From 5431c78f3c185d631da28cd38038bf65fa38f1a6 Mon Sep 17 00:00:00 2001
From: Leo Liou <leoliou@google.com>
Date: Mon, 17 Jul 2023 16:22:44 +0800
Subject: bluejay: move ffu selinux rule into BOARD_VENDOR_SEPOLICY_DIRS

The ffu selinux rule don't work because it's not included by
BOARD_VENDOR_SEPOLICY_DIRS. Move it to bluejay folder and fix the
not working problem.

Bug: 273305600
Test: local build and test on B3
Change-Id: I7c9034b72b237508ecd9893fe86dee51d47c3c88
Signed-off-by: Leo Liou <leoliou@google.com>
---
 bluejay/device.te              |  2 ++
 bluejay/file_contexts          |  5 +++++
 bluejay/ufs_firmware_update.te | 10 ++++++++++
 vendor/device.te               |  2 --
 vendor/file_contexts           |  5 -----
 vendor/ufs_firmware_update.te  | 10 ----------
 6 files changed, 17 insertions(+), 17 deletions(-)
 create mode 100644 bluejay/device.te
 create mode 100644 bluejay/file_contexts
 create mode 100644 bluejay/ufs_firmware_update.te
 delete mode 100644 vendor/device.te
 delete mode 100644 vendor/file_contexts
 delete mode 100644 vendor/ufs_firmware_update.te

diff --git a/bluejay/device.te b/bluejay/device.te
new file mode 100644
index 0000000..d2a91db
--- /dev/null
+++ b/bluejay/device.te
@@ -0,0 +1,2 @@
+# Block Devices
+type fips_block_device, dev_type;
diff --git a/bluejay/file_contexts b/bluejay/file_contexts
new file mode 100644
index 0000000..a273c79
--- /dev/null
+++ b/bluejay/file_contexts
@@ -0,0 +1,5 @@
+# Binaries
+/vendor/bin/ufs_firmware_update\.sh                                         u:object_r:ufs_firmware_update_exec:s0
+
+# Devices
+/dev/block/platform/14700000\.ufs/by-name/fips                              u:object_r:fips_block_device:s0
diff --git a/bluejay/ufs_firmware_update.te b/bluejay/ufs_firmware_update.te
new file mode 100644
index 0000000..53ceba5
--- /dev/null
+++ b/bluejay/ufs_firmware_update.te
@@ -0,0 +1,10 @@
+type ufs_firmware_update, domain;
+type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(ufs_firmware_update)
+
+allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans;
+allow ufs_firmware_update block_device:dir r_dir_perms;
+allow ufs_firmware_update fips_block_device:blk_file rw_file_perms;
+allow ufs_firmware_update sysfs:dir r_dir_perms;
+allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms;
diff --git a/vendor/device.te b/vendor/device.te
deleted file mode 100644
index d2a91db..0000000
--- a/vendor/device.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# Block Devices
-type fips_block_device, dev_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
deleted file mode 100644
index a273c79..0000000
--- a/vendor/file_contexts
+++ /dev/null
@@ -1,5 +0,0 @@
-# Binaries
-/vendor/bin/ufs_firmware_update\.sh                                         u:object_r:ufs_firmware_update_exec:s0
-
-# Devices
-/dev/block/platform/14700000\.ufs/by-name/fips                              u:object_r:fips_block_device:s0
diff --git a/vendor/ufs_firmware_update.te b/vendor/ufs_firmware_update.te
deleted file mode 100644
index 53ceba5..0000000
--- a/vendor/ufs_firmware_update.te
+++ /dev/null
@@ -1,10 +0,0 @@
-type ufs_firmware_update, domain;
-type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type;
-
-init_daemon_domain(ufs_firmware_update)
-
-allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans;
-allow ufs_firmware_update block_device:dir r_dir_perms;
-allow ufs_firmware_update fips_block_device:blk_file rw_file_perms;
-allow ufs_firmware_update sysfs:dir r_dir_perms;
-allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms;
-- 
cgit v1.2.3