sepolicy: Break livedisplay hal policy into impl independent ones

 * LiveDisplay has different backends (QDCM, sysfs, etc.). QDCM impl
   doesn't use sysfs, sysfs impl doesn't use QC display service and
   vice versa, so don't abuse the "default" policy.

Change-Id: I87725a091ebe5db5beeb1619ce4daaac9636d808

4 files changed, 9 insertions, 14 deletions

diff --git a/common/dynamic/hal_lineage_livedisplay.te b/common/dynamic/hal_lineage_livedisplay.te
index f0e7a07..6a9aac5 100644
--- a/common/dynamic/hal_lineage_livedisplay.te
+++ b/common/dynamic/hal_lineage_livedisplay.te
@@ -3,6 +3,3 @@ binder_call(hal_lineage_livedisplay_client, hal_lineage_livedisplay_server)
 
 add_hwservice(hal_lineage_livedisplay_server, hal_lineage_livedisplay_hwservice)
 allow hal_lineage_livedisplay_client hal_lineage_livedisplay_hwservice:hwservice_manager find;
-
-# Grant access over LiveDisplay tuneables
-allow hal_lineage_livedisplay_server sysfs_livedisplay_tuneable:file rw_file_perms;
diff --git a/common/vendor/file_contexts b/common/vendor/file_contexts
index 508c63f..f7b8346 100644
--- a/common/vendor/file_contexts
+++ b/common/vendor/file_contexts
@@ -5,9 +5,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.aw2013 u:object_r:hal_light_default_exec:s0
 
 # LiveDisplay HAL
-/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service-legacymm u:object_r:hal_lineage_livedisplay_default_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service-sdm u:object_r:hal_lineage_livedisplay_default_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service-sysfs u:object_r:hal_lineage_livedisplay_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service-sysfs    u:object_r:hal_lineage_livedisplay_sysfs_exec:s0
 
 # Trust HAL
 /(vendor|system/vendor)/bin/hw/vendor\.lineage\.trust@1\.0-service u:object_r:hal_lineage_trust_default_exec:s0
diff --git a/common/vendor/hal_lineage_livedisplay_default.te b/common/vendor/hal_lineage_livedisplay_default.te
deleted file mode 100644
index 7a85640..0000000
--- a/common/vendor/hal_lineage_livedisplay_default.te
+++ /dev/null
@@ -1,8 +0,0 @@
-type hal_lineage_livedisplay_default, domain;
-hal_server_domain(hal_lineage_livedisplay_default, hal_lineage_livedisplay)
-
-type hal_lineage_livedisplay_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_lineage_livedisplay_default)
-
-# Allow LiveDisplay HAL's default implementation to use vendor-binder service
-vndbinder_use(hal_lineage_livedisplay_default)
diff --git a/common/vendor/hal_lineage_livedisplay_sysfs.te b/common/vendor/hal_lineage_livedisplay_sysfs.te
new file mode 100644
index 0000000..0b6783c
--- /dev/null
+++ b/common/vendor/hal_lineage_livedisplay_sysfs.te
@@ -0,0 +1,8 @@
+type hal_lineage_livedisplay_sysfs, domain;
+hal_server_domain(hal_lineage_livedisplay_sysfs, hal_lineage_livedisplay)
+
+type hal_lineage_livedisplay_sysfs_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_lineage_livedisplay_sysfs)
+
+# Grant access over LiveDisplay tuneables
+allow hal_lineage_livedisplay_sysfs sysfs_livedisplay_tuneable:file rw_file_perms;