Merge "WLC: add static i2c number for sepolicy and remove others" into main
diff --git a/caiman-sepolicy.mk b/caiman-sepolicy.mk
index f6c52b3..d34e613 100644
--- a/caiman-sepolicy.mk
+++ b/caiman-sepolicy.mk
@@ -3,3 +3,9 @@
# UDFPS sepolicy.
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
+
+# GPS sepolicy
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
+
+#Fingerprint
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance
diff --git a/fingerprint_capacitance/system_app.te b/fingerprint_capacitance/system_app.te
new file mode 100644
index 0000000..e1a7d52
--- /dev/null
+++ b/fingerprint_capacitance/system_app.te
@@ -0,0 +1,2 @@
+# TODO (b/306087355) Remove this and make it specific to the app
+hal_client_domain(system_app, hal_fingerprint)
diff --git a/gnss/file_contexts b/gnss/file_contexts
new file mode 100644
index 0000000..1a4c2d4
--- /dev/null
+++ b/gnss/file_contexts
@@ -0,0 +1,11 @@
+# GPS
+/dev/gnss_ipc u:object_r:vendor_gnss_device:s0
+/dev/gnss_boot u:object_r:vendor_gnss_device:s0
+/dev/gnss_dump u:object_r:vendor_gnss_device:s0
+
+/vendor/bin/hw/gnssd u:object_r:gnssd_exec:s0
+/vendor/bin/hw/sctd u:object_r:sctd_exec:s0
+/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
+/vendor/bin/hw/spad u:object_r:spad_exec:s0
+/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1 u:object_r:hal_gnss_default_exec:s0
+/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
diff --git a/gnss/gnss_check.te b/gnss/gnss_check.te
new file mode 100644
index 0000000..e19a8b9
--- /dev/null
+++ b/gnss/gnss_check.te
@@ -0,0 +1,6 @@
+type gnss_check, domain;
+type gnss_check_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(gnss_check);
+
+allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
diff --git a/gnss/gnssd.te b/gnss/gnssd.te
new file mode 100644
index 0000000..ea16762
--- /dev/null
+++ b/gnss/gnssd.te
@@ -0,0 +1,23 @@
+type gnssd, domain;
+type gnssd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gnssd);
+
+# Allow gnssd to access rild
+binder_call(gnssd, rild);
+# binder_call(gnssd, hwservicemanager)
+allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
+allow gnssd radio_device:chr_file rw_file_perms;
+
+# Allow gnssd to acess gnss device
+allow gnssd vendor_gnss_device:chr_file rw_file_perms;
+allow gnssd vendor_gps_file:dir create_dir_perms;
+allow gnssd vendor_gps_file:file create_file_perms;
+allow gnssd vendor_gps_file:fifo_file create_file_perms;
+
+get_prop(gnssd, bootanim_system_prop)
+
+# Allow gnssd to obtain wakelock
+wakelock_use(gnssd)
+
+# Allow a base set of permissions required for network access.
+net_domain(gnssd);
diff --git a/gnss/hal_gnss_default.te b/gnss/hal_gnss_default.te
new file mode 100644
index 0000000..25fc30a
--- /dev/null
+++ b/gnss/hal_gnss_default.te
@@ -0,0 +1,2 @@
+binder_call(hal_gnss_default, gnssd);
+
diff --git a/gnss/rild.te b/gnss/rild.te
new file mode 100644
index 0000000..c620a19
--- /dev/null
+++ b/gnss/rild.te
@@ -0,0 +1 @@
+binder_call(rild, gnssd)
diff --git a/gnss/sctd.te b/gnss/sctd.te
new file mode 100644
index 0000000..8966ef8
--- /dev/null
+++ b/gnss/sctd.te
@@ -0,0 +1,3 @@
+type sctd, domain;
+type sctd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(sctd);
diff --git a/gnss/spad.te b/gnss/spad.te
new file mode 100644
index 0000000..eaf8b1c
--- /dev/null
+++ b/gnss/spad.te
@@ -0,0 +1,3 @@
+type spad, domain;
+type spad_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(spad);
diff --git a/gnss/swcnd.te b/gnss/swcnd.te
new file mode 100644
index 0000000..c366cad
--- /dev/null
+++ b/gnss/swcnd.te
@@ -0,0 +1,3 @@
+type swcnd, domain;
+type swcnd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(swcnd);
diff --git a/komodo-sepolicy.mk b/komodo-sepolicy.mk
index f5d822d..feed173 100644
--- a/komodo-sepolicy.mk
+++ b/komodo-sepolicy.mk
@@ -3,3 +3,9 @@
# UDFPS sepolicy.
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
+
+# GPS sepolicy
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
+
+#Fingerprint
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance
diff --git a/ripcurrent24-sepolicy.mk b/ripcurrent24-sepolicy.mk
index 63f1e2f..48f5009 100644
--- a/ripcurrent24-sepolicy.mk
+++ b/ripcurrent24-sepolicy.mk
@@ -3,3 +3,9 @@
# UDFPS sepolicy.
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
+
+# GPS sepolicy
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
+
+#Fingerprint
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance
diff --git a/tokay-sepolicy.mk b/tokay-sepolicy.mk
index 90689a3..bfc19e5 100644
--- a/tokay-sepolicy.mk
+++ b/tokay-sepolicy.mk
@@ -3,3 +3,9 @@
# UDFPS sepolicy.
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
+
+# GPS sepolicy
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
+
+#Fingerprint
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance
