Merge "[Cleanup]: Move gxp sepolicies to gs-common" into main

vendor/debug_camera_app.te

@@ -11,8 +11,9 @@ userdebug_or_eng(`
 	allow debug_camera_app mediametrics_service:service_manager find;
 	allow debug_camera_app mediaserver_service:service_manager find;
 
-	# Allows GCA-Eng & GCA-Next access the GXP device.
+	# Allows GCA-Eng & GCA-Next access the GXP device and properties.
 	allow debug_camera_app gxp_device:chr_file rw_file_perms;
+	get_prop(debug_camera_app, vendor_gxp_prop)
 
 	# Allows GCA-Eng & GCA-Next to find and access the EdgeTPU.
 	allow debug_camera_app edgetpu_app_service:service_manager find;

vendor/device.te

@@ -5,7 +5,6 @@ type devinfo_block_device, dev_type;
 type mfg_data_block_device, dev_type;
 type ufs_internal_block_device, dev_type;
 type logbuffer_device, dev_type;
-type gxp_device, dev_type, mlstrustedobject;
 type fingerprint_device, dev_type;
 type uci_device, dev_type;
 

vendor/file_contexts

@@ -1,7 +1,6 @@
 # Binaries
 /vendor/bin/hw/android\.hardware\.health-service\.zumapro                   u:object_r:hal_health_default_exec:s0
 /vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro                 u:object_r:hal_bootctl_default_exec:s0
-/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging          u:object_r:gxp_logging_exec:s0
 /vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel               u:object_r:hal_power_stats_default_exec:s0
 /vendor/bin/hw/android\.hardware\.secure_element-service\.thales                    u:object_r:hal_secure_element_st54spi_aidl_exec:s0
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix  u:object_r:hal_fingerprint_default_exec:s0
@@ -35,7 +34,6 @@
 /vendor/lib64/arm\.mali\.platform-V2-ndk\.so                                u:object_r:same_process_hal_file:s0
 
 # Vendor libraries
-/vendor/lib(64)?/libgxp\.so                                                 u:object_r:same_process_hal_file:s0
 
 # Vendor
 /data/vendor/bluetooth(/.*)?                                                u:object_r:vendor_bt_data_file:s0

vendor/genfs_contexts

@@ -17,6 +17,9 @@ genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_b
 # EdgeTPU
 genfscon sysfs /devices/platform/1a000000.rio                           u:object_r:sysfs_edgetpu:s0
 
+# Gxp
+genfscon sysfs /devices/platform/20c00000.callisto                      u:object_r:sysfs_gxp:s0
+
 # debugfs
 genfscon debugfs /google_charger                                        u:object_r:vendor_charger_debugfs:s0
 genfscon debugfs /max77729_pmic                                         u:object_r:vendor_charger_debugfs:s0

vendor/google_camera_app.te

@@ -9,9 +9,9 @@ allow google_camera_app mediaextractor_service:service_manager find;
 allow google_camera_app mediametrics_service:service_manager find;
 allow google_camera_app mediaserver_service:service_manager find;
 
-# Allows GCA to acccess the GXP device and search for the firmware file.
+# Allows GCA to acccess the GXP device & properties.
 allow google_camera_app gxp_device:chr_file rw_file_perms;
-allow google_camera_app vendor_fw_file:dir search;
+get_prop(google_camera_app, vendor_gxp_prop)
 
 # Allows GCA to access the PowerHAL.
 hal_client_domain(google_camera_app, hal_power)

vendor/gxp_logging.te

@@ -1,10 +0,0 @@
-type gxp_logging, domain;
-type gxp_logging_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(gxp_logging)
-
-# The logging service accesses /dev/gxp
-allow gxp_logging gxp_device:chr_file rw_file_perms;
-
-# Allow gxp tracing service to send packets to Perfetto
-userdebug_or_eng(`perfetto_producer(gxp_logging)')
-

vendor/hal_camera_default.te

@@ -29,9 +29,6 @@ allow hal_camera_default persist_camera_file:file create_file_perms;
 allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms;
 allow hal_camera_default vendor_camera_data_file:file create_file_perms;
 
-# Allow the camera hal to access the GXP device.
-allow hal_camera_default gxp_device:chr_file rw_file_perms;
-
 # Allow creating dump files for debugging in non-release builds
 userdebug_or_eng(`
   allow hal_camera_default vendor_camera_data_file:dir create_dir_perms;