Add 'sepolicy/' from tag 'android-15.0.0_r31'

git-subtree-dir: sepolicy
git-subtree-mainline: b0184eca7c
git-subtree-split: b1515e8d9a
Change-Id: Ibe7d2fd7cbba161a7cb96ffa78f314bd6e4c5255

sepolicy/OWNERS

@@ -0,0 +1,2 @@
+# per-file for Pixel device makefiles, see go/pixel-device-mk-owner-checklist for details.
+per-file *.mk=file:device/google/gs-common:main:/MK_OWNERS

sepolicy/README.txt

@@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.

sepolicy/tegu-sepolicy.mk

@@ -0,0 +1,4 @@
+# sepolicy that are shared among devices using ZumaPro
+BOARD_SEPOLICY_DIRS += device/google/tegu-sepolicy/vendor
+BOARD_SEPOLICY_DIRS += device/google/tegu-sepolicy/tracking_denials
+

sepolicy/tracking_denials/README.txt

@@ -0,0 +1,2 @@
+This folder stores known errors detected by PTS. Be sure to remove relevant
+files to reproduce error log on latest ROMs.

sepolicy/tracking_denials/bug_map

@@ -0,0 +1 @@
+system_suspend sysfs dir b/371877715

sepolicy/tracking_denials/grilservice_app.te

@@ -0,0 +1,3 @@
+# b/371877868
+dontaudit grilservice_app default_android_hwservice:hwservice_manager find;
+

sepolicy/tracking_denials/hal_camera_default.te

@@ -0,0 +1,3 @@
+# b/371878208
+dontaudit hal_camera_default default_android_hwservice:hwservice_manager find;
+

sepolicy/vendor/README.txt

@@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.

sepolicy/vendor/file_contexts

@@ -0,0 +1,10 @@
+# Devices
+/dev/lwis-act-nessie                                                        u:object_r:lwis_device:s0
+/dev/lwis-eeprom-nessie                                                     u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-leshen                                               u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-leshen-uw                                            u:object_r:lwis_device:s0
+/dev/lwis-flash-lm3644                                                      u:object_r:lwis_device:s0
+/dev/lwis-ois-nessie                                                        u:object_r:lwis_device:s0
+/dev/lwis-sensor-barghest                                                   u:object_r:lwis_device:s0
+/dev/lwis-sensor-leshen                                                     u:object_r:lwis_device:s0
+/dev/lwis-sensor-leshen-uw                                                  u:object_r:lwis_device:s0

sepolicy/vendor/genfs_contexts

@@ -0,0 +1,10 @@
+genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061/power_supply                                               u:object_r:sysfs_batteryinfo:s0
+
+# wake up nodes
+genfscon sysfs /devices/platform/google,ccd/power_supply/gccd/wakeup                                                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/power/wakeup                       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/wakeup                             u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/wakeup                                                                    u:object_r:sysfs_wakeup:s0
+
+# WLC
+genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061                                                            u:object_r:sysfs_wlc:s0

sepolicy/vendor/grilservice_app.te

@@ -0,0 +1 @@
+binder_call(grilservice_app, twoshay)

sepolicy/vendor/hal_health_default.te

@@ -0,0 +1 @@
+allow hal_health_default sysfs:file r_file_perms;