Revert "Remove old Facotry OTA sepolicy setting for B4/S4"
Revert "Remove old Factory OTA sepolicy setting for C2/F2"
Revert "Move FactoryOTA sepolicy Setting to Pixel-wide location"
Revert "Include factoryota.mk to enable new sepolicy"
Revert "Remove ro.boot.sota setting in init.hardware.rc"
Revert "Remove old Factory OTA sepolicy setting for S5"
Revert "Remove legacy Factory OTA system property in Factory OTA..."
Revert "Set sota system propety and inclue new sepolicy for Fact..."
Revert "Add Factory OTA into B5 R3"
Revert "Remove old Factory OTA sepolicy setting for C1"
Revert "Rename FactoryOTA property used in RIL"
Revert "Remove old Factory OTA sepolicy setting and let RIL use ..."
Revert submission 10029000-factoryota-porting-AndroidR
Reason for revert: Droidcop: Potential culprit for Bug 149824969 - verifying through Forrest before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Reverted Changes:
Iab3d4deb9:Remove old Facotry OTA sepolicy setting for B4/S4
I3fbb77837:Add Factory OTA into B5 R3
Icc0434a49:Remove old Factory OTA sepolicy setting and let RI...
I723e484c9:Rename FactoryOTA property used in RIL
I60353556a:Remove ro.boot.sota setting in init.hardware.rc
Ie0947aae5:Include factoryota.mk to enable new sepolicy
I99ab2d374:Remove legacy Factory OTA system property in Facto...
I268bee5e8:Set sota system propety and inclue new sepolicy fo...
Ic6c4fddf6:Remove old Factory OTA sepolicy setting for S5
I818c69760:Move FactoryOTA sepolicy Setting to Pixel-wide loc...
Ic2c286808:Remove old Factory OTA sepolicy setting for C1
Ib020aa677:Remove old Factory OTA sepolicy setting for C2/F2
Change-Id: I466b85a9f14280b8a7c1bf5702d191cdbc4b669f
diff --git a/vendor/qcom/common/factory_ota_app.te b/vendor/qcom/common/factory_ota_app.te
new file mode 100644
index 0000000..5f2268b
--- /dev/null
+++ b/vendor/qcom/common/factory_ota_app.te
@@ -0,0 +1,24 @@
+type factory_ota_app, domain, coredomain;
+
+app_domain(factory_ota_app)
+net_domain(factory_ota_app)
+
+# Write to /data/ota_package for OTA packages.
+allow factory_ota_app ota_package_file:dir rw_dir_perms;
+allow factory_ota_app ota_package_file:file create_file_perms;
+
+# Properties
+get_prop(factory_ota_app, factory_ota_prop);
+set_prop(factory_ota_app, exported_system_prop);
+
+# Services
+allow factory_ota_app app_api_service:service_manager find;
+binder_call(factory_ota_app, update_engine) # Allow Factory OTA to call Update Engine
+binder_call(update_engine, factory_ota_app) # Allow Update Engine to call the Factory OTA callback
+allow factory_ota_app update_engine_service:service_manager find;
+allow factory_ota_app nfc_service:service_manager find;
+allow factory_ota_app radio_service:service_manager find;
+
+# b/133124196 For suppress the GPU service seploicy error log which Factory OTA does not need it.
+dontaudit factory_ota_app gpu_service:service_manager find;
+
diff --git a/vendor/qcom/common/hal_nfc_default.te b/vendor/qcom/common/hal_nfc_default.te
index 8e40bfb..081430d 100644
--- a/vendor/qcom/common/hal_nfc_default.te
+++ b/vendor/qcom/common/hal_nfc_default.te
@@ -8,5 +8,5 @@
add_hwservice(hal_nfc_default, nxpnfc_hwservice)
get_prop(hal_nfc_default, vendor_nfc_prop)
-get_prop(hal_nfc_default, sota_prop)
-set_prop(hal_nfc_default, sota_prop)
+get_prop(hal_nfc_default, factory_ota_prop)
+set_prop(hal_nfc_default, factory_ota_prop)
diff --git a/vendor/qcom/common/property.te b/vendor/qcom/common/property.te
index ea711b3..d95b2e4 100644
--- a/vendor/qcom/common/property.te
+++ b/vendor/qcom/common/property.te
@@ -1,5 +1,6 @@
type vendor_camera_prop, property_type;
type cnd_prop, property_type;
+type factory_ota_prop, property_type;
type ims_prop, property_type;
type vendor_ramdump_prop, property_type;
type public_vendor_default_prop, property_type;
diff --git a/vendor/qcom/common/property_contexts b/vendor/qcom/common/property_contexts
index d5100b2..2530a43 100644
--- a/vendor/qcom/common/property_contexts
+++ b/vendor/qcom/common/property_contexts
@@ -2,6 +2,9 @@
persist.vendor.camera. u:object_r:vendor_camera_prop:s0
persist.camera. u:object_r:vendor_camera_prop:s0
persist.vendor.sys.cnd u:object_r:cnd_prop:s0
+ro.boot.sota u:object_r:factory_ota_prop:s0
+persist.factoryota.reboot u:object_r:exported_system_prop:s0
+persist.vendor.radio.bootwithlpm u:object_r:vendor_radio_prop:s0
vendor.ims. u:object_r:ims_prop:s0
persist.vendor.ims. u:object_r:ims_prop:s0
persist.net.doxlat u:object_r:vendor_net_radio_prop:s0
diff --git a/vendor/qcom/common/rild.te b/vendor/qcom/common/rild.te
index 1f469b5..9c854ed 100644
--- a/vendor/qcom/common/rild.te
+++ b/vendor/qcom/common/rild.te
@@ -30,7 +30,7 @@
allow rild radio_vendor_data_file:dir rw_dir_perms;
allow rild radio_vendor_data_file:file create_file_perms;
-get_prop(rild, sota_prop)
+get_prop(rild, factory_ota_prop)
set_prop(rild, vendor_radio_prop)
# Allow vendor native process to read the proc file of xt_qtaguid
diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts
index f3c98c7..b2928ed 100644
--- a/vendor/qcom/common/seapp_contexts
+++ b/vendor/qcom/common/seapp_contexts
@@ -15,6 +15,9 @@
# A fallback in case tango_core is missing something critical that untrusted_app provides
user=_app seinfo=tango name=com.google.tango:app domain=untrusted_app type=app_data_file levelFrom=user
+# Factory OTA
+user=_app seinfo=platform name=com.google.android.factoryota domain=factory_ota_app levelFrom=all
+
# Hardware Info Collection
user=_app seinfo=platform name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
diff --git a/vendor/qcom/common/vendor_init.te b/vendor/qcom/common/vendor_init.te
index dd748bc..2eabcdf 100644
--- a/vendor/qcom/common/vendor_init.te
+++ b/vendor/qcom/common/vendor_init.te
@@ -15,6 +15,7 @@
')
set_prop(vendor_init, vendor_camera_prop)
+set_prop(vendor_init, factory_ota_prop)
set_prop(vendor_init, power_prop)
set_prop(vendor_init, public_vendor_default_prop)
set_prop(vendor_init, vendor_bluetooth_prop)
