sepolicy: Move livedisplay hal policy to dynamic
Change-Id: I7d7b932688d95fc397576e74bc1ff434395ec663
diff --git a/common/dynamic/file.te b/common/dynamic/file.te
index c77d9ec..ce0f325 100644
--- a/common/dynamic/file.te
+++ b/common/dynamic/file.te
@@ -1 +1,2 @@
type proc_deny_new_usb, fs_type, proc_type;
+type sysfs_livedisplay_tuneable, fs_type, sysfs_type;
diff --git a/common/dynamic/genfs_contexts b/common/dynamic/genfs_contexts
index 60cf2c6..4287895 100644
--- a/common/dynamic/genfs_contexts
+++ b/common/dynamic/genfs_contexts
@@ -1 +1,10 @@
genfscon proc /sys/kernel/deny_new_usb u:object_r:proc_deny_new_usb:s0
+
+genfscon sysfs /devices/virtual/graphics/fb0/acl u:object_r:sysfs_livedisplay_tuneable:s0
+genfscon sysfs /devices/virtual/graphics/fb0/aco u:object_r:sysfs_livedisplay_tuneable:s0
+genfscon sysfs /devices/virtual/graphics/fb0/cabc u:object_r:sysfs_livedisplay_tuneable:s0
+genfscon sysfs /devices/virtual/graphics/fb0/color_enhance u:object_r:sysfs_livedisplay_tuneable:s0
+genfscon sysfs /devices/virtual/graphics/fb0/hbm u:object_r:sysfs_livedisplay_tuneable:s0
+genfscon sysfs /devices/virtual/graphics/fb0/rgb u:object_r:sysfs_livedisplay_tuneable:s0
+genfscon sysfs /devices/virtual/graphics/fb0/sre u:object_r:sysfs_livedisplay_tuneable:s0
+genfscon sysfs /devices/virtual/graphics/fb0/reading_mode u:object_r:sysfs_livedisplay_tuneable:s0
diff --git a/common/public/hal_lineage_livedisplay.te b/common/dynamic/hal_lineage_livedisplay.te
similarity index 100%
rename from common/public/hal_lineage_livedisplay.te
rename to common/dynamic/hal_lineage_livedisplay.te
diff --git a/common/dynamic/hwservice.te b/common/dynamic/hwservice.te
index 7ca4141..e5b0751 100644
--- a/common/dynamic/hwservice.te
+++ b/common/dynamic/hwservice.te
@@ -1 +1,2 @@
+type hal_lineage_livedisplay_hwservice, hwservice_manager_type;
type hal_lineage_trust_hwservice, hwservice_manager_type;
diff --git a/common/dynamic/hwservice_contexts b/common/dynamic/hwservice_contexts
index 6cb1181..04e639f 100644
--- a/common/dynamic/hwservice_contexts
+++ b/common/dynamic/hwservice_contexts
@@ -1 +1,10 @@
+vendor.lineage.livedisplay::IAdaptiveBacklight u:object_r:hal_lineage_livedisplay_hwservice:s0
+vendor.lineage.livedisplay::IAutoContrast u:object_r:hal_lineage_livedisplay_hwservice:s0
+vendor.lineage.livedisplay::IColorBalance u:object_r:hal_lineage_livedisplay_hwservice:s0
+vendor.lineage.livedisplay::IColorEnhancement u:object_r:hal_lineage_livedisplay_hwservice:s0
+vendor.lineage.livedisplay::IDisplayColorCalibration u:object_r:hal_lineage_livedisplay_hwservice:s0
+vendor.lineage.livedisplay::IDisplayModes u:object_r:hal_lineage_livedisplay_hwservice:s0
+vendor.lineage.livedisplay::IPictureAdjustment u:object_r:hal_lineage_livedisplay_hwservice:s0
+vendor.lineage.livedisplay::IReadingEnhancement u:object_r:hal_lineage_livedisplay_hwservice:s0
+vendor.lineage.livedisplay::ISunlightEnhancement u:object_r:hal_lineage_livedisplay_hwservice:s0
vendor.lineage.trust::IUsbRestrict u:object_r:hal_lineage_trust_hwservice:s0
diff --git a/common/dynamic/init.te b/common/dynamic/init.te
new file mode 100644
index 0000000..6057452
--- /dev/null
+++ b/common/dynamic/init.te
@@ -0,0 +1,3 @@
+allow init {
+ sysfs_livedisplay_tuneable
+}:file { setattr w_file_perms };
diff --git a/common/dynamic/system_server.te b/common/dynamic/system_server.te
new file mode 100644
index 0000000..a5e3f68
--- /dev/null
+++ b/common/dynamic/system_server.te
@@ -0,0 +1,2 @@
+# Allow LineageHW (running as system server) to access LiveDisplay tuneables
+allow system_server sysfs_livedisplay_tuneable:file rw_file_perms;
diff --git a/common/private/genfs_contexts b/common/private/genfs_contexts
index 09d7df6..97887b9 100644
--- a/common/private/genfs_contexts
+++ b/common/private/genfs_contexts
@@ -1,13 +1,4 @@
genfscon fuseblk / u:object_r:vfat:s0
genfscon sdfat / u:object_r:exfat:s0
-genfscon sysfs /devices/virtual/graphics/fb0/acl u:object_r:sysfs_livedisplay_tuneable:s0
-genfscon sysfs /devices/virtual/graphics/fb0/aco u:object_r:sysfs_livedisplay_tuneable:s0
-genfscon sysfs /devices/virtual/graphics/fb0/cabc u:object_r:sysfs_livedisplay_tuneable:s0
-genfscon sysfs /devices/virtual/graphics/fb0/color_enhance u:object_r:sysfs_livedisplay_tuneable:s0
-genfscon sysfs /devices/virtual/graphics/fb0/hbm u:object_r:sysfs_livedisplay_tuneable:s0
-genfscon sysfs /devices/virtual/graphics/fb0/rgb u:object_r:sysfs_livedisplay_tuneable:s0
-genfscon sysfs /devices/virtual/graphics/fb0/sre u:object_r:sysfs_livedisplay_tuneable:s0
-genfscon sysfs /devices/virtual/graphics/fb0/reading_mode u:object_r:sysfs_livedisplay_tuneable:s0
-
genfscon sysfs /devices/virtual/timed_output/vibrator u:object_r:sysfs_vibrator:s0
diff --git a/common/private/hwservice_contexts b/common/private/hwservice_contexts
index 71d03ed..b79ed80 100644
--- a/common/private/hwservice_contexts
+++ b/common/private/hwservice_contexts
@@ -1,12 +1,3 @@
-vendor.lineage.livedisplay::IAdaptiveBacklight u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::IAutoContrast u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::IColorBalance u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::IColorEnhancement u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::IDisplayColorCalibration u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::IDisplayModes u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::IPictureAdjustment u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::IReadingEnhancement u:object_r:hal_lineage_livedisplay_hwservice:s0
-vendor.lineage.livedisplay::ISunlightEnhancement u:object_r:hal_lineage_livedisplay_hwservice:s0
vendor.lineage.power::ILineagePower u:object_r:hal_power_hwservice:s0
vendor.lineage.touch::IGloveMode u:object_r:hal_lineage_touch_hwservice:s0
vendor.lineage.touch::IKeyDisabler u:object_r:hal_lineage_touch_hwservice:s0
diff --git a/common/private/init.te b/common/private/init.te
index 345c349..9eca0e5 100644
--- a/common/private/init.te
+++ b/common/private/init.te
@@ -3,5 +3,4 @@
allow init {
sysfs_io_sched_tuneable
- sysfs_livedisplay_tuneable
}:file { setattr w_file_perms };
diff --git a/common/private/system_server.te b/common/private/system_server.te
index 05f75fa..8284a82 100644
--- a/common/private/system_server.te
+++ b/common/private/system_server.te
@@ -1,8 +1,5 @@
allow system_server storage_stub_file:dir getattr;
-# Allow LineageHW (running as system server) to access LiveDisplay tuneables
-allow system_server sysfs_livedisplay_tuneable:file rw_file_perms;
-
# Use HALs
hal_client_domain(system_server, hal_lineage_livedisplay)
hal_client_domain(system_server, hal_lineage_touch)
diff --git a/common/public/file.te b/common/public/file.te
deleted file mode 100644
index 45564dc..0000000
--- a/common/public/file.te
+++ /dev/null
@@ -1 +0,0 @@
-type sysfs_livedisplay_tuneable, fs_type, sysfs_type;
diff --git a/common/public/hwservice.te b/common/public/hwservice.te
index 3676f11..afee012 100644
--- a/common/public/hwservice.te
+++ b/common/public/hwservice.te
@@ -1,2 +1 @@
-type hal_lineage_livedisplay_hwservice, hwservice_manager_type;
type hal_lineage_touch_hwservice, hwservice_manager_type;