6 files changed, 19 insertions, 0 deletions

diff --git a/xr/sepolicy/README b/xr/sepolicy/README
new file mode 100644
index 0000000..30daeea
--- /dev/null
+++ b/xr/sepolicy/README
@@ -0,0 +1 @@
+These are SELinux policies that can be shared across XR devices.
diff --git a/xr/sepolicy/platform_app.te b/xr/sepolicy/platform_app.te
new file mode 100644
index 0000000..09214ae
--- /dev/null
+++ b/xr/sepolicy/platform_app.te
@@ -0,0 +1 @@
+allow platform_app system_prop:property_service set;
diff --git a/xr/sepolicy/property.te b/xr/sepolicy/property.te
new file mode 100644
index 0000000..adad644
--- /dev/null
+++ b/xr/sepolicy/property.te
@@ -0,0 +1,10 @@
+# For VrHeadsetPowerPolicyService.
+type vr_performance_prop, property_type, extended_core_property_type;
+type vr_pps_state_prop, property_type, extended_core_property_type;
+type vr_pps_enabled_prop, property_type;
+
+set_prop(platform_app, vr_performance_prop)
+set_prop(platform_app, vr_pps_state_prop)
+get_prop(platform_app, vr_pps_enabled_prop)
+set_prop(surfaceflinger, vr_performance_prop)
+
diff --git a/xr/sepolicy/property_contexts b/xr/sepolicy/property_contexts
new file mode 100644
index 0000000..6e1a18c
--- /dev/null
+++ b/xr/sepolicy/property_contexts
@@ -0,0 +1,4 @@
+# For VrHeadsetPowerPolicyService.
+persist.sys.pps_enabled    u:object_r:vr_pps_enabled_prop:s0
+sys.pps.state              u:object_r:vr_pps_state_prop:s0
+sys.dvr.performance        u:object_r:vr_performance_prop:s0
diff --git a/xr/sepolicy/untrusted_app_27.te b/xr/sepolicy/untrusted_app_27.te
new file mode 100644
index 0000000..e9bc2b3
--- /dev/null
+++ b/xr/sepolicy/untrusted_app_27.te
@@ -0,0 +1,2 @@
+allow untrusted_app_27 vr_hwc_service:service_manager find;
+allow untrusted_app_27 virtual_touchpad_service:service_manager find;
diff --git a/xr/sepolicy/vr_hwc.te b/xr/sepolicy/vr_hwc.te
new file mode 100644
index 0000000..295205e
--- /dev/null
+++ b/xr/sepolicy/vr_hwc.te
@@ -0,0 +1 @@
+allow vr_hwc untrusted_app_27:binder call;