Revert^2 "Update EVS sepolicy"
2a5dfffff00855760ea1b6cefffe966e87d9b361
Bug: 166846786
Bug: 168307765
Test: Run EVS services and reference application, and manually check
selinux audit messages.
Change-Id: Iada78265cb2987fc3e230b8aedb112701ba18b7d
Merged-In: I393721d1b4e1f7e358c621ca173f8c90a92f9103
diff --git a/evs/sepolicy/evs.mk b/evs/sepolicy/evs.mk
new file mode 100644
index 0000000..aee4003
--- /dev/null
+++ b/evs/sepolicy/evs.mk
@@ -0,0 +1,3 @@
+# Extended View System Selinux Policies
+PRODUCT_PUBLIC_SEPOLICY_DIRS += packages/services/Car/evs/sepolicy/public
+PRODUCT_PRIVATE_SEPOLICY_DIRS += packages/services/Car/evs/sepolicy/private
diff --git a/evs/sepolicy/private/automotive_display_service.te b/evs/sepolicy/private/automotive_display_service.te
new file mode 100644
index 0000000..cd42ed6
--- /dev/null
+++ b/evs/sepolicy/private/automotive_display_service.te
@@ -0,0 +1,2 @@
+allow automotive_display_service hal_evs_driver:binder transfer;
+allow automotive_display_service hal_evs_driver:fd use;
diff --git a/evs/sepolicy/evs_app.te b/evs/sepolicy/private/evs_app.te
similarity index 100%
rename from evs/sepolicy/evs_app.te
rename to evs/sepolicy/private/evs_app.te
diff --git a/evs/sepolicy/evs_driver.te b/evs/sepolicy/private/evs_driver.te
similarity index 94%
rename from evs/sepolicy/evs_driver.te
rename to evs/sepolicy/private/evs_driver.te
index 9bb7b97..5b847fa 100644
--- a/evs/sepolicy/evs_driver.te
+++ b/evs/sepolicy/private/evs_driver.te
@@ -1,5 +1,4 @@
-# evs_mock mock hardware driver service
-type hal_evs_driver, domain;
+# evs reference hardware driver service
hal_server_domain(hal_evs_driver, hal_evs)
hal_client_domain(hal_evs_driver, hal_evs)
diff --git a/evs/sepolicy/evs_manager.te b/evs/sepolicy/private/evs_manager.te
similarity index 74%
rename from evs/sepolicy/evs_manager.te
rename to evs/sepolicy/private/evs_manager.te
index cf649bb..32bbc32 100644
--- a/evs/sepolicy/evs_manager.te
+++ b/evs/sepolicy/private/evs_manager.te
@@ -1,5 +1,4 @@
# evs manager
-type evs_manager, domain, coredomain;
hal_server_domain(evs_manager, hal_evs)
hal_client_domain(evs_manager, hal_evs)
@@ -7,10 +6,7 @@
type evs_manager_exec, exec_type, file_type, system_file_type;
init_daemon_domain(evs_manager)
-# allow use of hwservices
-allow evs_manager hal_graphics_allocator_default:fd use;
-
-# allow write to fd
+# allow write messages to the shell
allow evs_manager shell:fd use;
allow evs_manager shell:fifo_file write;
diff --git a/evs/sepolicy/file_contexts b/evs/sepolicy/private/file_contexts
similarity index 100%
rename from evs/sepolicy/file_contexts
rename to evs/sepolicy/private/file_contexts
diff --git a/evs/sepolicy/servicemanager.te b/evs/sepolicy/private/servicemanager.te
similarity index 100%
rename from evs/sepolicy/servicemanager.te
rename to evs/sepolicy/private/servicemanager.te
diff --git a/evs/sepolicy/surfaceflinger.te b/evs/sepolicy/private/surfaceflinger.te
similarity index 100%
rename from evs/sepolicy/surfaceflinger.te
rename to evs/sepolicy/private/surfaceflinger.te
diff --git a/evs/sepolicy/public/evs_driver.te b/evs/sepolicy/public/evs_driver.te
new file mode 100644
index 0000000..9f72441
--- /dev/null
+++ b/evs/sepolicy/public/evs_driver.te
@@ -0,0 +1,2 @@
+# reference evs hardware driver service
+type hal_evs_driver, domain;
diff --git a/evs/sepolicy/public/evs_manager.te b/evs/sepolicy/public/evs_manager.te
new file mode 100644
index 0000000..24f3e6c
--- /dev/null
+++ b/evs/sepolicy/public/evs_manager.te
@@ -0,0 +1,2 @@
+# evs manager
+type evs_manager, domain, coredomain;