[Cleanup]: Move gxp sepolicies to gs-common for P23

These policies are moved to gs-common as part of ag/24002524 Bug: 288368306 Change-Id: Iaa15e497eafd54b1b702192a3c8f7fe0c908f8a1 Signed-off-by: Dinesh Yadav <dkyadav@google.com>
2023-07-10 04:56:38 +00:00 · 2023-07-10 04:56:38 +00:00 · 1278d8fc59
commit 1278d8fc59
parent 21912887e8
7 changed files with 7 additions and 19 deletions
--- a/vendor/debug_camera_app.te
+++ b/vendor/debug_camera_app.te
@ -11,8 +11,9 @@ userdebug_or_eng(`
 	allow debug_camera_app mediametrics_service:service_manager find;
 	allow debug_camera_app mediaserver_service:service_manager find;

-	# Allows GCA-Eng & GCA-Next access the GXP device.
+	# Allows GCA-Eng & GCA-Next access the GXP device and properties.
 	allow debug_camera_app gxp_device:chr_file rw_file_perms;
+	get_prop(debug_camera_app, vendor_gxp_prop)

 	# Allows GCA-Eng & GCA-Next to find and access the EdgeTPU.
 	allow debug_camera_app edgetpu_app_service:service_manager find;
--- a/vendor/device.te
+++ b/vendor/device.te
@ -5,7 +5,6 @@ type devinfo_block_device, dev_type;
 type mfg_data_block_device, dev_type;
 type ufs_internal_block_device, dev_type;
 type logbuffer_device, dev_type;
-type gxp_device, dev_type, mlstrustedobject;
 type hw_jpg_device, dev_type;
 userdebug_or_eng(`
  typeattribute hw_jpg_device mlstrustedobject;
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@ -1,7 +1,6 @@
 # Binaries
 /vendor/bin/hw/android\.hardware\.health-service\.zuma                      u:object_r:hal_health_default_exec:s0
 /vendor/bin/hw/android\.hardware\.boot@1\.2-service-zuma                    u:object_r:hal_bootctl_default_exec:s0
-/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging          u:object_r:gxp_logging_exec:s0
 /vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel               u:object_r:hal_power_stats_default_exec:s0
 /vendor/bin/hw/android\.hardware\.secure_element-service\.thales                    u:object_r:hal_secure_element_st54spi_aidl_exec:s0
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix  u:object_r:hal_fingerprint_default_exec:s0
@ -35,8 +34,6 @@
 /vendor/lib64/arm\.mali\.platform-V2-ndk\.so                                u:object_r:same_process_hal_file:s0

 # Vendor libraries
-/vendor/lib(64)?/libgxp\.so                                                 u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/gxp_metrics_logger\.so                                     u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/lib_jpg_encoder\.so                                        u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libhwjpeg\.so                                              u:object_r:same_process_hal_file:s0

--- a/vendor/genfs_contexts
+++ b/vendor/genfs_contexts
@ -23,6 +23,9 @@ genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2_target_residency
 # EdgeTPU
 genfscon sysfs /devices/platform/1a000000.rio                           u:object_r:sysfs_edgetpu:s0

+# Gxp
+genfscon sysfs /devices/platform/20c00000.callisto                      u:object_r:sysfs_gxp:s0
+
 # debugfs
 genfscon debugfs /google_charger                                        u:object_r:vendor_charger_debugfs:s0
 genfscon debugfs /max77729_pmic                                         u:object_r:vendor_charger_debugfs:s0
--- a/vendor/google_camera_app.te
+++ b/vendor/google_camera_app.te
@ -9,8 +9,9 @@ allow google_camera_app mediaextractor_service:service_manager find;
 allow google_camera_app mediametrics_service:service_manager find;
 allow google_camera_app mediaserver_service:service_manager find;

-# Allows GCA to acccess the GXP device.
+# Allows GCA to acccess the GXP device & properties.
 allow google_camera_app gxp_device:chr_file rw_file_perms;
+get_prop(google_camera_app, vendor_gxp_prop)

 # Allows GCA to access the PowerHAL.
 hal_client_domain(google_camera_app, hal_power)
--- a/vendor/gxp_logging.te
+++ b/vendor/gxp_logging.te
@ -1,10 +0,0 @@
-type gxp_logging, domain;
-type gxp_logging_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(gxp_logging)
-
-# The logging service accesses /dev/gxp
-allow gxp_logging gxp_device:chr_file rw_file_perms;
-
-# Allow gxp tracing service to send packets to Perfetto
-userdebug_or_eng(`perfetto_producer(gxp_logging)')
-
--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
@ -29,9 +29,6 @@ allow hal_camera_default persist_camera_file:file create_file_perms;
 allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms;
 allow hal_camera_default vendor_camera_data_file:file create_file_perms;

-# Allow the camera hal to access the GXP device.
-allow hal_camera_default gxp_device:chr_file rw_file_perms;
-
 # Allow creating dump files for debugging in non-release builds
 userdebug_or_eng(`
  allow hal_camera_default vendor_camera_data_file:dir create_dir_perms;