Adding new CTPM sepolicy and domain. am: 8dc87548dc am: 9b48791ccd

Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/18775444

Change-Id: Ibf2945e8dbcc74dcc58b55cee56d8fa3c31bdbfc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

2 files changed, 16 insertions, 0 deletions

diff --git a/connectivity_thermal_power_manager/connectivity_thermal_power_manager.te b/connectivity_thermal_power_manager/connectivity_thermal_power_manager.te
new file mode 100644
index 0000000..54b2e8c
--- /dev/null
+++ b/connectivity_thermal_power_manager/connectivity_thermal_power_manager.te
@@ -0,0 +1,15 @@
+# platform_apps cannot access PowerHAL, so we need to define our own domain.
+# Since we're defining and moving CTPM to its own domain, we need to assign
+# all of the previous permissions that we had as a platform_app
+
+type connectivity_thermal_power_manager, domain, coredomain, system_suspend_internal_server;
+
+app_domain(connectivity_thermal_power_manager)
+
+# register previous permissions we had as a platform_app
+allow connectivity_thermal_power_manager radio_service:service_manager find;
+allow connectivity_thermal_power_manager app_api_service:service_manager find;
+allow connectivity_thermal_power_manager system_api_service:service_manager find;
+
+# access power stats
+hal_client_domain(connectivity_thermal_power_manager, hal_power_stats);
diff --git a/connectivity_thermal_power_manager/seapp_contexts b/connectivity_thermal_power_manager/seapp_contexts
new file mode 100644
index 0000000..28b2e0c
--- /dev/null
+++ b/connectivity_thermal_power_manager/seapp_contexts
@@ -0,0 +1 @@
+user=_app seinfo=platform name=com.google.android.connectivitythermalpowermanager domain=connectivity_thermal_power_manager type=app_data_file levelFrom=all