s0
diff --git a/whitechapel/vendor/google/shell.te b/whitechapel/vendor/google/shell.te
index e13e744e..f982424d 100644
--- a/whitechapel/vendor/google/shell.te
+++ b/whitechapel/vendor/google/shell.te
@@ -8,4 +8,3 @@ userdebug_or_eng(`
 
 dontaudit shell proc_vendor_sched:dir search;
 dontaudit shell proc_vendor_sched:file write;
-dontaudit shell sysfs_wlc:dir search;