[automerger skipped] DO NOT MERGE - qt-qpr1-dev-plus-aosp-without-vendor@5915889 into stage-aosp-master am: 26db848a52
am: 7cb17e865f -s ours
am skip reason: subject contains skip directive
Change-Id: I67f9a083e27a7f5134c810d95d19360e6e5a1b8f
diff --git a/xr/init/init.xr.rc b/xr/init/init.xr.rc
new file mode 100644
index 0000000..dcb1067
--- /dev/null
+++ b/xr/init/init.xr.rc
@@ -0,0 +1,106 @@
+#
+# Copyright (C) 2019 The Android Open-Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+on init
+ # Temporarily stop booting into VR directly due to battery drain.
+ # TODO(b/131327495): Re-enable this once VrHeadsetPowerPolicyService or its
+ # equivalent lands in Android master.
+ setprop ro.boot.vr 0
+ setprop ro.surface_flinger.use_vr_flinger 1
+ setprop persist.sys.vr.pluggy_enabled 1
+
+ # Setup cpusets used by the VR services.
+ mkdir /dev/cpuset/kernel 0750 root system
+ write /dev/cpuset/kernel/cpus 0
+ write /dev/cpuset/kernel/mems 0
+ chown system system /dev/cpuset/kernel/tasks
+ chown system system /dev/cpuset/kernel/cpus
+ chmod 0660 /dev/cpuset/kernel/tasks
+ chmod 0660 /dev/cpuset/kernel/cpus
+
+ mkdir /dev/cpuset/system 0750 root system
+ write /dev/cpuset/system/cpus 0
+ write /dev/cpuset/system/mems 0
+ chown system system /dev/cpuset/system/tasks
+ chmod 0660 /dev/cpuset/system/tasks
+
+ mkdir /dev/cpuset/system/performance 0750 root system
+ write /dev/cpuset/system/performance/cpus 0
+ write /dev/cpuset/system/performance/mems 0
+ chown system system /dev/cpuset/system/performance/tasks
+ chmod 0660 /dev/cpuset/system/performance/tasks
+
+ mkdir /dev/cpuset/system/background 0750 root system
+ write /dev/cpuset/system/background/cpus 0
+ write /dev/cpuset/system/background/mems 0
+ chown system system /dev/cpuset/system/background/tasks
+ chmod 0660 /dev/cpuset/system/background/tasks
+
+ mkdir /dev/cpuset/application 0750 root system
+ write /dev/cpuset/application/cpus 0
+ write /dev/cpuset/application/mems 0
+ chown system system /dev/cpuset/application/tasks
+ chmod 0660 /dev/cpuset/application/tasks
+
+ mkdir /dev/cpuset/application/performance 0750 root system
+ write /dev/cpuset/application/performance/cpus 0
+ write /dev/cpuset/application/performance/mems 0
+ chown system system /dev/cpuset/application/performance/tasks
+ chmod 0660 /dev/cpuset/application/performance/tasks
+
+ mkdir /dev/cpuset/application/background 0750 root system
+ write /dev/cpuset/application/background/cpus 0
+ write /dev/cpuset/application/background/mems 0
+ chown system system /dev/cpuset/application/background/tasks
+ chmod 0660 /dev/cpuset/application/background/tasks
+
+ # Create UDS structure for base VR services.
+ mkdir /dev/socket/pdx 0775 system system
+ mkdir /dev/socket/pdx/system 0775 system system
+ mkdir /dev/socket/pdx/system/buffer_hub 0775 system system
+ mkdir /dev/socket/pdx/system/performance 0775 system system
+ mkdir /dev/socket/pdx/system/vr 0775 system system
+ mkdir /dev/socket/pdx/system/vr/display 0775 system system
+ mkdir /dev/socket/pdx/system/vr/pose 0775 system system
+ mkdir /dev/socket/pdx/system/vr/sensors 0775 system system
+
+#
+# TODO(b/137410559): Remove this, it's specific to Snapdragon 845.
+#
+on boot
+ # Update DVR cpusets to boot-time values.
+ write /dev/cpuset/kernel/cpus 0-7
+ write /dev/cpuset/system/cpus 0-7
+ write /dev/cpuset/system/performance/cpus 0-7
+ write /dev/cpuset/system/background/cpus 0-7
+ write /dev/cpuset/system/cpus 0-7
+ write /dev/cpuset/application/cpus 0-7
+ write /dev/cpuset/application/performance/cpus 0-7
+ write /dev/cpuset/application/background/cpus 0-7
+ write /dev/cpuset/application/cpus 0-7
+
+#
+# TODO(b/137410559): Remove this, it's specific to Snapdragon 845.
+#
+on property:sys.boot_completed=1
+ # Update DVR cpusets to runtime values.
+ # Kernel cpuset will be apply on PowerHAL
+ write /dev/cpuset/system/performance/cpus 6-7
+ write /dev/cpuset/system/background/cpus 0-1
+ write /dev/cpuset/system/cpus 0-1,6-7
+ write /dev/cpuset/application/performance/cpus 4-5
+ write /dev/cpuset/application/background/cpus 0-1
+ write /dev/cpuset/application/cpus 0-1,4-5
diff --git a/xr/overlay/frameworks/base/core/res/res/values/config.xml b/xr/overlay/frameworks/base/core/res/res/values/config.xml
new file mode 100644
index 0000000..cd86be0
--- /dev/null
+++ b/xr/overlay/frameworks/base/core/res/res/values/config.xml
@@ -0,0 +1,7 @@
+<!-- Customized settings for XR products -->
+<resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
+
+ <!-- Is the lock-screen disabled for new users by default -->
+ <bool name="config_disableLockscreenByDefault">true</bool>
+
+</resources>
diff --git a/xr/packages/BluetoothQtiSymlink/Android.mk b/xr/packages/BluetoothQtiSymlink/Android.mk
new file mode 100644
index 0000000..b25835a
--- /dev/null
+++ b/xr/packages/BluetoothQtiSymlink/Android.mk
@@ -0,0 +1,20 @@
+#
+# This is a workaround for Bluetooth not working on OnePlus7 Pro. See b/139486342
+#
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := BluetoothQtiSymlink
+
+lib_dir := $(PRODUCT_OUT)/system/lib
+bluetooth_qti := libbluetooth_qti.so
+bluetooth := libbluetooth.so
+bluetooth_qti_path := $(lib_dir)/$(bluetooth_qti)
+bluetooth_path := $(lib_dir)/$(bluetooth)
+
+$(bluetooth_qti_path): $(bluetooth_path)
+ cd $(lib_dir) && ln -sf $(bluetooth) $(bluetooth_qti)
+
+droid: $(bluetooth_qti_path)
diff --git a/xr/packages/overlays/SetupWizardOverlayXr/Android.mk b/xr/packages/overlays/SetupWizardOverlayXr/Android.mk
new file mode 100644
index 0000000..4c84e18
--- /dev/null
+++ b/xr/packages/overlays/SetupWizardOverlayXr/Android.mk
@@ -0,0 +1,31 @@
+#
+# Copyright 2019, The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+LOCAL_PATH:= $(call my-dir)
+include $(CLEAR_VARS)
+
+LOCAL_CERTIFICATE := platform
+LOCAL_OVERRIDES_PACKAGES := SetupWizardOverlay
+
+LOCAL_PRODUCT_MODULE := true
+
+LOCAL_SRC_FILES := $(call all-subdir-java-files)
+
+LOCAL_RESOURCE_DIR := $(LOCAL_PATH)/res
+
+LOCAL_PACKAGE_NAME := SetupWizardOverlayXr
+LOCAL_SDK_VERSION := current
+
+include $(BUILD_RRO_PACKAGE)
diff --git a/xr/packages/overlays/SetupWizardOverlayXr/AndroidManifest.xml b/xr/packages/overlays/SetupWizardOverlayXr/AndroidManifest.xml
new file mode 100644
index 0000000..fa7b0ba
--- /dev/null
+++ b/xr/packages/overlays/SetupWizardOverlayXr/AndroidManifest.xml
@@ -0,0 +1,26 @@
+<!--
+/**
+ * Copyright (c) 2019, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.google.android.apps.vr.setupwizard.overlay"
+ android:versionCode="1"
+ android:versionName="1.0">
+ <overlay android:targetPackage="com.google.android.apps.vr.setupwizard"
+ android:targetName="SetupWizardOverlayXr"
+ android:isStatic="true"
+ android:priority="1"/>
+</manifest>
diff --git a/xr/packages/overlays/SetupWizardOverlayXr/res/raw/wizard_script.xml b/xr/packages/overlays/SetupWizardOverlayXr/res/raw/wizard_script.xml
new file mode 100644
index 0000000..5ec8fa0
--- /dev/null
+++ b/xr/packages/overlays/SetupWizardOverlayXr/res/raw/wizard_script.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!-- This file is a modified version of
+ "google3/java/com/google/android/apps/vr/setupwizard/res/raw/wizard_script.xml"
+ that is customized for GSI XR.
+-->
+<WizardScript xmlns:wizard="http://schemas.android.com/apk/res/com.google.android.setupwizard"
+ wizard:version="2">
+
+ <!-- Preliminary setup for OEMs -->
+ <WizardAction
+ id="oem_pre_setup"
+ wizard:uri="intent:#Intent;action=com.android.setupwizard.OEM_PRE_SETUP;end">
+ <result wizard:action="wait_for_unlock"/>
+ </WizardAction>
+
+ <!-- This step waits for the device to be unlocked from a decryption point of view. Even if we
+ don't support encryption the device might take a little bit of time to get out of direct boot
+ mode. This step waits until direct boot is no longer needed. -->
+ <WizardAction id="wait_for_unlock"
+ wizard:uri="intent:#Intent;action=com.android.setupwizard.CHECK_USER_UNLOCK;end">
+ </WizardAction>
+
+ <!-- Controller Turn-on screen. -->
+ <WizardAction id="controller"
+ wizard:uri="intent:#Intent;action=com.google.android.apps.vr.setupwizard.CONTROLLER_TURN_ON;end">
+ </WizardAction>
+
+ <!-- Welcome screen with language selection [RECOMMENDED, CUSTOMIZABLE] -->
+ <WizardAction id="welcome"
+ wizard:uri="intent:#Intent;action=com.android.setupwizard.WELCOME;end">
+ </WizardAction>
+
+ <!-- Network selection and packages update [REQUIRED, CUSTOMIZABLE] -->
+ <WizardAction id="connect_and_update"
+ wizard:script="android.resource://com.google.android.apps.vr.setupwizard/raw/wizard_script_connect_and_update_flow">
+ <!-- AIO setup requires network connection. If no network, stay on the same page -->
+ <result wizard:name="no_connection"
+ wizard:resultCode="1"
+ wizard:action="oem_post_setup" />
+ </WizardAction>
+
+ <!-- Set up as a new device [REQUIRED, CUSTOMIZABLE] -->
+ <WizardAction id="setup_as_new_flow"
+ wizard:script="android.resource://com.google.android.apps.vr.setupwizard/raw/wizard_script_setup_as_new_flow">
+ <result wizard:action="oem_post_setup" />
+ </WizardAction>
+
+ <!-- Set up as zero touch enabled device -->
+ <WizardAction id="zero_touch"
+ wizard:script="android.resource://com.google.android.apps.vr.setupwizard/raw/wizard_script_zero_touch_flow">
+ <result wizard:name="dpm_user_complete" wizard:resultCode="111"/>
+ </WizardAction>
+
+ <!-- OEM completion [CUSTOMIZABLE] -->
+ <WizardAction id="oem_post_setup"
+ wizard:uri="intent:#Intent;action=com.android.setupwizard.OEM_POST_SETUP;end" />
+
+ <!-- Leave Setup Wizard [REQUIRED] -->
+ <WizardAction id="exit"
+ wizard:uri="intent:#Intent;action=com.android.setupwizard.EXIT;end" />
+</WizardScript>
diff --git a/xr/packages/overlays/SetupWizardOverlayXr/res/raw/wizard_script_connect_and_update_flow.xml b/xr/packages/overlays/SetupWizardOverlayXr/res/raw/wizard_script_connect_and_update_flow.xml
new file mode 100644
index 0000000..5990ba7
--- /dev/null
+++ b/xr/packages/overlays/SetupWizardOverlayXr/res/raw/wizard_script_connect_and_update_flow.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ This file is a modified version of
+ "google3/java/com/google/android/apps/vr/setupwizard/res/raw/wizard_script_connect_and_update_flow.xml"
+ that is customized for GSI XR.
+
+ Current changes:
+ * The OTA update is skipped, because currently it hangs: b/137600556
+-->
+
+<WizardScript xmlns:wizard="http://schemas.android.com/apk/res/com.google.android.setupwizard"
+ wizard:firstAction="network_settings">
+
+ <!-- Network selection, Users must be given the opportunity to set up an internet connection,
+ using the given screens or a custom flow. -->
+ <WizardAction id="network_settings"
+ wizard:uri="intent:#Intent;action=com.android.setupwizard.NETWORK_SETTINGS;end">
+ <result wizard:name="see_all_wifi"
+ wizard:resultCode="102"
+ wizard:action="wifi_settings" />
+ <result wizard:action="captive_portal" />
+ </WizardAction>
+
+ <!-- Wi-Fi setup -->
+ <WizardAction id="wifi_settings"
+ wizard:uri="intent:#Intent;action=com.android.setupwizard.WIFI_SETTINGS;end">
+ <result wizard:action="captive_portal" />
+ </WizardAction>
+
+ <!-- Resolve captive portal access, and wait for check-in [REQUIRED] -->
+ <WizardAction id="captive_portal"
+ wizard:uri="intent:#Intent;action=com.android.setupwizard.CAPTIVE_PORTAL;end">
+ <result wizard:action="gms_checkin" />
+ </WizardAction>
+
+ <WizardAction id="gms_checkin"
+ wizard:uri="intent:#Intent;action=com.google.android.setupwizard.GMS_CHECKIN;end">
+ <result wizard:action="oem_post_setup" />
+ </WizardAction>
+
+ <!-- Update system packages [REQUIRED] -->
+ <WizardAction id="ota_update"
+ wizard:uri="intent:#Intent;action=com.google.android.setupwizard.OTA_UPDATE;end">
+ <result wizard:name="skip"
+ wizard:resultCode="1"
+ wizard:action="early_update" />
+ <result wizard:action="system_update" />
+ </WizardAction>
+
+ <!-- System update should cause a reboot, but if it returns unexpectedly, continue on to
+ early update -->
+ <WizardAction id="system_update"
+ wizard:uri="intent:#Intent;action=android.settings.SYSTEM_UPDATE_SETTINGS;end">
+ <result wizard:action="early_update" />
+ </WizardAction>
+
+ <!-- Update other important packages [REQUIRED] -->
+ <WizardAction id="early_update"
+ wizard:uri="intent:#Intent;action=com.google.android.setupwizard.EARLY_UPDATE;end" />
+ <result wizard:action="zero_touch" />
+</WizardScript>
diff --git a/xr/products/experimental_google_xr.mk b/xr/products/experimental_google_xr.mk
new file mode 100644
index 0000000..999b719
--- /dev/null
+++ b/xr/products/experimental_google_xr.mk
@@ -0,0 +1,52 @@
+PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
+ ro.dvr.lens_metrics=/etc/hmd_config
+
+# SELinux permissions
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR := device/google/vrservices/xr/sepolicy
+
+# Remove non-critical and non-XR packages from PRODUCT_PACKAGES.
+#
+# Overrides (i.e. removes) packages that are bundled into the system/product
+# image for smartphone use cases. We are removing those packages for two
+# reasons:
+# 1) Pixel devices' system/product image are almost out of disk spaces. It has
+# been hard for us to bundle the AIO flavored VrCore into the their system
+# image. Removing some of the packages free up enough disk spaces for XR use
+# cases.
+# 2) Removing those packages won't impact the functionality of the device. More
+# specifically, those package meet the following requirements:
+# i) they are not critical packages for XR use cases; and ii) can still be
+# install from Play Store if ever needed.
+# For certain packages, removing those packages are actually beneficial. For
+# example, the WallpapersBReel201* packages introduced unnecessary GPU load
+# for the system. Disabling those packages frees some GPU resources to XR use
+# cases and improves the accuracy of our GPU performance profiling.
+
+# External camera libraries.
+# There is no need to add extra SELinux policy for external cameras
+# because our devices do not run Trebel passthrough mode.
+PRODUCT_PACKAGES += android.hardware.camera.provider@2.4-impl
+PRODUCT_PACKAGES += android.hardware.camera.provider@2.4-external-service
+# Use webcam camera device@3.5
+PRODUCT_PROPERTY_OVERRIDES += ro.vendor.camera.external.hal3TrebleMinorVersion=5
+
+PRODUCT_PACKAGES += NonXrProductPackagesRemover
+
+PRODUCT_PACKAGE_OVERLAYS := device/google/vrservices/xr/overlay
+
+PRODUCT_COPY_FILES += \
+ device/google/vrservices/xr/init/init.xr.rc:$(TARGET_COPY_OUT_SYSTEM)/etc/init/init.xr.rc \
+ device/google/vrservices/xr/scripts/boot-to-vr.sh:$(TARGET_COPY_OUT_SYSTEM)/bin/boot-to-vr.sh \
+ frameworks/native/data/etc/android.hardware.vr.high_performance.xml:$(TARGET_COPY_OUT_SYSTEM)/etc/permissions/android.hardware.vr.high_performance.xml \
+ vendor/unbundled_google/packages/PrebuiltGoogleVr/configs/daydream_viewer_config:$(TARGET_COPY_OUT_SYSTEM)/etc/hmd_config \
+
+# XR/VR prebuilt packages
+PRODUCT_PACKAGES += \
+ SetupWizardOverlay \
+ SetupWizardOverlayXr \
+ VrHome \
+ VrInputMethodIme \
+ VrHeadsetPowerPolicy \
+ pps-tool.sh \
+ BluetoothQtiSymlink \
+
diff --git a/xr/scripts/boot-to-vr.sh b/xr/scripts/boot-to-vr.sh
new file mode 100755
index 0000000..484f380
--- /dev/null
+++ b/xr/scripts/boot-to-vr.sh
@@ -0,0 +1,79 @@
+#
+# This script finds the init.rc file for a certain Pixel XR device and updates
+# the value of ro.boot.vr being set during the init process.
+#
+SYSTEM_INIT_XR_RC_FILE="/system/etc/init/init.xr.rc"
+PROP_RO_HARDWARE="$(getprop ro.hardware)"
+PROP_RO_BOOT_HARDWARE_PLATFORM="$(getprop ro.boot.hardware.platform)"
+PROP_RO_PRODUCT_NAME="$(getprop ro.product.name)"
+
+function print_usage {
+ echo "Update $(get_init_rc_file)"
+ echo "Usage:"
+ echo " boot-to-vr.sh (true|false))"
+ echo " Enable or disable whether the system should boot into VR."
+ exit 1
+}
+
+function get_hardware_name() {
+ case $PROP_RO_HARDWARE in
+ walleye) echo walleye ;;
+ taimen) echo taimen ;;
+ blueline) echo $PROP_RO_BOOT_HARDWARE_PLATFORM ;;
+ crosshatch) echo $PROP_RO_BOOT_HARDWARE_PLATFORM ;;
+ esac
+}
+
+function get_init_rc_file() {
+ if [ -f $SYSTEM_INIT_XR_RC_FILE ]; then
+ echo $SYSTEM_INIT_XR_RC_FILE
+ else
+ echo "/vendor/etc/init/hw/init.$(get_hardware_name).rc"
+ fi
+}
+
+function print_init_rc() {
+ cat $(get_init_rc_file) | grep -A10 -B10 ro.boot.vr
+}
+
+function fail_to_write_file() {
+ echo "Cannot modify $(get_init_rc_file). The following commands may help:
+ adb disable-verity
+ adb reboot
+ adb remount"
+ exit 1
+}
+
+function enable_boot_to_vr() {
+ sed -i "s/setprop ro.boot.vr 0/setprop ro.boot.vr 1/" $(get_init_rc_file)
+ rc=$?
+
+ if [[ $rc != 0 ]]; then
+ fail_to_write_file
+ else
+ print_init_rc
+ fi
+}
+
+function disable_boot_to_vr() {
+ sed -i "s/setprop ro.boot.vr 1/setprop ro.boot.vr 0/" $(get_init_rc_file)
+ rc=$?
+
+ if [[ $rc != 0 ]]; then
+ fail_to_write_file
+ else
+ print_init_rc
+ fi
+}
+
+WHOAMI=$(whoami)
+if ! [ "$WHOAMI" == "root" ]; then
+ echo "*** Root access required. Run 'adb root' first."
+ exit 1
+fi
+
+case "$1" in
+ true) enable_boot_to_vr ;;
+ false) disable_boot_to_vr ;;
+ *) print_usage ;;
+esac
diff --git a/xr/sepolicy/README b/xr/sepolicy/README
new file mode 100644
index 0000000..30daeea
--- /dev/null
+++ b/xr/sepolicy/README
@@ -0,0 +1 @@
+These are SELinux policies that can be shared across XR devices.
diff --git a/xr/sepolicy/platform_app.te b/xr/sepolicy/platform_app.te
new file mode 100644
index 0000000..09214ae
--- /dev/null
+++ b/xr/sepolicy/platform_app.te
@@ -0,0 +1 @@
+allow platform_app system_prop:property_service set;
diff --git a/xr/sepolicy/property.te b/xr/sepolicy/property.te
new file mode 100644
index 0000000..adad644
--- /dev/null
+++ b/xr/sepolicy/property.te
@@ -0,0 +1,10 @@
+# For VrHeadsetPowerPolicyService.
+type vr_performance_prop, property_type, extended_core_property_type;
+type vr_pps_state_prop, property_type, extended_core_property_type;
+type vr_pps_enabled_prop, property_type;
+
+set_prop(platform_app, vr_performance_prop)
+set_prop(platform_app, vr_pps_state_prop)
+get_prop(platform_app, vr_pps_enabled_prop)
+set_prop(surfaceflinger, vr_performance_prop)
+
diff --git a/xr/sepolicy/property_contexts b/xr/sepolicy/property_contexts
new file mode 100644
index 0000000..6e1a18c
--- /dev/null
+++ b/xr/sepolicy/property_contexts
@@ -0,0 +1,4 @@
+# For VrHeadsetPowerPolicyService.
+persist.sys.pps_enabled u:object_r:vr_pps_enabled_prop:s0
+sys.pps.state u:object_r:vr_pps_state_prop:s0
+sys.dvr.performance u:object_r:vr_performance_prop:s0
diff --git a/xr/sepolicy/untrusted_app_27.te b/xr/sepolicy/untrusted_app_27.te
new file mode 100644
index 0000000..e9bc2b3
--- /dev/null
+++ b/xr/sepolicy/untrusted_app_27.te
@@ -0,0 +1,2 @@
+allow untrusted_app_27 vr_hwc_service:service_manager find;
+allow untrusted_app_27 virtual_touchpad_service:service_manager find;
diff --git a/xr/sepolicy/vr_hwc.te b/xr/sepolicy/vr_hwc.te
new file mode 100644
index 0000000..295205e
--- /dev/null
+++ b/xr/sepolicy/vr_hwc.te
@@ -0,0 +1 @@
+allow vr_hwc untrusted_app_27:binder call;
