Revert "Remove old Factory OTA sepolicy setting for C1"
Revert "Rename FactoryOTA property used in RIL"
Revert "Remove old Factory OTA sepolicy setting and let RIL use ..."
Revert submission 10029000-factoryota-porting-AndroidR
Reason for revert: Droidcop: Potential culprit for Bug 149824969 - verifying through Forrest before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Reverted Changes:
Iab3d4deb9:Remove old Facotry OTA sepolicy setting for B4/S4
I3fbb77837:Add Factory OTA into B5 R3
Icc0434a49:Remove old Factory OTA sepolicy setting and let RI...
I723e484c9:Rename FactoryOTA property used in RIL
I60353556a:Remove ro.boot.sota setting in init.hardware.rc
Ie0947aae5:Include factoryota.mk to enable new sepolicy
I99ab2d374:Remove legacy Factory OTA system property in Facto...
I268bee5e8:Set sota system propety and inclue new sepolicy fo...
Ic6c4fddf6:Remove old Factory OTA sepolicy setting for S5
I818c69760:Move FactoryOTA sepolicy Setting to Pixel-wide loc...
Ic2c286808:Remove old Factory OTA sepolicy setting for C1
Ib020aa677:Remove old Factory OTA sepolicy setting for C2/F2
Change-Id: I242594e8f08ec92b6f651cdf4348113c820b916a
diff --git a/vendor/qcom/common/factory_ota_app.te b/vendor/qcom/common/factory_ota_app.te
new file mode 100644
index 0000000..b2d879d
--- /dev/null
+++ b/vendor/qcom/common/factory_ota_app.te
@@ -0,0 +1,20 @@
+type factory_ota_app, domain, coredomain;
+
+app_domain(factory_ota_app)
+net_domain(factory_ota_app)
+
+# Write to /data/ota_package for OTA packages.
+allow factory_ota_app ota_package_file:dir rw_dir_perms;
+allow factory_ota_app ota_package_file:file create_file_perms;
+
+# Properties
+get_prop(factory_ota_app, factory_ota_prop);
+set_prop(factory_ota_app, exported_system_prop);
+
+# Services
+allow factory_ota_app app_api_service:service_manager find;
+binder_call(factory_ota_app, update_engine) # Allow Factory OTA to call Update Engine
+binder_call(update_engine, factory_ota_app) # Allow Update Engine to call the Factory OTA callback
+allow factory_ota_app update_engine_service:service_manager find;
+allow factory_ota_app nfc_service:service_manager find;
+allow factory_ota_app radio_service:service_manager find;
diff --git a/vendor/qcom/common/property.te b/vendor/qcom/common/property.te
index 79cc726..0939221 100644
--- a/vendor/qcom/common/property.te
+++ b/vendor/qcom/common/property.te
@@ -1,5 +1,6 @@
type vendor_camera_prop, property_type;
type cnd_prop, property_type;
+type factory_ota_prop, property_type;
type ims_prop, property_type;
type vendor_dataqdp_prop, property_type;
type vendor_ramdump_prop, property_type;
diff --git a/vendor/qcom/common/property_contexts b/vendor/qcom/common/property_contexts
index 06cc1c0..b7c3aa2 100644
--- a/vendor/qcom/common/property_contexts
+++ b/vendor/qcom/common/property_contexts
@@ -5,6 +5,9 @@
ro.vendor.camera. u:object_r:vendor_camera_prop:s0
ro.camera. u:object_r:vendor_camera_prop:s0
persist.vendor.sys.cnd u:object_r:cnd_prop:s0
+ro.boot.sota u:object_r:factory_ota_prop:s0
+persist.factoryota.reboot u:object_r:exported_system_prop:s0
+persist.radio.bootwithlpm u:object_r:exported_system_prop:s0
vendor.ims. u:object_r:ims_prop:s0
persist.vendor.ims. u:object_r:ims_prop:s0
persist.net.doxlat u:object_r:vendor_net_radio_prop:s0
diff --git a/vendor/qcom/common/rild.te b/vendor/qcom/common/rild.te
index 8c322cc..b583cc0 100644
--- a/vendor/qcom/common/rild.te
+++ b/vendor/qcom/common/rild.te
@@ -27,7 +27,7 @@
allow rild radio_vendor_data_file:file create_file_perms;
get_prop(rild, vendor_dataqdp_prop)
-get_prop(rild, sota_prop)
+get_prop(rild, factory_ota_prop)
set_prop(rild, vendor_radio_prop)
hal_server_domain(rild, hal_secure_element)
diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts
index 8ad6ae5..a0325c8 100644
--- a/vendor/qcom/common/seapp_contexts
+++ b/vendor/qcom/common/seapp_contexts
@@ -15,6 +15,9 @@
# A fallback in case tango_core is missing something critical that untrusted_app provides
user=_app seinfo=tango name=com.google.tango:app domain=untrusted_app type=app_data_file levelFrom=user
+# Factory OTA
+user=_app seinfo=platform name=com.google.android.factoryota domain=factory_ota_app levelFrom=all
+
# Hardware Info Collection
user=_app seinfo=platform name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
diff --git a/vendor/qcom/common/vendor_init.te b/vendor/qcom/common/vendor_init.te
index dd748bc..2eabcdf 100644
--- a/vendor/qcom/common/vendor_init.te
+++ b/vendor/qcom/common/vendor_init.te
@@ -15,6 +15,7 @@
')
set_prop(vendor_init, vendor_camera_prop)
+set_prop(vendor_init, factory_ota_prop)
set_prop(vendor_init, power_prop)
set_prop(vendor_init, public_vendor_default_prop)
set_prop(vendor_init, vendor_bluetooth_prop)
