From 42c99d739eaef4d8290b1609e6500935e9ecf6ba Mon Sep 17 00:00:00 2001
From: Dinesh Yadav <dkyadav@google.com>
Date: Mon, 31 Jul 2023 10:43:39 +0000
Subject: [PATCH] [Cleanup]: Move gxp sepolicies to gs-common

These policies are moved to gs-common as part of ag/24002524

Bug: 288368306
Change-Id: I38f6e695e6f896c094275455cf3c0d79d0b1820f
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
---
 vendor/debug_camera_app.te   |  3 ++-
 vendor/device.te             |  1 -
 vendor/file_contexts         |  2 --
 vendor/genfs_contexts        |  3 +++
 vendor/google_camera_app.te  |  4 ++--
 vendor/gxp_logging.te        | 10 ----------
 vendor/hal_camera_default.te |  3 ---
 7 files changed, 7 insertions(+), 19 deletions(-)
 delete mode 100644 vendor/gxp_logging.te

diff --git a/vendor/debug_camera_app.te b/vendor/debug_camera_app.te
index 4199b07..18adba7 100644
--- a/vendor/debug_camera_app.te
+++ b/vendor/debug_camera_app.te
@@ -11,8 +11,9 @@ userdebug_or_eng(`
 	allow debug_camera_app mediametrics_service:service_manager find;
 	allow debug_camera_app mediaserver_service:service_manager find;
 
-	# Allows GCA-Eng & GCA-Next access the GXP device.
+	# Allows GCA-Eng & GCA-Next access the GXP device and properties.
 	allow debug_camera_app gxp_device:chr_file rw_file_perms;
+	get_prop(debug_camera_app, vendor_gxp_prop)
 
 	# Allows GCA-Eng & GCA-Next to find and access the EdgeTPU.
 	allow debug_camera_app edgetpu_app_service:service_manager find;
diff --git a/vendor/device.te b/vendor/device.te
index 695c54f..a626a34 100644
--- a/vendor/device.te
+++ b/vendor/device.te
@@ -5,7 +5,6 @@ type devinfo_block_device, dev_type;
 type mfg_data_block_device, dev_type;
 type ufs_internal_block_device, dev_type;
 type logbuffer_device, dev_type;
-type gxp_device, dev_type, mlstrustedobject;
 type fingerprint_device, dev_type;
 type uci_device, dev_type;
 
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 11631f5..b3a8ff6 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -1,7 +1,6 @@
 # Binaries
 /vendor/bin/hw/android\.hardware\.health-service\.zumapro                   u:object_r:hal_health_default_exec:s0
 /vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro                 u:object_r:hal_bootctl_default_exec:s0
-/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging          u:object_r:gxp_logging_exec:s0
 /vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel               u:object_r:hal_power_stats_default_exec:s0
 /vendor/bin/hw/android\.hardware\.secure_element-service\.thales                    u:object_r:hal_secure_element_st54spi_aidl_exec:s0
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix  u:object_r:hal_fingerprint_default_exec:s0
@@ -35,7 +34,6 @@
 /vendor/lib64/arm\.mali\.platform-V2-ndk\.so                                u:object_r:same_process_hal_file:s0
 
 # Vendor libraries
-/vendor/lib(64)?/libgxp\.so                                                 u:object_r:same_process_hal_file:s0
 
 # Vendor
 /data/vendor/bluetooth(/.*)?                                                u:object_r:vendor_bt_data_file:s0
diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts
index 8344007..d7e7078 100644
--- a/vendor/genfs_contexts
+++ b/vendor/genfs_contexts
@@ -17,6 +17,9 @@ genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_b
 # EdgeTPU
 genfscon sysfs /devices/platform/1a000000.rio                           u:object_r:sysfs_edgetpu:s0
 
+# Gxp
+genfscon sysfs /devices/platform/20c00000.callisto                      u:object_r:sysfs_gxp:s0
+
 # debugfs
 genfscon debugfs /google_charger                                        u:object_r:vendor_charger_debugfs:s0
 genfscon debugfs /max77729_pmic                                         u:object_r:vendor_charger_debugfs:s0
diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te
index 8c030f4..f368d39 100644
--- a/vendor/google_camera_app.te
+++ b/vendor/google_camera_app.te
@@ -9,9 +9,9 @@ allow google_camera_app mediaextractor_service:service_manager find;
 allow google_camera_app mediametrics_service:service_manager find;
 allow google_camera_app mediaserver_service:service_manager find;
 
-# Allows GCA to acccess the GXP device and search for the firmware file.
+# Allows GCA to acccess the GXP device & properties.
 allow google_camera_app gxp_device:chr_file rw_file_perms;
-allow google_camera_app vendor_fw_file:dir search;
+get_prop(google_camera_app, vendor_gxp_prop)
 
 # Allows GCA to access the PowerHAL.
 hal_client_domain(google_camera_app, hal_power)
diff --git a/vendor/gxp_logging.te b/vendor/gxp_logging.te
deleted file mode 100644
index 000138a..0000000
--- a/vendor/gxp_logging.te
+++ /dev/null
@@ -1,10 +0,0 @@
-type gxp_logging, domain;
-type gxp_logging_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(gxp_logging)
-
-# The logging service accesses /dev/gxp
-allow gxp_logging gxp_device:chr_file rw_file_perms;
-
-# Allow gxp tracing service to send packets to Perfetto
-userdebug_or_eng(`perfetto_producer(gxp_logging)')
-
diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te
index a7d9db9..35cd7cf 100644
--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
@@ -29,9 +29,6 @@ allow hal_camera_default persist_camera_file:file create_file_perms;
 allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms;
 allow hal_camera_default vendor_camera_data_file:file create_file_perms;
 
-# Allow the camera hal to access the GXP device.
-allow hal_camera_default gxp_device:chr_file rw_file_perms;
-
 # Allow creating dump files for debugging in non-release builds
 userdebug_or_eng(`
   allow hal_camera_default vendor_camera_data_file:dir create_dir_perms;