Restructure sepolicy for EVS stack

Move EVS policies into their own folder so they can be selectively
included for platforms that need/want them.
Adopt hal_server_domain and hal_client_domain macros
Add comments to clarify intent

Test: boot and run on gordon_peak
Change-Id: I092d1251868dea9af7840ddfe75f98841e98fe37

5 files changed, 0 insertions, 54 deletions

diff --git a/car_product/sepolicy/evs_app.te b/car_product/sepolicy/evs_app.te
deleted file mode 100644
index 0e8881ea86..0000000000
--- a/car_product/sepolicy/evs_app.te
+++ /dev/null
@@ -1,14 +0,0 @@
-# evs app
-type evs_app, domain;
-type evs_app_exec, exec_type, file_type;
-
-allow evs_app evs_app_exec:dir search;
-allow evs_app evs_driver:binder call;
-allow evs_app evs_mock:binder call;
-allow evs_app gpu_device:chr_file ioctl;
-allow evs_app hal_graphics_allocator_default:fd use;
-allow evs_app hal_vehicle_default:binder call;
-
-init_daemon_domain(evs_app)
-
-binder_use(evs_app);
diff --git a/car_product/sepolicy/evs_driver.te b/car_product/sepolicy/evs_driver.te
deleted file mode 100644
index 1307616dc8..0000000000
--- a/car_product/sepolicy/evs_driver.te
+++ /dev/null
@@ -1,12 +0,0 @@
-# evs_driver mock hardware driver service
-type evs_driver, domain;
-type evs_driver_exec, exec_type, file_type;
-
-allow evs_driver hwservicemanager:binder { call transfer };
-allow evs_driver hwservicemanager_prop:file { getattr open read };
-allow evs_driver device:dir { open read };
-allow evs_driver surfaceflinger:binder call;
-
-init_daemon_domain(evs_driver)
-
-binder_use(evs_driver);
diff --git a/car_product/sepolicy/evs_manager.te b/car_product/sepolicy/evs_manager.te
deleted file mode 100644
index f5c4ba849d..0000000000
--- a/car_product/sepolicy/evs_manager.te
+++ /dev/null
@@ -1,11 +0,0 @@
-# evs manager
-type evs_manager, domain;
-type evs_manager_exec, exec_type, file_type;
-
-allow evs_manager hwservicemanager:binder { call transfer };
-allow evs_manager hwservicemanager_prop:file { getattr open read };
-allow evs_manager evs_driver:binder call;
-
-init_daemon_domain(evs_manager)
-
-binder_use(evs_manager);
diff --git a/car_product/sepolicy/evs_mock.te b/car_product/sepolicy/evs_mock.te
deleted file mode 100644
index b89b1baa2e..0000000000
--- a/car_product/sepolicy/evs_mock.te
+++ /dev/null
@@ -1,11 +0,0 @@
-# evs_mock mock hardware driver service
-type evs_mock, domain;
-type evs_mock_exec, exec_type, file_type;
-
-allow evs_mock hwservicemanager:binder { call transfer };
-allow evs_mock hwservicemanager_prop:file { getattr open read };
-allow evs_mock hal_graphics_allocator_default:fd use;
-
-init_daemon_domain(evs_mock)
-
-binder_use(evs_mock);
diff --git a/car_product/sepolicy/file_contexts b/car_product/sepolicy/file_contexts
index 53759c7eab..3705765e05 100644
--- a/car_product/sepolicy/file_contexts
+++ b/car_product/sepolicy/file_contexts
@@ -7,10 +7,4 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-service  u:object_r:hal_vehicle_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.1-service  u:object_r:hal_vehicle_default_exec:s0
 
-/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs@1\.0-service  u:object_r:evs_mock_exec:s0
-/system/bin/android\.hardware\.automotive\.evs@1\.0-sample   u:object_r:evs_driver_exec:s0
-/system/bin/android\.automotive\.evs\.manager@1\.0           u:object_r:evs_manager_exec:s0
-/system/bin/evs_app                                          u:object_r:evs_app_exec:s0
-/system/etc/automotive/evs(/.*)?                             u:object_r:evs_app_exec:s0
-
 ###################################