From 6c42229dccf43ae99770fbc9ddcc1a1364ba79de Mon Sep 17 00:00:00 2001
From: Chase Wu <chasewu@google.com>
Date: Tue, 1 Nov 2022 15:37:52 +0800
Subject: [PATCH] add sepolicy for vibrator manager service

Bug: 181615889
Test: Run all test suites
Signed-off-by: chasewu <chasewu@google.com>
Change-Id: Ie9e3c86b01afb26557ae69ead813dd123b4df91b
---
 vendor/device.te                      |  1 +
 vendor/file_contexts                  |  5 +++++
 vendor/hal_vibrator_default.te        |  5 +++++
 vendor/hal_vibrator_stereo_default.te | 21 +++++++++++++++++++++
 vendor/vndservice.te                  |  1 +
 vendor/vndservice_contexts            |  2 ++
 6 files changed, 35 insertions(+)
 create mode 100644 vendor/device.te
 create mode 100644 vendor/hal_vibrator_default.te
 create mode 100644 vendor/hal_vibrator_stereo_default.te
 create mode 100644 vendor/vndservice.te
 create mode 100644 vendor/vndservice_contexts

diff --git a/vendor/device.te b/vendor/device.te
new file mode 100644
index 0000000..1a969b6
--- /dev/null
+++ b/vendor/device.te
@@ -0,0 +1 @@
+type vibrator_device, dev_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 0117b05..91d227e 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -11,3 +11,8 @@
 /dev/ttySAC18                       u:object_r:hci_attach_dev:s0
 /dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
 /dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
+
+# Haptics
+/vendor/bin/hw/android\.hardware\.vibrator-service\.cs40l26-private         u:object_r:hal_vibrator_default_exec:s0
+/vendor/bin/hw/android\.hardware\.vibrator-service\.cs40l26-stereo-private  u:object_r:hal_vibrator_stereo_exec:s0
+/dev/gpiochip44                                                             u:object_r:vibrator_device:s0
diff --git a/vendor/hal_vibrator_default.te b/vendor/hal_vibrator_default.te
new file mode 100644
index 0000000..3b14315
--- /dev/null
+++ b/vendor/hal_vibrator_default.te
@@ -0,0 +1,5 @@
+# Allow vibrator HAL to communicate with another service
+binder_call(hal_vibrator_default, hal_vibrator_stereo);
+
+# Allow vibrator HAL to "add" the hal_vibrator_vndservice service type
+add_service(hal_vibrator_default, hal_vibrator_vndservice);
diff --git a/vendor/hal_vibrator_stereo_default.te b/vendor/hal_vibrator_stereo_default.te
new file mode 100644
index 0000000..9cb2793
--- /dev/null
+++ b/vendor/hal_vibrator_stereo_default.te
@@ -0,0 +1,21 @@
+# From system sepilicy
+type hal_vibrator_stereo, domain;
+hal_server_domain(hal_vibrator_stereo, hal_vibrator)
+
+type hal_vibrator_stereo_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_vibrator_stereo)
+
+# From project
+get_prop(hal_vibrator_stereo, vendor_vibrator_prop);
+get_prop(hal_vibrator_stereo, boot_status_prop);
+
+# Allow vibrator HAL's default implementation to use vendor-binder service
+vndbinder_use(hal_vibrator_stereo);
+
+# For gpio dev node
+allow hal_vibrator_stereo vibrator_device:chr_file rw_file_perms;
+
+# For vibrator HAL's communication with other service
+binder_call(hal_vibrator_stereo, hal_vibrator_default);
+
+allow hal_vibrator_stereo hal_vibrator_vndservice:service_manager find;
diff --git a/vendor/vndservice.te b/vendor/vndservice.te
new file mode 100644
index 0000000..5df985b
--- /dev/null
+++ b/vendor/vndservice.te
@@ -0,0 +1 @@
+type hal_vibrator_vndservice, vndservice_manager_type;
diff --git a/vendor/vndservice_contexts b/vendor/vndservice_contexts
new file mode 100644
index 0000000..2b6b4aa
--- /dev/null
+++ b/vendor/vndservice_contexts
@@ -0,0 +1,2 @@
+android.hardware.vibrator.IVibratorSync/default                      u:object_r:hal_vibrator_vndservice:s0
+android.hardware.vibrator.IVibratorSync/dual                         u:object_r:hal_vibrator_vndservice:s0
-- 
GitLab