Add 'sepolicy/' from tag 'android-15.0.0_r1'

git-subtree-dir: sepolicy git-subtree-mainline: 70dec708d5 git-subtree-split: 51a835795f Change-Id: Ia74f63cba3abf532d2dd8b9425d9bc19157f9ac3
2024-10-06 21:42:52 +03:00 · 2024-10-06 21:42:52 +03:00 · 6d37e8206d
commit 6d37e8206d
parent 70dec708d5 51a835795f
21 changed files with 59 additions and 0 deletions
--- a/sepolicy/OWNERS
+++ b/sepolicy/OWNERS
@ -0,0 +1,4 @@
+include device/google/gs-common:/sepolicy/OWNERS
+
+adamshih@google.com
+
--- a/sepolicy/cheetah-sepolicy.mk
+++ b/sepolicy/cheetah-sepolicy.mk
@ -0,0 +1,3 @@
+# sepolicy that are shared among devices using whitechapel
+BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/cheetah
+
--- a/sepolicy/cheetah/README.txt
+++ b/sepolicy/cheetah/README.txt
@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.
--- a/sepolicy/cheetah/cccdk_timesync_app.te
+++ b/sepolicy/cheetah/cccdk_timesync_app.te
@ -0,0 +1 @@
+allow vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager find;
--- a/sepolicy/cheetah/file.te
+++ b/sepolicy/cheetah/file.te
@ -0,0 +1,3 @@
+# BT
+type vendor_bt_data_file, file_type, data_file_type;
+
--- a/sepolicy/cheetah/file_contexts
+++ b/sepolicy/cheetah/file_contexts
@ -0,0 +1,6 @@
+# Bluetooth
+/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
+/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
+/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
+
+/data/vendor/bluetooth(/.*)?        u:object_r:vendor_bt_data_file:s0
--- a/sepolicy/cheetah/grilservice_app.te
+++ b/sepolicy/cheetah/grilservice_app.te
@ -0,0 +1 @@
+allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;
--- a/sepolicy/cheetah/hal_bluetooth_btlinux.te
+++ b/sepolicy/cheetah/hal_bluetooth_btlinux.te
@ -0,0 +1,3 @@
+allow hal_bluetooth_btlinux vendor_bt_data_file:dir rw_dir_perms;
+allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms;
+
--- a/sepolicy/cloudripper-sepolicy.mk
+++ b/sepolicy/cloudripper-sepolicy.mk
@ -0,0 +1,3 @@
+# sepolicy that are shared among devices using whitechapel
+BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/cloudripper
+
--- a/sepolicy/cloudripper/README.txt
+++ b/sepolicy/cloudripper/README.txt
@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.
--- a/sepolicy/cloudripper/file_contexts
+++ b/sepolicy/cloudripper/file_contexts
@ -0,0 +1,4 @@
+# Bluetooth
+/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
+/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
+/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
--- a/sepolicy/cloudripper/genfs_contexts
+++ b/sepolicy/cloudripper/genfs_contexts
@ -0,0 +1,2 @@
+# Haptics
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/8-0042                    u:object_r:sysfs_vibrator:s0
--- a/sepolicy/panther-sepolicy.mk
+++ b/sepolicy/panther-sepolicy.mk
@ -0,0 +1,2 @@
+# sepolicy that are shared among devices using whitechapel
+BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/panther
--- a/sepolicy/panther/README.txt
+++ b/sepolicy/panther/README.txt
@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.
--- a/sepolicy/panther/file.te
+++ b/sepolicy/panther/file.te
@ -0,0 +1,3 @@
+# BT
+type vendor_bt_data_file, file_type, data_file_type;
+
--- a/sepolicy/panther/file_contexts
+++ b/sepolicy/panther/file_contexts
@ -0,0 +1,6 @@
+# Bluetooth
+/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
+/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
+/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
+
+/data/vendor/bluetooth(/.*)?        u:object_r:vendor_bt_data_file:s0
--- a/sepolicy/panther/grilservice_app.te
+++ b/sepolicy/panther/grilservice_app.te
@ -0,0 +1 @@
+allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;
--- a/sepolicy/panther/hal_bluetooth_btlinux.te
+++ b/sepolicy/panther/hal_bluetooth_btlinux.te
@ -0,0 +1,3 @@
+allow hal_bluetooth_btlinux vendor_bt_data_file:dir rw_dir_perms;
+allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms;
+
--- a/sepolicy/ravenclaw-sepolicy.mk
+++ b/sepolicy/ravenclaw-sepolicy.mk
@ -0,0 +1,2 @@
+# sepolicy that are shared among devices using whitechapel
+BOARD_SEPOLICY_DIRS += device/google/pantah-sepolicy/ravenclaw
--- a/sepolicy/ravenclaw/README.txt
+++ b/sepolicy/ravenclaw/README.txt
@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.
--- a/sepolicy/ravenclaw/file_contexts
+++ b/sepolicy/ravenclaw/file_contexts
@ -0,0 +1,4 @@
+# Bluetooth
+/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
+/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
+/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
				`@ -0,0 +1 @@`
				`allow vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager find;`
				`@ -0,0 +1 @@`
				`allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;`