Merge "marlin: Add SELinux policy for Lineage builds" into o8.0

8 files changed, 20 insertions, 10 deletions

diff --git a/BoardConfigLineage.mk b/BoardConfigLineage.mk
index d38e3066..27e5f308 100644
--- a/BoardConfigLineage.mk
+++ b/BoardConfigLineage.mk
@@ -9,4 +9,10 @@ TARGET_COMPILE_WITH_MSM_KERNEL := true
 TARGET_KERNEL_CONFIG := lineageos_marlin_defconfig
 TARGET_KERNEL_SOURCE := kernel/google/marlin
 
+# SELinux
+BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \
+    device/google/marlin/sepolicy-lineage/public
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
+    device/google/marlin/sepolicy-lineage/private
+
 -include vendor/google/marlin/BoardConfigVendor.mk
diff --git a/marlin/BoardConfig.mk b/marlin/BoardConfig.mk
index 39596e42..24fad5db 100644
--- a/marlin/BoardConfig.mk
+++ b/marlin/BoardConfig.mk
@@ -109,11 +109,6 @@ BOARD_KERNEL_CMDLINE := console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 an
 BOARD_ROOT_EXTRA_FOLDERS := bt_firmware firmware firmware/radio persist
 BOARD_ROOT_EXTRA_SYMLINKS := /vendor/lib/dsp:/dsp
 
-BOARD_SEPOLICY_DIRS += device/google/marlin/sepolicy
-ifneq ($(filter marlin marlinf, $(TARGET_PRODUCT)),)
-BOARD_SEPOLICY_DIRS += device/google/marlin/sepolicy/verizon
-endif
-
 BOARD_EGL_CFG := device/google/marlin/egl.cfg
 
 BOARD_KERNEL_BASE        := 0x80000000
diff --git a/sailfish/BoardConfig.mk b/sailfish/BoardConfig.mk
index 6ad30ff0..68e250bb 100644
--- a/sailfish/BoardConfig.mk
+++ b/sailfish/BoardConfig.mk
@@ -99,11 +99,6 @@ BOARD_KERNEL_CMDLINE := console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 an
 BOARD_ROOT_EXTRA_FOLDERS := bt_firmware firmware firmware/radio persist
 BOARD_ROOT_EXTRA_SYMLINKS := /vendor/lib/dsp:/dsp
 
-BOARD_SEPOLICY_DIRS += device/google/marlin/sepolicy
-ifneq ($(filter sailfish sailfishf, $(TARGET_PRODUCT)),)
-BOARD_SEPOLICY_DIRS += device/google/marlin/sepolicy/verizon
-endif
-
 BOARD_EGL_CFG := device/google/marlin/egl.cfg
 
 BOARD_KERNEL_BASE        := 0x80000000
diff --git a/sepolicy-lineage/private/file.te b/sepolicy-lineage/private/file.te
new file mode 100644
index 00000000..740e3398
--- /dev/null
+++ b/sepolicy-lineage/private/file.te
@@ -0,0 +1,3 @@
+type bt_firmware_file, file_type;
+type firmware_file, fs_type, contextmount_type;
+type persist_file, file_type;
diff --git a/sepolicy-lineage/private/file_contexts b/sepolicy-lineage/private/file_contexts
new file mode 100644
index 00000000..805b1c62
--- /dev/null
+++ b/sepolicy-lineage/private/file_contexts
@@ -0,0 +1,5 @@
+/bt_firmware(/.*)?      u:object_r:bt_firmware_file:s0
+/dsp                    u:object_r:rootfs:s0
+/firmware(/.*)?         u:object_r:firmware_file:s0
+/persist(/.*)?          u:object_r:persist_file:s0
+/tombstones             u:object_r:rootfs:s0
diff --git a/sepolicy-lineage/private/service.te b/sepolicy-lineage/private/service.te
new file mode 100644
index 00000000..2bfe8718
--- /dev/null
+++ b/sepolicy-lineage/private/service.te
@@ -0,0 +1,2 @@
+type cne_service,                 service_manager_type;
+type imscm_service,               service_manager_type;
diff --git a/sepolicy-lineage/private/service_contexts b/sepolicy-lineage/private/service_contexts
new file mode 100644
index 00000000..ab21ca33
--- /dev/null
+++ b/sepolicy-lineage/private/service_contexts
@@ -0,0 +1,3 @@
+cneservice                                     u:object_r:cne_service:s0
+qti.ims.connectionmanagerservice               u:object_r:imscm_service:s0
+rcs                                            u:object_r:radio_service:s0
diff --git a/sepolicy-lineage/public/hwservice.te b/sepolicy-lineage/public/hwservice.te
new file mode 100644
index 00000000..1da86931
--- /dev/null
+++ b/sepolicy-lineage/public/hwservice.te
@@ -0,0 +1 @@
+type vnd_qcril_audio_hwservice, hwservice_manager_type;