diff --git a/common.mk b/common.mk
index 1f86d55..95bdcab 100644
--- a/common.mk
+++ b/common.mk
@@ -126,6 +126,10 @@ PRODUCT_PACKAGES += \
KeyHandler \
tri-state-key_daemon
+# Trust HAL
+PRODUCT_PACKAGES += \
+ lineage.trust@1.0-service.oneplus_sdm845
+
# Update engine
PRODUCT_PACKAGES += \
brillo_update_payload \
diff --git a/framework_manifest.xml b/framework_manifest.xml
index 5e4d156..4f741dc 100644
--- a/framework_manifest.xml
+++ b/framework_manifest.xml
@@ -21,4 +21,13 @@
default
+
+ vendor.lineage.trust
+ hwbinder
+ 1.0
+
+ IUsbRestrict
+ default
+
+
diff --git a/sepolicy/private/file.te b/sepolicy/private/file.te
index fed9964..78e9c14 100644
--- a/sepolicy/private/file.te
+++ b/sepolicy/private/file.te
@@ -1,12 +1,20 @@
+# rootfs
type adsprpcd_file, file_type;
type bt_firmware_file, file_type;
-type display_data_file, file_type, data_file_type, core_data_file_type;
type firmware_file, file_type;
type op1_file, file_type;
type op2_file, file_type;
type persist_file, file_type;
+
+# proc
type proc_touchpanel, fs_type, proc_type;
-type sysfs_fpc_proximity, sysfs_type, fs_type;
-type sysfs_oem, sysfs_type, fs_type;
-type sysfs_graphics, sysfs_type, fs_type;
+
+# sysfs
type sysfs_battery_supply, sysfs_type, fs_type;
+type sysfs_fpc_proximity, sysfs_type, fs_type;
+type sysfs_graphics, sysfs_type, fs_type;
+type sysfs_oem, sysfs_type, fs_type;
+type sysfs_usb_supply, sysfs_type, fs_type;
+
+# data
+type display_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/sepolicy/private/file_contexts b/sepolicy/private/file_contexts
index e03e5e9..a27e7fb 100644
--- a/sepolicy/private/file_contexts
+++ b/sepolicy/private/file_contexts
@@ -16,9 +16,10 @@
/system/etc/audio_policy_configuration.xml u:object_r:vendor_configs_file:s0
# HALs
-/system/bin/hw/android\.hardware\.light@2\.0-service\.oneplus_sdm845 u:object_r:hal_light_sdm845_exec:s0
+/system/bin/hw/android\.hardware\.light@2\.0-service\.oneplus_sdm845 u:object_r:hal_light_sdm845_exec:s0
/system/bin/hw/lineage\.livedisplay@2\.0-service\.oneplus_sdm845 u:object_r:hal_livedisplay_sdm845_exec:s0
-/system/bin/hw/lineage\.touch@1\.0-service\.oneplus_sdm845 u:object_r:hal_touch_sdm845_exec:s0
+/system/bin/hw/lineage\.touch@1\.0-service\.oneplus_sdm845 u:object_r:hal_touch_sdm845_exec:s0
+/system/bin/hw/lineage\.trust@1\.0-service\.oneplus_sdm845 u:object_r:hal_trust_sdm845_exec:s0
# Modules
/system/lib/modules/wlan\.ko u:object_r:vendor_file:s0
diff --git a/sepolicy/private/hal_trust_sdm845.te b/sepolicy/private/hal_trust_sdm845.te
new file mode 100644
index 0000000..ddc4c21
--- /dev/null
+++ b/sepolicy/private/hal_trust_sdm845.te
@@ -0,0 +1,12 @@
+type hal_trust_sdm845, coredomain, domain;
+hal_server_domain(hal_trust_sdm845, hal_lineage_trust)
+
+type hal_trust_sdm845_exec, exec_type, file_type;
+init_daemon_domain(hal_trust_sdm845)
+
+# Talk to the binder device node
+allow hal_trust_sdm845 binder_device:chr_file rw_file_perms;
+
+# Allow access to otg toggle node
+allow hal_trust_sdm845 sysfs_usb_supply:dir search;
+allow hal_trust_sdm845 sysfs_usb_supply:file rw_file_perms;
diff --git a/trust/.clang-format b/trust/.clang-format
new file mode 100644
index 0000000..ae4a451
--- /dev/null
+++ b/trust/.clang-format
@@ -0,0 +1,11 @@
+BasedOnStyle: Google
+AccessModifierOffset: -2
+AllowShortFunctionsOnASingleLine: Inline
+ColumnLimit: 100
+CommentPragmas: NOLINT:.*
+DerivePointerAlignment: false
+IndentWidth: 4
+PointerAlignment: Left
+TabWidth: 4
+UseTab: Never
+PenaltyExcessCharacter: 32
diff --git a/trust/Android.bp b/trust/Android.bp
new file mode 100644
index 0000000..dbbb473
--- /dev/null
+++ b/trust/Android.bp
@@ -0,0 +1,33 @@
+//
+// Copyright (C) 2019 The LineageOS Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+cc_binary {
+ name: "lineage.trust@1.0-service.oneplus_sdm845",
+ init_rc: ["lineage.trust@1.0-service.oneplus_sdm845.rc"],
+ defaults: ["hidl_defaults"],
+ relative_install_path: "hw",
+ srcs: [
+ "UsbRestrict.cpp",
+ "service.cpp",
+ ],
+ shared_libs: [
+ "libbase",
+ "libbinder",
+ "libhidlbase",
+ "libhidltransport",
+ "libutils",
+ "vendor.lineage.trust@1.0",
+ ],
+}
diff --git a/trust/UsbRestrict.cpp b/trust/UsbRestrict.cpp
new file mode 100644
index 0000000..80758cb
--- /dev/null
+++ b/trust/UsbRestrict.cpp
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2019 The LineageOS Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include
+
+#include "UsbRestrict.h"
+
+#include
+
+namespace vendor {
+namespace lineage {
+namespace trust {
+namespace V1_0 {
+namespace implementation {
+
+static constexpr const char* kControlPath = "/sys/class/power_supply/usb/otg_switch";
+
+// Methods from ::vendor::lineage::trust::V1_0::IUsbRestrict follow.
+Return UsbRestrict::isEnabled() {
+ std::ifstream file(kControlPath);
+ std::string content;
+ file >> content;
+ file.close();
+ return !file.fail() && !std::stoi(content);
+}
+
+Return UsbRestrict::setEnabled(bool enabled) {
+ std::ofstream file(kControlPath);
+ if (file.is_open()) {
+ file << (!enabled ? "1" : "0");
+ file.close();
+ } else {
+ LOG(ERROR) << "Failed to open " << kControlPath << ", error=" << errno << " ("
+ << strerror(errno) << ")";
+ }
+ return Void();
+}
+
+} // namespace implementation
+} // namespace V1_0
+} // namespace trust
+} // namespace lineage
+} // namespace vendor
diff --git a/trust/UsbRestrict.h b/trust/UsbRestrict.h
new file mode 100644
index 0000000..bcda59b
--- /dev/null
+++ b/trust/UsbRestrict.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2019 The LineageOS Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef VENDOR_LINEAGE_TRUST_V1_0_USBRESTRICT_H
+#define VENDOR_LINEAGE_TRUST_V1_0_USBRESTRICT_H
+
+#include
+#include
+#include
+
+namespace vendor {
+namespace lineage {
+namespace trust {
+namespace V1_0 {
+namespace implementation {
+
+using ::android::sp;
+using ::android::hardware::Return;
+using ::android::hardware::Void;
+
+class UsbRestrict : public IUsbRestrict {
+ public:
+ UsbRestrict() = default;
+
+ // Methods from ::vendor::lineage::trust::V1_0::IUsbRestrict follow.
+ Return isEnabled() override;
+ Return setEnabled(bool enabled) override;
+};
+
+} // namespace implementation
+} // namespace V1_0
+} // namespace trust
+} // namespace lineage
+} // namespace vendor
+
+#endif // VENDOR_LINEAGE_TRUST_V1_0_USBRESTRICT_H
diff --git a/trust/lineage.trust@1.0-service.oneplus_sdm845.rc b/trust/lineage.trust@1.0-service.oneplus_sdm845.rc
new file mode 100644
index 0000000..70966b0
--- /dev/null
+++ b/trust/lineage.trust@1.0-service.oneplus_sdm845.rc
@@ -0,0 +1,4 @@
+service trust-hal-1-0 /system/bin/hw/lineage.trust@1.0-service.oneplus_sdm845
+ class hal
+ user root
+ group root
diff --git a/trust/service.cpp b/trust/service.cpp
new file mode 100644
index 0000000..29675e5
--- /dev/null
+++ b/trust/service.cpp
@@ -0,0 +1,64 @@
+/*
+ * Copyright (C) 2019 The LineageOS Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "vendor.lineage.trust@1.0-service"
+
+#include
+#include
+#include
+
+#include "UsbRestrict.h"
+
+using android::OK;
+using android::sp;
+using android::status_t;
+
+// libhwbinder:
+using android::hardware::configureRpcThreadpool;
+using android::hardware::joinRpcThreadpool;
+
+using ::vendor::lineage::trust::V1_0::IUsbRestrict;
+using ::vendor::lineage::trust::V1_0::implementation::UsbRestrict;
+
+int main() {
+ sp usbRestrict;
+ status_t status;
+
+ LOG(INFO) << "Trust HAL service is starting.";
+
+ usbRestrict = new UsbRestrict();
+ if (usbRestrict == nullptr) {
+ LOG(ERROR) << "Can not create an instance of Trust HAL UsbRestricted Iface, exiting.";
+ goto shutdown;
+ }
+
+ configureRpcThreadpool(1, true /*callerWillJoin*/);
+
+ status = usbRestrict->registerAsService();
+ if (status != OK) {
+ LOG(ERROR) << "Could not register service for Trust HAL UsbRestricted Iface (" << status
+ << ").";
+ }
+
+ LOG(INFO) << "Trust HAL service is ready.";
+ joinRpcThreadpool();
+ // Should not pass this line
+
+shutdown:
+ // In normal operation, we don't expect the thread pool to shutdown
+ LOG(ERROR) << "Trust HAL service is shutting down.";
+ return 1;
+}