From dc0b4fc9e9e17d3c9e93eec987a35a2ba0a98735 Mon Sep 17 00:00:00 2001
From: Cody Heiner <codyheiner@google.com>
Date: Fri, 24 Feb 2023 15:18:07 -0800
Subject: [PATCH] =?UTF-8?q?Allow=20twoshay=20=E2=86=92=20systemui=5Fapp=20?=
 =?UTF-8?q?binder=20call=20for=20zuma=20devices=20(2)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Splitting system_app (b/264266705) caused the avc denial below,
causing b/269981541. This change allows the denied binder call
and fixes the bug.

Denial message:
avc: denied { call } for scontext=u:r:twoshay:s0 tcontext=u:r:systemui_app:s0:c230,c256,c512,c768 tclass=binder permissive=0

Note: this is a re-submit of ag/21529713, after sorting out the
SEPolicy issues described in b/270444888.

Test: flash P23 and Bluejay devices with this change plus ag/21591673,
  run `adb shell device_config put twoshay_native test_flag_name test_flag_value`,
  → TouchContextService.java logs corresponding property changed message.

Bug: 270444888

Change-Id: I40d70cf19930eb334ba3250d58a0cbc39b50764b
---
 vendor/twoshay.te | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 vendor/twoshay.te

diff --git a/vendor/twoshay.te b/vendor/twoshay.te
new file mode 100644
index 00000000..09cc98e1
--- /dev/null
+++ b/vendor/twoshay.te
@@ -0,0 +1,2 @@
+# Allow ITouchContextService callback
+binder_call(twoshay, systemui_app)