From d50c6c07ab01ea209ed87267908a69921f6a5d2e Mon Sep 17 00:00:00 2001
From: LuK1337 <priv.luk@gmail.com>
Date: Wed, 19 Jun 2019 19:24:01 +0200
Subject: [PATCH] sdm845-common: sepolicy: Transition pocketmode app to its own
 domain

Change-Id: Id87176c2430e49851a6c65ab3490ad59ea1764a2
---
 sepolicy/private/pocketmode_app.te | 13 +++++++++++++
 sepolicy/private/seapp_contexts    |  1 +
 sepolicy/private/system_app.te     |  2 --
 3 files changed, 14 insertions(+), 2 deletions(-)
 create mode 100644 sepolicy/private/pocketmode_app.te
 create mode 100644 sepolicy/private/seapp_contexts
 delete mode 100644 sepolicy/private/system_app.te

diff --git a/sepolicy/private/pocketmode_app.te b/sepolicy/private/pocketmode_app.te
new file mode 100644
index 0000000..cf6aa80
--- /dev/null
+++ b/sepolicy/private/pocketmode_app.te
@@ -0,0 +1,13 @@
+type pocketmode_app, domain;
+
+app_domain(pocketmode_app)
+
+# Allow pocketmode_app to find app_api_service
+allow pocketmode_app app_api_service:service_manager find;
+
+# Allow pocketmode_app read and write /data/data subdirectory
+allow pocketmode_app system_app_data_file:dir create_dir_perms;
+allow pocketmode_app system_app_data_file:{ file lnk_file } create_file_perms;
+
+# Allow pocketmode_app to write to sysfs_fpc_proximity
+allow pocketmode_app sysfs_fpc_proximity:file { w_file_perms getattr };
diff --git a/sepolicy/private/seapp_contexts b/sepolicy/private/seapp_contexts
new file mode 100644
index 0000000..d91b70e
--- /dev/null
+++ b/sepolicy/private/seapp_contexts
@@ -0,0 +1 @@
+user=system seinfo=platform name=org.lineageos.pocketmode domain=pocketmode_app type=system_app_data_file
diff --git a/sepolicy/private/system_app.te b/sepolicy/private/system_app.te
deleted file mode 100644
index cc68de0..0000000
--- a/sepolicy/private/system_app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# Pocketmode
-allow system_app sysfs_fpc_proximity:file { w_file_perms getattr };