Merge "Revise sepolicy because of refactor HbmSvManager" into udc-dev

tracking_denials/hbmsvmanager_app.te

@@ -1,8 +0,0 @@
-# b/262794939
-dontaudit hbmsvmanager_app hal_pixel_display_service:service_manager { find };
-# b/263185136
-dontaudit hbmsvmanager_app hal_graphics_composer_default:binder { call };
-# b/264489797
-userdebug_or_eng(`
-  permissive hbmsvmanager_app;
-')

vendor/hbmsvmanager_app.te

@@ -1,6 +0,0 @@
-type hbmsvmanager_app, domain;
-
-app_domain(hbmsvmanager_app);
-
-# Standard system services
-allow hbmsvmanager_app app_api_service:service_manager find;

vendor/pixeldisplayservice_app.te

@@ -0,0 +1,14 @@
+type pixeldisplayservice_app, domain, coredomain;
+
+app_domain(pixeldisplayservice_app);
+
+allow pixeldisplayservice_app proc_vendor_sched:dir r_dir_perms;
+allow pixeldisplayservice_app proc_vendor_sched:file w_file_perms;
+
+allow pixeldisplayservice_app hal_pixel_display_service:service_manager find;
+binder_call(pixeldisplayservice_app, hal_graphics_composer_default)
+
+# Standard system services
+allow pixeldisplayservice_app app_api_service:service_manager find;
+
+allow pixeldisplayservice_app cameraserver_service:service_manager find;

vendor/seapp_contexts

@@ -10,8 +10,8 @@ user=_app isPrivApp=true  seinfo=platform name=com.thales.device.ofl.app.omapi_a
 # Domain for connectivity monitor
 user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
 
-# HbmSVManager
-user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all
+# PixelDisplayService
+user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all
 
 # Google Camera
 user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all