Merge branch 'lineage-21.0' of https://github.com/LineageOS/android_device_lineage_sepolicy into leaf-3.2
Change-Id: I9e4d32469f1159b8b128cd729f317063595e96e2
diff --git a/common/dynamic/hal_lineage_trust.te b/common/dynamic/hal_lineage_trust.te
deleted file mode 100644
index 8e2fa7b..0000000
--- a/common/dynamic/hal_lineage_trust.te
+++ /dev/null
@@ -1,10 +0,0 @@
-# HwBinder IPC from client to server
-binder_call(hal_lineage_trust_client, hal_lineage_trust_server)
-
-add_hwservice(hal_lineage_trust_server, hal_lineage_trust_hwservice)
-allow hal_lineage_trust_client hal_lineage_trust_hwservice:hwservice_manager find;
-
-allow hal_lineage_trust_server self:capability sys_admin;
-
-allow hal_lineage_trust_server proc_deny_new_usb:file rw_file_perms;
-allow hal_lineage_trust_server sysfs_usb_data_enabled:file rw_file_perms;
diff --git a/common/dynamic/hwservice.te b/common/dynamic/hwservice.te
index 757af6f..ce2416e 100644
--- a/common/dynamic/hwservice.te
+++ b/common/dynamic/hwservice.te
@@ -3,4 +3,3 @@
type hal_lineage_livedisplay_hwservice, hwservice_manager_type;
type hal_lineage_powershare_hwservice, hwservice_manager_type;
type hal_lineage_touch_hwservice, hwservice_manager_type;
-type hal_lineage_trust_hwservice, hwservice_manager_type;
diff --git a/common/dynamic/hwservice_contexts b/common/dynamic/hwservice_contexts
index b5644c9..fb72e10 100644
--- a/common/dynamic/hwservice_contexts
+++ b/common/dynamic/hwservice_contexts
@@ -18,4 +18,3 @@
vendor.lineage.touch::IKeySwapper u:object_r:hal_lineage_touch_hwservice:s0
vendor.lineage.touch::IStylusMode u:object_r:hal_lineage_touch_hwservice:s0
vendor.lineage.touch::ITouchscreenGesture u:object_r:hal_lineage_touch_hwservice:s0
-vendor.lineage.trust::IUsbRestrict u:object_r:hal_lineage_trust_hwservice:s0
diff --git a/common/private/system_server.te b/common/private/system_server.te
index 18c5faa..10d51e8 100644
--- a/common/private/system_server.te
+++ b/common/private/system_server.te
@@ -5,7 +5,6 @@
hal_client_domain(system_server, hal_lineage_health)
hal_client_domain(system_server, hal_lineage_livedisplay)
hal_client_domain(system_server, hal_lineage_touch)
-hal_client_domain(system_server, hal_lineage_trust)
hal_client_domain(system_server, hal_lineage_powershare)
# Let system server find auxiliary camera properties
diff --git a/common/system/file_contexts b/common/system/file_contexts
deleted file mode 100644
index 8fc1e77..0000000
--- a/common/system/file_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# Trust
-/system/bin/hw/lineage\.trust@1\.0-service u:object_r:hal_lineage_trust_default_exec:s0
diff --git a/common/system/hal_lineage_trust.te b/common/system/hal_lineage_trust.te
deleted file mode 100644
index 9004f6c..0000000
--- a/common/system/hal_lineage_trust.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type hal_lineage_trust_default, coredomain, domain;
-hal_server_domain(hal_lineage_trust_default, hal_lineage_trust)
-
-type hal_lineage_trust_default_exec, exec_type, system_file_type, file_type;
-init_daemon_domain(hal_lineage_trust_default)
diff --git a/common/vendor/file_contexts b/common/vendor/file_contexts
index fd4174d..8cfc967 100644
--- a/common/vendor/file_contexts
+++ b/common/vendor/file_contexts
@@ -13,12 +13,10 @@
# LiveDisplay HAL
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service-sysfs u:object_r:hal_lineage_livedisplay_sysfs_exec:s0
-# Trust HAL
-/(vendor|system/vendor)/bin/hw/vendor\.lineage\.trust@1\.0-service u:object_r:hal_lineage_trust_default_exec:s0
-
# USB HAL
-/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service\.basic u:object_r:hal_usb_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.3-service\.basic u:object_r:hal_usb_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.1-service\.typec u:object_r:hal_usb_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.3-service\.dual_role_usb u:object_r:hal_usb_default_exec:s0
# Vibrator HAL
/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service\.lineage u:object_r:hal_vibrator_default_exec:s0
diff --git a/common/vendor/hal_lineage_trust_default.te b/common/vendor/hal_lineage_trust_default.te
deleted file mode 100644
index 2afad88..0000000
--- a/common/vendor/hal_lineage_trust_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type hal_lineage_trust_default, domain;
-hal_server_domain(hal_lineage_trust_default, hal_lineage_trust)
-
-type hal_lineage_trust_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_lineage_trust_default)
diff --git a/common/vendor/hal_usb_default.te b/common/vendor/hal_usb_default.te
new file mode 100644
index 0000000..798f4b9
--- /dev/null
+++ b/common/vendor/hal_usb_default.te
@@ -0,0 +1,7 @@
+allow hal_usb_default configfs:dir create_dir_perms;
+allow hal_usb_default configfs:file create_file_perms;
+
+allow hal_usb_default proc_deny_new_usb:file w_file_perms;
+allow hal_usb_default sysfs_usb_data_enabled:file w_file_perms;
+
+allow hal_usb_default self:capability sys_admin;
diff --git a/qcom/sepolicy.mk b/qcom/sepolicy.mk
index 44cb2fc..0398957 100644
--- a/qcom/sepolicy.mk
+++ b/qcom/sepolicy.mk
@@ -25,6 +25,7 @@
ifeq (,$(filter msm8937 msm8953 msm8996 msm8998 sdm660 sdm710 sdm845, $(TARGET_BOARD_PLATFORM)))
BOARD_SEPOLICY_M4DEFS += \
display_vendor_data_file=vendor_display_vendor_data_file \
+ hal_gnss_qti=vendor_hal_gnss_qti \
hal_keymaster_qti_exec=vendor_hal_keymaster_qti_exec \
hal_perf_default=vendor_hal_perf_default \
location_domain=vendor_location \
diff --git a/qcom/vendor/hal_gnss_qti.te b/qcom/vendor/hal_gnss_qti.te
new file mode 100644
index 0000000..1b9e615
--- /dev/null
+++ b/qcom/vendor/hal_gnss_qti.te
@@ -0,0 +1,2 @@
+# xtra-daemon control
+dontaudit hal_gnss_qti xtra_control_prop:file read;