Fix GSI selinux policies.

Install them into the system partition using BOARD_PLAT_PRIVATE_SEPOLICY_DIR. Bug: 139096707 Test: Verified that pp selinux errors no longer occur on an MTP. Change-Id: I9bae2030aa225baaf8c4f819f2f532201928875c
author: Grant Yoshida <gyoshida@google.com> 2019-08-13 12:40:27 -0700
committer: Grant Yoshida <gyoshida@google.com> 2019-08-19 17:23:14 -0700
commit: 7ea95fe6a470c71531a2465e0c2a0aca36ee410f (patch)
tree: ab348e19082a4d90ddf022da8b531dcd2888d7ec
parent: fe14c1af518746cf4992f670ddda30e0d09e039f (diff)
download: vrservices-7ea95fe6a470c71531a2465e0c2a0aca36ee410f.tar.gz
3 files changed, 3 insertions, 1 deletions
diff --git a/xr/products/experimental_google_xr.mk b/xr/products/experimental_google_xr.mk
index 2f3c1a1..ed37904 100644
--- a/xr/products/experimental_google_xr.mk
+++ b/xr/products/experimental_google_xr.mk
@@ -2,7 +2,7 @@ PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
     ro.dvr.lens_metrics=/etc/hmd_config
 
 # SELinux permissions
-BOARD_SEPOLICY_DIRS += device/google/vrservices/xr/sepolicy
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR := device/google/vrservices/xr/sepolicy
 
 # Remove non-critical and non-XR packages from PRODUCT_PACKAGES.
 #
diff --git a/xr/sepolicy/platform_app.te b/xr/sepolicy/platform_app.te
new file mode 100644
index 0000000..09214ae
--- /dev/null
+++ b/xr/sepolicy/platform_app.te
@@ -0,0 +1 @@
+allow platform_app system_prop:property_service set;
diff --git a/xr/sepolicy/untrusted_app_27.te b/xr/sepolicy/untrusted_app_27.te
new file mode 100644
index 0000000..a61c35f
--- /dev/null
+++ b/xr/sepolicy/untrusted_app_27.te
@@ -0,0 +1 @@
+allow untrusted_app_27 vr_hwc_service:service_manager find;
author	Grant Yoshida <gyoshida@google.com>	2019-08-13 12:40:27 -0700
committer	Grant Yoshida <gyoshida@google.com>	2019-08-19 17:23:14 -0700
commit	7ea95fe6a470c71531a2465e0c2a0aca36ee410f (patch)
tree	ab348e19082a4d90ddf022da8b531dcd2888d7ec
parent	fe14c1af518746cf4992f670ddda30e0d09e039f (diff)
download	vrservices-7ea95fe6a470c71531a2465e0c2a0aca36ee410f.tar.gz