diff --git a/OWNERS b/OWNERS new file mode 100644 index 0000000..791abb4 --- /dev/null +++ b/OWNERS @@ -0,0 +1,3 @@ +include platform/system/sepolicy:/OWNERS + +rurumihong@google.com diff --git a/bluetooth/device.te b/bluetooth/device.te new file mode 100644 index 0000000..7ed13ad --- /dev/null +++ b/bluetooth/device.te @@ -0,0 +1 @@ +type bt_device, dev_type; diff --git a/bluetooth/file_contexts b/bluetooth/file_contexts new file mode 100644 index 0000000..da02008 --- /dev/null +++ b/bluetooth/file_contexts @@ -0,0 +1,5 @@ +# Bluetooth +/vendor/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti u:object_r:hal_bluetooth_default_exec:s0 + +/dev/btpower u:object_r:bt_device:s0 +/dev/ttySAC18 u:object_r:hci_attach_dev:s0 diff --git a/bluetooth/genfs_contexts b/bluetooth/genfs_contexts new file mode 100644 index 0000000..2b2d437 --- /dev/null +++ b/bluetooth/genfs_contexts @@ -0,0 +1 @@ +genfscon sysfs /devices/platform/odm/odm:btqcom/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0 diff --git a/bluetooth/hal_bluetooth_default.te b/bluetooth/hal_bluetooth_default.te new file mode 100644 index 0000000..dcd2b7f --- /dev/null +++ b/bluetooth/hal_bluetooth_default.te @@ -0,0 +1,9 @@ +allow hal_bluetooth_default bt_device:chr_file rw_file_perms; + +add_hwservice(hal_bluetooth_default, hal_bluetooth_coexistence_hwservice) + +userdebug_or_eng(` + allow hal_bluetooth_default sscoredump_vendor_data_crashinfo_file:dir rw_dir_perms; + allow hal_bluetooth_default sscoredump_vendor_data_crashinfo_file:file { create_file_perms }; + set_prop(hal_bluetooth_default, vendor_ssrdump_prop) +') diff --git a/bluetooth/hwservice.te b/bluetooth/hwservice.te new file mode 100644 index 0000000..8a5ae49 --- /dev/null +++ b/bluetooth/hwservice.te @@ -0,0 +1,2 @@ +# Bluetooth HAL extension +type hal_bluetooth_coexistence_hwservice, hwservice_manager_type, vendor_hwservice_type; diff --git a/bluetooth/hwservice_contexts b/bluetooth/hwservice_contexts new file mode 100644 index 0000000..edd952b --- /dev/null +++ b/bluetooth/hwservice_contexts @@ -0,0 +1,3 @@ +# Bluetooth HAL extension +hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance u:object_r:hal_bluetooth_coexistence_hwservice:s0 +hardware.google.bluetooth.sar::IBluetoothSar u:object_r:hal_bluetooth_coexistence_hwservice:s0 diff --git a/tangorpro-sepolicy.mk b/tangorpro-sepolicy.mk new file mode 100644 index 0000000..97cf380 --- /dev/null +++ b/tangorpro-sepolicy.mk @@ -0,0 +1,2 @@ +# sepolicy that are shared among devices using whitechapel +BOARD_SEPOLICY_DIRS += device/google/tangorpro-sepolicy/vendor diff --git a/vendor/README.txt b/vendor/README.txt new file mode 100644 index 0000000..67a320f --- /dev/null +++ b/vendor/README.txt @@ -0,0 +1,2 @@ +This folder holds sepolicy exclusively for one device. For example, genfs_contexts +paths that are affected by device tree. diff --git a/vendor/device.te b/vendor/device.te new file mode 100644 index 0000000..3e16875 --- /dev/null +++ b/vendor/device.te @@ -0,0 +1,2 @@ +# Wifi +type vendor_wlan_device, dev_type; \ No newline at end of file diff --git a/vendor/file_contexts b/vendor/file_contexts new file mode 100644 index 0000000..46faec0 --- /dev/null +++ b/vendor/file_contexts @@ -0,0 +1,12 @@ +# Devices +/dev/lwis-act-lc898129 u:object_r:lwis_device:s0 +/dev/lwis-eeprom-lc898129 u:object_r:lwis_device:s0 +/dev/lwis-eeprom-m24c64x-imx712 u:object_r:lwis_device:s0 +/dev/lwis-eeprom-m24c64x-imx712-uw u:object_r:lwis_device:s0 +/dev/lwis-ois-lc898129 u:object_r:lwis_device:s0 +/dev/lwis-sensor-imx712 u:object_r:lwis_device:s0 +/dev/lwis-sensor-imx712-uw u:object_r:lwis_device:s0 +/dev/lwis-sensor-imx787 u:object_r:lwis_device:s0 + +# Wifi +/dev/wlan u:object_r:vendor_wlan_device:s0 diff --git a/vendor/hal_wifi_ext.te b/vendor/hal_wifi_ext.te new file mode 100644 index 0000000..c5cf260 --- /dev/null +++ b/vendor/hal_wifi_ext.te @@ -0,0 +1 @@ +allow hal_wifi_ext vendor_wlan_device:chr_file w_file_perms;