gs-common: move sepolicy related to bootctrl hal hidl 1.2 to gs-common

Bug: 265063384
Change-Id: I1981edd60a77e4c5aede8649c7b6bc5eacb676ee
Signed-off-by: Jason Chiu <jasoncschiu@google.com>

5 files changed, 12 insertions, 0 deletions

diff --git a/bootctrl/bootctrl_hidl_1.2.mk b/bootctrl/bootctrl_hidl_1.2.mk
index 7b0da0a..ef25066 100644
--- a/bootctrl/bootctrl_hidl_1.2.mk
+++ b/bootctrl/bootctrl_hidl_1.2.mk
@@ -3,3 +3,4 @@ PRODUCT_PACKAGES += \
 	android.hardware.boot@1.2-service-pixel
 
 PRODUCT_SOONG_NAMESPACES += device/google/gs-common/bootctrl/1.2
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/bootctrl/sepolicy/1.2
diff --git a/bootctrl/sepolicy/1.2/device.te b/bootctrl/sepolicy/1.2/device.te
new file mode 100644
index 0000000..4fd0240
--- /dev/null
+++ b/bootctrl/sepolicy/1.2/device.te
@@ -0,0 +1,5 @@
+# devinfo block device
+type devinfo_block_device, dev_type;
+
+# OTA
+type sda_block_device, dev_type;
diff --git a/bootctrl/sepolicy/1.2/file.te b/bootctrl/sepolicy/1.2/file.te
new file mode 100644
index 0000000..5357fa9
--- /dev/null
+++ b/bootctrl/sepolicy/1.2/file.te
@@ -0,0 +1,2 @@
+# sysfs
+type sysfs_ota, sysfs_type, fs_type;
diff --git a/bootctrl/sepolicy/1.2/file_contexts b/bootctrl/sepolicy/1.2/file_contexts
new file mode 100644
index 0000000..c456356
--- /dev/null
+++ b/bootctrl/sepolicy/1.2/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/hw/android\.hardware\.boot@1\.2-service-pixel                    u:object_r:hal_bootctl_default_exec:s0
diff --git a/bootctrl/sepolicy/1.2/hal_bootctl_default.te b/bootctrl/sepolicy/1.2/hal_bootctl_default.te
new file mode 100644
index 0000000..fe017f9
--- /dev/null
+++ b/bootctrl/sepolicy/1.2/hal_bootctl_default.te
@@ -0,0 +1,3 @@
+allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms;
+allow hal_bootctl_default sda_block_device:blk_file rw_file_perms;
+allow hal_bootctl_default sysfs_ota:file rw_file_perms;