[Cleanup]: Move gxp sepolicies to gs-common for P22

These policies are moved to gs-common as part of ag/24002524 Bug: 288368306 Change-Id: If7466983009021c642db998e1c30071ee548846e Signed-off-by: Dinesh Yadav <dkyadav@google.com>
2023-07-10 05:10:03 +00:00 · 2023-07-10 05:10:03 +00:00 · b29cf7645a
commit b29cf7645a
parent 91768e10c9
6 changed files with 5 additions and 19 deletions
--- a/whitechapel_pro/debug_camera_app.te
+++ b/whitechapel_pro/debug_camera_app.te
@ -11,8 +11,9 @@ userdebug_or_eng(`
 	allow debug_camera_app mediametrics_service:service_manager find;
 	allow debug_camera_app mediaserver_service:service_manager find;

-	# Allows camera app to access the GXP device.
+	# Allows camera app to access the GXP device and properties.
 	allow debug_camera_app gxp_device:chr_file rw_file_perms;
+	get_prop(debug_camera_app, vendor_gxp_prop)

 	# Allows camera app to search for GXP firmware file.
 	allow debug_camera_app vendor_fw_file:dir search;
@ -24,4 +25,4 @@ userdebug_or_eng(`
 	# Allows GCA-Eng to find and access the EdgeTPU.
 	allow debug_camera_app edgetpu_app_service:service_manager find;
 	allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
-')
+')
--- a/whitechapel_pro/device.te
+++ b/whitechapel_pro/device.te
@ -12,7 +12,6 @@ type lwis_device, dev_type;
 type logbuffer_device, dev_type;
 type rls_device, dev_type;
 type fingerprint_device, dev_type;
-type gxp_device, dev_type, mlstrustedobject;
 type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type;
 type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
 type vframe_heap_device, dmabuf_heap_device_type, dev_type;
--- a/whitechapel_pro/file_contexts
+++ b/whitechapel_pro/file_contexts
@ -35,7 +35,6 @@
 /vendor/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor         u:object_r:hal_wlc_exec:s0
 /vendor/bin/hw/android\.hardware\.usb-service                               u:object_r:hal_usb_impl_exec:s0
 /vendor/bin/hw/android\.hardware\.usb\.gadget-service                       u:object_r:hal_usb_gadget_impl_exec:s0
-/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging          u:object_r:gxp_logging_exec:s0
 /vendor/bin/hw/rild_exynos                                                  u:object_r:rild_exec:s0
 /vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service                       u:object_r:hal_uwb_vendor_default_exec:s0
 /vendor/bin/rlsservice                                                      u:object_r:rlsservice_exec:s0
@ -61,8 +60,6 @@
 /vendor/lib(64)?/android\.frameworks\.stats-V1-ndk\.so                      u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/vendor-pixelatoms-cpp\.so                                  u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libprotobuf-cpp-lite-(\d+\.){2,3}so                        u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libgxp\.so                                                 u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/gxp_metrics_logger\.so                                     u:object_r:same_process_hal_file:s0

 # Graphics
 /vendor/lib(64)?/hw/gralloc\.gs201\.so                                      u:object_r:same_process_hal_file:s0
--- a/whitechapel_pro/google_camera_app.te
+++ b/whitechapel_pro/google_camera_app.te
@ -9,8 +9,9 @@ allow google_camera_app mediaextractor_service:service_manager find;
 allow google_camera_app mediametrics_service:service_manager find;
 allow google_camera_app mediaserver_service:service_manager find;

-# Allows camera app to access the GXP device.
+# Allows camera app to access the GXP device and properties.
 allow google_camera_app gxp_device:chr_file rw_file_perms;
+get_prop(google_camera_app, vendor_gxp_prop)

 # Allows camera app to search for GXP firmware file.
 allow google_camera_app vendor_fw_file:dir search;
--- a/whitechapel_pro/gxp_logging.te
+++ b/whitechapel_pro/gxp_logging.te
@ -1,9 +0,0 @@
-type gxp_logging, domain;
-type gxp_logging_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(gxp_logging)
-
-# The logging service accesses /dev/gxp
-allow gxp_logging gxp_device:chr_file rw_file_perms;
-
-# Allow gxp tracing service to send packets to Perfetto
-userdebug_or_eng(`perfetto_producer(gxp_logging)')
--- a/whitechapel_pro/hal_camera_default.te
+++ b/whitechapel_pro/hal_camera_default.te
@ -28,9 +28,6 @@ binder_call(hal_camera_default, edgetpu_vendor_server)
 allow hal_camera_default edgetpu_app_service:service_manager find;
 binder_call(hal_camera_default, edgetpu_app_server)

-# Allow the camera hal to access the GXP device.
-allow hal_camera_default gxp_device:chr_file rw_file_perms;
-
 # Allow access to data files used by the camera HAL
 allow hal_camera_default mnt_vendor_file:dir search;
 allow hal_camera_default persist_file:dir search;