From 494ee17d122e391b0bccc41269ecc3b5bcbb1463 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Sat, 19 Oct 2019 12:31:12 +0200
Subject: [PATCH] sdm660: Add folio_daemon in sepolicy

---
 sepolicy/vendor/folio_daemon.te  | 19 +++++++++++++++++--
 sepolicy/vendor/system_server.te |  1 +
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/sepolicy/vendor/folio_daemon.te b/sepolicy/vendor/folio_daemon.te
index a4d54447..6bd6946b 100644
--- a/sepolicy/vendor/folio_daemon.te
+++ b/sepolicy/vendor/folio_daemon.te
@@ -1,4 +1,19 @@
-type folio_daemon, domain;
-type folio_daemon_exec, exec_type, file_type;
 
+type folio_daemon, domain;
+type folio_daemon_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(folio_daemon)
+
+allow folio_daemon binder_device:chr_file rw_file_perms;
+allow folio_daemon uhid_device:chr_file rw_file_perms;
+
+# TODO(b/35870313): Remove this attribute when the corresponding bug is fixed and the treble
+# violations are handled
+typeattribute folio_daemon binder_in_vendor_violators;
+typeattribute folio_daemon socket_between_core_and_vendor_violators;
+allow folio_daemon system_server:unix_stream_socket rw_socket_perms_no_ioctl;
+
+binder_use(folio_daemon)
+binder_call(folio_daemon, system_server)
+
+allow folio_daemon sensorservice_service:service_manager find;
+allow folio_daemon permission_service:service_manager find;
diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te
index 1425346a..b9bcc273 100644
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@@ -6,3 +6,4 @@ allow system_server vendor_camera_prop:file { getattr open read };
 allow system_server vendor_default_prop:file { getattr open read };
 allow system_server thermal_service:service_manager find;
 allow system_server sysfs_battery_supply:file { getattr open read write };
+binder_call(system_server, folio_daemon)