gs201-sepolicy: provide permission for TouchInspector app [DO NOT MERGE] am: a2e6c51431

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/20521667

Change-Id: I60d8fcd79b4620a20b6c06d27a7286cd585676ce
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

whitechapel_pro/file.te

@@ -109,6 +109,9 @@ type sysfs_usbc_throttling_stats, sysfs_type, fs_type;
 
 # Touch
 type proc_touch, proc_type, fs_type;
+userdebug_or_eng(`
+    typeattribute proc_touch mlstrustedobject;
+')
 
 # Vendor sched files
 userdebug_or_eng(`

whitechapel_pro/google_touch_app.te

@@ -0,0 +1,11 @@
+type google_touch_app, domain;
+
+userdebug_or_eng(`
+  app_domain(google_touch_app)
+
+  allow google_touch_app app_api_service:service_manager find;
+
+  allow google_touch_app sysfs_touch:dir r_dir_perms;
+  allow google_touch_app sysfs_touch:file rw_file_perms;
+  allow google_touch_app proc_touch:file rw_file_perms;
+')

whitechapel_pro/seapp_contexts

@@ -44,6 +44,9 @@ user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_
 # CBRS setup app
 user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user
 
+# Touch app
+user=_app seinfo=platform name=com.google.touch.touchinspector domain=google_touch_app type=app_data_file levelFrom=user
+
 # Qorvo UWB system app
 # TODO(b/222204912): Should this run under uwb user?
 user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all