Merge Android R

Bug: 168057903
Merged-In: I25f0ca04f2e967f35d377e923f73486b95dd47e3
Change-Id: Ifa6d7d277cdceed5735850461d501e335e90a0d7

15 files changed, 463 insertions, 0 deletions

diff --git a/xr/init/init.xr.rc b/xr/init/init.xr.rc
new file mode 100644
index 0000000..dcb1067
--- /dev/null
+++ b/xr/init/init.xr.rc
@@ -0,0 +1,106 @@
+#
+# Copyright (C) 2019 The Android Open-Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+on init
+    # Temporarily stop booting into VR directly due to battery drain.
+    # TODO(b/131327495): Re-enable this once VrHeadsetPowerPolicyService or its
+    #                    equivalent lands in Android master.
+    setprop ro.boot.vr 0
+    setprop ro.surface_flinger.use_vr_flinger 1
+    setprop persist.sys.vr.pluggy_enabled 1
+
+    # Setup cpusets used by the VR services.
+    mkdir /dev/cpuset/kernel 0750 root system
+    write /dev/cpuset/kernel/cpus 0
+    write /dev/cpuset/kernel/mems 0
+    chown system system /dev/cpuset/kernel/tasks
+    chown system system /dev/cpuset/kernel/cpus
+    chmod 0660 /dev/cpuset/kernel/tasks
+    chmod 0660 /dev/cpuset/kernel/cpus
+
+    mkdir /dev/cpuset/system 0750 root system
+    write /dev/cpuset/system/cpus 0
+    write /dev/cpuset/system/mems 0
+    chown system system /dev/cpuset/system/tasks
+    chmod 0660 /dev/cpuset/system/tasks
+
+    mkdir /dev/cpuset/system/performance 0750 root system
+    write /dev/cpuset/system/performance/cpus 0
+    write /dev/cpuset/system/performance/mems 0
+    chown system system /dev/cpuset/system/performance/tasks
+    chmod 0660 /dev/cpuset/system/performance/tasks
+
+    mkdir /dev/cpuset/system/background 0750 root system
+    write /dev/cpuset/system/background/cpus 0
+    write /dev/cpuset/system/background/mems 0
+    chown system system /dev/cpuset/system/background/tasks
+    chmod 0660 /dev/cpuset/system/background/tasks
+
+    mkdir /dev/cpuset/application 0750 root system
+    write /dev/cpuset/application/cpus 0
+    write /dev/cpuset/application/mems 0
+    chown system system /dev/cpuset/application/tasks
+    chmod 0660 /dev/cpuset/application/tasks
+
+    mkdir /dev/cpuset/application/performance 0750 root system
+    write /dev/cpuset/application/performance/cpus 0
+    write /dev/cpuset/application/performance/mems 0
+    chown system system /dev/cpuset/application/performance/tasks
+    chmod 0660 /dev/cpuset/application/performance/tasks
+
+    mkdir /dev/cpuset/application/background 0750 root system
+    write /dev/cpuset/application/background/cpus 0
+    write /dev/cpuset/application/background/mems 0
+    chown system system /dev/cpuset/application/background/tasks
+    chmod 0660 /dev/cpuset/application/background/tasks
+
+    # Create UDS structure for base VR services.
+    mkdir /dev/socket/pdx 0775 system system
+    mkdir /dev/socket/pdx/system 0775 system system
+    mkdir /dev/socket/pdx/system/buffer_hub 0775 system system
+    mkdir /dev/socket/pdx/system/performance 0775 system system
+    mkdir /dev/socket/pdx/system/vr 0775 system system
+    mkdir /dev/socket/pdx/system/vr/display 0775 system system
+    mkdir /dev/socket/pdx/system/vr/pose 0775 system system
+    mkdir /dev/socket/pdx/system/vr/sensors 0775 system system
+
+#
+# TODO(b/137410559): Remove this, it's specific to Snapdragon 845.
+#
+on boot
+    # Update DVR cpusets to boot-time values.
+    write /dev/cpuset/kernel/cpus 0-7
+    write /dev/cpuset/system/cpus 0-7
+    write /dev/cpuset/system/performance/cpus 0-7
+    write /dev/cpuset/system/background/cpus 0-7
+    write /dev/cpuset/system/cpus 0-7
+    write /dev/cpuset/application/cpus 0-7
+    write /dev/cpuset/application/performance/cpus 0-7
+    write /dev/cpuset/application/background/cpus 0-7
+    write /dev/cpuset/application/cpus 0-7
+
+#
+# TODO(b/137410559): Remove this, it's specific to Snapdragon 845.
+#
+on property:sys.boot_completed=1
+    # Update DVR cpusets to runtime values.
+    # Kernel cpuset will be apply on PowerHAL
+    write /dev/cpuset/system/performance/cpus 6-7
+    write /dev/cpuset/system/background/cpus 0-1
+    write /dev/cpuset/system/cpus 0-1,6-7
+    write /dev/cpuset/application/performance/cpus 4-5
+    write /dev/cpuset/application/background/cpus 0-1
+    write /dev/cpuset/application/cpus 0-1,4-5
diff --git a/xr/overlay/frameworks/base/core/res/res/values/config.xml b/xr/overlay/frameworks/base/core/res/res/values/config.xml
new file mode 100644
index 0000000..cd86be0
--- /dev/null
+++ b/xr/overlay/frameworks/base/core/res/res/values/config.xml
@@ -0,0 +1,7 @@
+<!-- Customized settings for XR products -->
+<resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
+
+  <!-- Is the lock-screen disabled for new users by default -->
+    <bool name="config_disableLockscreenByDefault">true</bool>
+
+</resources>
diff --git a/xr/packages/BluetoothQtiSymlink/Android.mk b/xr/packages/BluetoothQtiSymlink/Android.mk
new file mode 100644
index 0000000..b25835a
--- /dev/null
+++ b/xr/packages/BluetoothQtiSymlink/Android.mk
@@ -0,0 +1,20 @@
+#
+# This is a workaround for Bluetooth not working on OnePlus7 Pro. See b/139486342
+#
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := BluetoothQtiSymlink
+
+lib_dir := $(PRODUCT_OUT)/system/lib
+bluetooth_qti := libbluetooth_qti.so
+bluetooth := libbluetooth.so
+bluetooth_qti_path := $(lib_dir)/$(bluetooth_qti)
+bluetooth_path := $(lib_dir)/$(bluetooth)
+
+$(bluetooth_qti_path): $(bluetooth_path)
+	cd $(lib_dir) && ln -sf $(bluetooth) $(bluetooth_qti)
+
+droid: $(bluetooth_qti_path)
diff --git a/xr/packages/overlays/SetupWizardOverlayXr/Android.mk b/xr/packages/overlays/SetupWizardOverlayXr/Android.mk
new file mode 100644
index 0000000..4c84e18
--- /dev/null
+++ b/xr/packages/overlays/SetupWizardOverlayXr/Android.mk
@@ -0,0 +1,31 @@
+#
+#  Copyright 2019, The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+LOCAL_PATH:= $(call my-dir)
+include $(CLEAR_VARS)
+
+LOCAL_CERTIFICATE := platform
+LOCAL_OVERRIDES_PACKAGES := SetupWizardOverlay
+
+LOCAL_PRODUCT_MODULE := true
+
+LOCAL_SRC_FILES := $(call all-subdir-java-files)
+
+LOCAL_RESOURCE_DIR := $(LOCAL_PATH)/res
+
+LOCAL_PACKAGE_NAME := SetupWizardOverlayXr
+LOCAL_SDK_VERSION := current
+
+include $(BUILD_RRO_PACKAGE)
diff --git a/xr/packages/overlays/SetupWizardOverlayXr/AndroidManifest.xml b/xr/packages/overlays/SetupWizardOverlayXr/AndroidManifest.xml
new file mode 100644
index 0000000..fa7b0ba
--- /dev/null
+++ b/xr/packages/overlays/SetupWizardOverlayXr/AndroidManifest.xml
@@ -0,0 +1,26 @@
+<!--
+/**
+ * Copyright (c) 2019, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.google.android.apps.vr.setupwizard.overlay"
+    android:versionCode="1"
+    android:versionName="1.0">
+    <overlay android:targetPackage="com.google.android.apps.vr.setupwizard"
+             android:targetName="SetupWizardOverlayXr"
+             android:isStatic="true"
+             android:priority="1"/>
+</manifest>
diff --git a/xr/packages/overlays/SetupWizardOverlayXr/res/raw/wizard_script.xml b/xr/packages/overlays/SetupWizardOverlayXr/res/raw/wizard_script.xml
new file mode 100644
index 0000000..5ec8fa0
--- /dev/null
+++ b/xr/packages/overlays/SetupWizardOverlayXr/res/raw/wizard_script.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!-- This file is a modified version of
+    "google3/java/com/google/android/apps/vr/setupwizard/res/raw/wizard_script.xml"
+    that is customized for GSI XR.
+-->
+<WizardScript xmlns:wizard="http://schemas.android.com/apk/res/com.google.android.setupwizard"
+    wizard:version="2">
+
+  <!-- Preliminary setup for OEMs -->
+  <WizardAction
+      id="oem_pre_setup"
+      wizard:uri="intent:#Intent;action=com.android.setupwizard.OEM_PRE_SETUP;end">
+    <result wizard:action="wait_for_unlock"/>
+  </WizardAction>
+
+  <!-- This step waits for the device to be unlocked from a decryption point of view. Even if we
+       don't support encryption the device might take a little bit of time to get out of direct boot
+       mode. This step waits until direct boot is no longer needed. -->
+  <WizardAction id="wait_for_unlock"
+      wizard:uri="intent:#Intent;action=com.android.setupwizard.CHECK_USER_UNLOCK;end">
+  </WizardAction>
+
+  <!-- Controller Turn-on screen. -->
+  <WizardAction id="controller"
+      wizard:uri="intent:#Intent;action=com.google.android.apps.vr.setupwizard.CONTROLLER_TURN_ON;end">
+  </WizardAction>
+
+  <!-- Welcome screen with language selection [RECOMMENDED, CUSTOMIZABLE] -->
+  <WizardAction id="welcome"
+      wizard:uri="intent:#Intent;action=com.android.setupwizard.WELCOME;end">
+  </WizardAction>
+
+  <!-- Network selection and packages update [REQUIRED, CUSTOMIZABLE] -->
+  <WizardAction id="connect_and_update"
+      wizard:script="android.resource://com.google.android.apps.vr.setupwizard/raw/wizard_script_connect_and_update_flow">
+    <!-- AIO setup requires network connection. If no network, stay on the same page -->
+    <result wizard:name="no_connection"
+        wizard:resultCode="1"
+        wizard:action="oem_post_setup" />
+  </WizardAction>
+
+  <!-- Set up as a new device [REQUIRED, CUSTOMIZABLE] -->
+  <WizardAction id="setup_as_new_flow"
+      wizard:script="android.resource://com.google.android.apps.vr.setupwizard/raw/wizard_script_setup_as_new_flow">
+    <result wizard:action="oem_post_setup" />
+  </WizardAction>
+
+  <!-- Set up as zero touch enabled device -->
+  <WizardAction id="zero_touch"
+      wizard:script="android.resource://com.google.android.apps.vr.setupwizard/raw/wizard_script_zero_touch_flow">
+    <result wizard:name="dpm_user_complete" wizard:resultCode="111"/>
+  </WizardAction>
+
+  <!-- OEM completion [CUSTOMIZABLE] -->
+  <WizardAction id="oem_post_setup"
+      wizard:uri="intent:#Intent;action=com.android.setupwizard.OEM_POST_SETUP;end" />
+
+  <!-- Leave Setup Wizard [REQUIRED] -->
+  <WizardAction id="exit"
+      wizard:uri="intent:#Intent;action=com.android.setupwizard.EXIT;end" />
+</WizardScript>
diff --git a/xr/packages/overlays/SetupWizardOverlayXr/res/raw/wizard_script_connect_and_update_flow.xml b/xr/packages/overlays/SetupWizardOverlayXr/res/raw/wizard_script_connect_and_update_flow.xml
new file mode 100644
index 0000000..5990ba7
--- /dev/null
+++ b/xr/packages/overlays/SetupWizardOverlayXr/res/raw/wizard_script_connect_and_update_flow.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    This file is a modified version of
+    "google3/java/com/google/android/apps/vr/setupwizard/res/raw/wizard_script_connect_and_update_flow.xml"
+    that is customized for GSI XR.
+
+    Current changes:
+    * The OTA update is skipped, because currently it hangs: b/137600556
+-->
+
+<WizardScript xmlns:wizard="http://schemas.android.com/apk/res/com.google.android.setupwizard"
+    wizard:firstAction="network_settings">
+
+  <!-- Network selection, Users must be given the opportunity to set up an internet connection,
+        using the given screens or a custom flow. -->
+  <WizardAction id="network_settings"
+      wizard:uri="intent:#Intent;action=com.android.setupwizard.NETWORK_SETTINGS;end">
+    <result wizard:name="see_all_wifi"
+        wizard:resultCode="102"
+        wizard:action="wifi_settings" />
+    <result wizard:action="captive_portal" />
+  </WizardAction>
+
+  <!-- Wi-Fi setup -->
+  <WizardAction id="wifi_settings"
+      wizard:uri="intent:#Intent;action=com.android.setupwizard.WIFI_SETTINGS;end">
+    <result wizard:action="captive_portal" />
+  </WizardAction>
+
+  <!-- Resolve captive portal access, and wait for check-in [REQUIRED] -->
+  <WizardAction id="captive_portal"
+      wizard:uri="intent:#Intent;action=com.android.setupwizard.CAPTIVE_PORTAL;end">
+    <result wizard:action="gms_checkin" />
+  </WizardAction>
+
+  <WizardAction id="gms_checkin"
+      wizard:uri="intent:#Intent;action=com.google.android.setupwizard.GMS_CHECKIN;end">
+    <result wizard:action="oem_post_setup" />
+  </WizardAction>
+
+  <!-- Update system packages [REQUIRED] -->
+  <WizardAction id="ota_update"
+      wizard:uri="intent:#Intent;action=com.google.android.setupwizard.OTA_UPDATE;end">
+    <result wizard:name="skip"
+        wizard:resultCode="1"
+        wizard:action="early_update" />
+    <result wizard:action="system_update" />
+  </WizardAction>
+
+  <!-- System update should cause a reboot, but if it returns unexpectedly, continue on to
+      early update -->
+  <WizardAction id="system_update"
+      wizard:uri="intent:#Intent;action=android.settings.SYSTEM_UPDATE_SETTINGS;end">
+    <result wizard:action="early_update" />
+  </WizardAction>
+
+  <!-- Update other important packages [REQUIRED] -->
+  <WizardAction id="early_update"
+      wizard:uri="intent:#Intent;action=com.google.android.setupwizard.EARLY_UPDATE;end" />
+  <result wizard:action="zero_touch" />
+</WizardScript>
diff --git a/xr/products/experimental_google_xr.mk b/xr/products/experimental_google_xr.mk
new file mode 100644
index 0000000..999b719
--- /dev/null
+++ b/xr/products/experimental_google_xr.mk
@@ -0,0 +1,52 @@
+PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
+    ro.dvr.lens_metrics=/etc/hmd_config
+
+# SELinux permissions
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR := device/google/vrservices/xr/sepolicy
+
+# Remove non-critical and non-XR packages from PRODUCT_PACKAGES.
+#
+# Overrides (i.e. removes) packages that are bundled into the system/product
+# image for smartphone use cases. We are removing those packages for two
+# reasons:
+# 1) Pixel devices' system/product image are almost out of disk spaces. It has
+#    been hard for us to bundle the AIO flavored VrCore into the their system
+#    image. Removing some of the packages free up enough disk spaces for XR use
+#    cases.
+# 2) Removing those packages won't impact the functionality of the device. More
+#    specifically, those package meet the following requirements:
+#    i) they are not critical packages for XR use cases; and ii) can still be
+#    install from Play Store if ever needed.
+#    For certain packages, removing those packages are actually beneficial. For
+#    example, the WallpapersBReel201* packages introduced unnecessary GPU load
+#    for the system. Disabling those packages frees some GPU resources to XR use
+#    cases and improves the accuracy of our GPU performance profiling.
+
+# External camera libraries.
+# There is no need to add extra SELinux policy for external cameras
+# because our devices do not run Trebel passthrough mode.
+PRODUCT_PACKAGES += android.hardware.camera.provider@2.4-impl
+PRODUCT_PACKAGES += android.hardware.camera.provider@2.4-external-service
+# Use webcam camera device@3.5
+PRODUCT_PROPERTY_OVERRIDES += ro.vendor.camera.external.hal3TrebleMinorVersion=5
+
+PRODUCT_PACKAGES += NonXrProductPackagesRemover
+
+PRODUCT_PACKAGE_OVERLAYS := device/google/vrservices/xr/overlay
+
+PRODUCT_COPY_FILES += \
+    device/google/vrservices/xr/init/init.xr.rc:$(TARGET_COPY_OUT_SYSTEM)/etc/init/init.xr.rc \
+    device/google/vrservices/xr/scripts/boot-to-vr.sh:$(TARGET_COPY_OUT_SYSTEM)/bin/boot-to-vr.sh \
+    frameworks/native/data/etc/android.hardware.vr.high_performance.xml:$(TARGET_COPY_OUT_SYSTEM)/etc/permissions/android.hardware.vr.high_performance.xml \
+    vendor/unbundled_google/packages/PrebuiltGoogleVr/configs/daydream_viewer_config:$(TARGET_COPY_OUT_SYSTEM)/etc/hmd_config \
+
+# XR/VR prebuilt packages
+PRODUCT_PACKAGES += \
+    SetupWizardOverlay \
+    SetupWizardOverlayXr \
+    VrHome \
+    VrInputMethodIme \
+    VrHeadsetPowerPolicy \
+    pps-tool.sh \
+    BluetoothQtiSymlink \
+
diff --git a/xr/scripts/boot-to-vr.sh b/xr/scripts/boot-to-vr.sh
new file mode 100755
index 0000000..484f380
--- /dev/null
+++ b/xr/scripts/boot-to-vr.sh
@@ -0,0 +1,79 @@
+#
+# This script finds the init.rc file for a certain Pixel XR device and updates
+# the value of ro.boot.vr being set during the init process.
+#
+SYSTEM_INIT_XR_RC_FILE="/system/etc/init/init.xr.rc"
+PROP_RO_HARDWARE="$(getprop ro.hardware)"
+PROP_RO_BOOT_HARDWARE_PLATFORM="$(getprop ro.boot.hardware.platform)"
+PROP_RO_PRODUCT_NAME="$(getprop ro.product.name)"
+
+function print_usage {
+  echo "Update $(get_init_rc_file)"
+  echo "Usage:"
+  echo "  boot-to-vr.sh (true|false))"
+  echo "      Enable or disable whether the system should boot into VR."
+  exit 1
+}
+
+function get_hardware_name() {
+  case $PROP_RO_HARDWARE in
+    walleye) echo walleye ;;
+    taimen) echo taimen ;;
+    blueline) echo $PROP_RO_BOOT_HARDWARE_PLATFORM ;;
+    crosshatch) echo $PROP_RO_BOOT_HARDWARE_PLATFORM ;;
+  esac
+}
+
+function get_init_rc_file() {
+  if [ -f $SYSTEM_INIT_XR_RC_FILE ]; then
+    echo $SYSTEM_INIT_XR_RC_FILE
+  else
+    echo "/vendor/etc/init/hw/init.$(get_hardware_name).rc"
+  fi
+}
+
+function print_init_rc() {
+  cat $(get_init_rc_file) | grep -A10 -B10 ro.boot.vr
+}
+
+function fail_to_write_file() {
+  echo "Cannot modify $(get_init_rc_file). The following commands may help:
+    adb disable-verity
+    adb reboot
+    adb remount"
+  exit 1
+}
+
+function enable_boot_to_vr() {
+  sed -i "s/setprop ro.boot.vr 0/setprop ro.boot.vr 1/" $(get_init_rc_file)
+  rc=$?
+
+  if [[ $rc != 0 ]]; then
+    fail_to_write_file
+  else
+    print_init_rc
+  fi
+}
+
+function disable_boot_to_vr() {
+  sed -i "s/setprop ro.boot.vr 1/setprop ro.boot.vr 0/" $(get_init_rc_file)
+  rc=$?
+
+  if [[ $rc != 0 ]]; then
+    fail_to_write_file
+  else
+    print_init_rc
+  fi
+}
+
+WHOAMI=$(whoami)
+if ! [ "$WHOAMI" == "root" ]; then
+  echo "*** Root access required. Run 'adb root' first."
+  exit 1
+fi
+
+case "$1" in
+  true) enable_boot_to_vr ;;
+  false) disable_boot_to_vr ;;
+  *) print_usage ;;
+esac
diff --git a/xr/sepolicy/README b/xr/sepolicy/README
new file mode 100644
index 0000000..30daeea
--- /dev/null
+++ b/xr/sepolicy/README
@@ -0,0 +1 @@
+These are SELinux policies that can be shared across XR devices.
diff --git a/xr/sepolicy/platform_app.te b/xr/sepolicy/platform_app.te
new file mode 100644
index 0000000..09214ae
--- /dev/null
+++ b/xr/sepolicy/platform_app.te
@@ -0,0 +1 @@
+allow platform_app system_prop:property_service set;
diff --git a/xr/sepolicy/property.te b/xr/sepolicy/property.te
new file mode 100644
index 0000000..adad644
--- /dev/null
+++ b/xr/sepolicy/property.te
@@ -0,0 +1,10 @@
+# For VrHeadsetPowerPolicyService.
+type vr_performance_prop, property_type, extended_core_property_type;
+type vr_pps_state_prop, property_type, extended_core_property_type;
+type vr_pps_enabled_prop, property_type;
+
+set_prop(platform_app, vr_performance_prop)
+set_prop(platform_app, vr_pps_state_prop)
+get_prop(platform_app, vr_pps_enabled_prop)
+set_prop(surfaceflinger, vr_performance_prop)
+
diff --git a/xr/sepolicy/property_contexts b/xr/sepolicy/property_contexts
new file mode 100644
index 0000000..6e1a18c
--- /dev/null
+++ b/xr/sepolicy/property_contexts
@@ -0,0 +1,4 @@
+# For VrHeadsetPowerPolicyService.
+persist.sys.pps_enabled    u:object_r:vr_pps_enabled_prop:s0
+sys.pps.state              u:object_r:vr_pps_state_prop:s0
+sys.dvr.performance        u:object_r:vr_performance_prop:s0
diff --git a/xr/sepolicy/untrusted_app_27.te b/xr/sepolicy/untrusted_app_27.te
new file mode 100644
index 0000000..e9bc2b3
--- /dev/null
+++ b/xr/sepolicy/untrusted_app_27.te
@@ -0,0 +1,2 @@
+allow untrusted_app_27 vr_hwc_service:service_manager find;
+allow untrusted_app_27 virtual_touchpad_service:service_manager find;
diff --git a/xr/sepolicy/vr_hwc.te b/xr/sepolicy/vr_hwc.te
new file mode 100644
index 0000000..295205e
--- /dev/null
+++ b/xr/sepolicy/vr_hwc.te
@@ -0,0 +1 @@
+allow vr_hwc untrusted_app_27:binder call;