aospa: Build OpenDelta and add related sepolicies

add open delta
Remove aospa hub

Change-Id: I8a59dcff71db1230f4be582c0b550d7120cfbcd5

aospa:add OpenDelta sepolicy

Change-Id: I27561f9ad1828f1e4ae9e42a5226a16424ba1718

fix opendelta sepolicy

Change-Id: I376d159bd8a81421154aa2f9ebae2058f5fc316a

fix updater sepolicy

Change-Id: I7952700737831cc0c3d870446f140febff982974

Update update_engine.te

add Props for PPU

Change-Id: Ib49ce34ff977a840d512e366699f87d8bdc2ea6e

Create priv_app.te

fix updater sepolicy

Update platform_app.te

Delete priv_app.te

Update file_contexts

Update file_contexts

Update update_engine.te

Update seapp_contexts

fix

Create priv_app.te

Update platform_app.te

assign ro.modversion to opendelta

Delete platform_app.te

Create platform_app.te

Update aospa-target.mk

sepolicy/private/priv_app.te

@@ -0,0 +1,2 @@
+allow priv_app update_engine_service:service_manager find;
+allow priv_app update_engine:binder call;

sepolicy/private/seapp_contexts

@@ -1 +1 @@
-user=_app isPrivApp=true seinfo=platform name=co.aospa.hub domain=hub_app type=app_data_file levelFrom=user
+user=_app isPrivApp=true seinfo=platform name=eu.chainfire.opendelta domain=updater_app type=app_data_file levelFrom=user

sepolicy/private/update_engine.te

@@ -1,5 +1,5 @@
 # Allow update_engine to call the callback function provided by updater_app
-binder_call(update_engine, hub_app)
+binder_call(update_engine, updater_app)
 
 # Read updates from storage data
 r_dir_file(update_engine, mnt_user_file)
@@ -7,3 +7,21 @@ r_dir_file(update_engine, storage_file)
 
 # Allow mount and unmount of system partition
 allow update_engine labeledfs:filesystem { mount unmount };
+
+# Read OTA zip file at /data/media/.
+allow update_engine media_rw_data_file:file { read open };
+allow update_engine self:capability { dac_override dac_read_search sys_rawio };
+
+# Allow update engine to read fuse files anywhere
+allow update_engine fuse:dir r_dir_perms;
+allow update_engine fuse:file { read open getattr };
+
+r_dir_file(update_engine, mnt_user_file)
+r_dir_file(update_engine, storage_file)
+
+allow update_engine self:capability { chown fsetid sys_rawio };
+
+allow update_engine { media_rw_data_file rootfs sdcardfs system_data_file system_file }:dir create_dir_perms;
+allow update_engine { media_rw_data_file rootfs sdcardfs system_data_file system_file }:{ file lnk_file } create_file_perms;
+allow update_engine { otapreopt_chroot_exec rootfs system_file toolbox_exec }:file rx_file_perms;
+allow update_engine { rootfs system_file }:file { relabelfrom relabelto };

sepolicy/private/updater_app.te

@@ -0,0 +1,26 @@
+type updater_app, domain, coredomain;
+
+net_domain(updater_app)
+app_domain(updater_app)
+
+binder_call(updater_app, gpuservice)
+binder_call(updater_app, update_engine)
+
+allow updater_app app_api_service:service_manager find;
+allow updater_app recovery_service:service_manager find;
+allow updater_app system_api_service:service_manager find;
+allow updater_app update_engine_service:service_manager find;
+
+allow updater_app app_data_file:dir create_dir_perms;
+allow updater_app app_data_file:{ file lnk_file } create_file_perms;
+
+allow updater_app cache_file:dir r_dir_perms;
+
+allow updater_app cache_recovery_file:dir rw_dir_perms;
+allow updater_app cache_recovery_file:file create_file_perms;
+
+allow updater_app ota_package_file:dir create_dir_perms;
+allow updater_app ota_package_file:file create_file_perms;
+
+get_prop(updater_app, default_prop)
+get_prop(updater_app, build_prop)

target/config/permissions/aospa-power-whitelist.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2021 Yet Another AOSP Project
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+          http://www.apache.org/licenses/LICENSE-2.0
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<config>
+    <allow-in-power-save package="eu.chainfire.opendelta" />
+</config>

target/product/aospa-target.mk

@@ -33,9 +33,9 @@ PRODUCT_SYSTEM_PROPERTIES += \
 # Boot Animation
 $(call inherit-product, vendor/aospa/bootanimation/bootanimation.mk)
 
-# Camera
+# OpenDelta
 PRODUCT_PACKAGES += \
-    GoogleCameraGo
+    OpenDelta
 
 # Charger
 PRODUCT_SYSTEM_EXT_PROPERTIES += \
@@ -166,7 +166,8 @@ PRODUCT_SYSTEM_EXT_PROPERTIES += \
 # Permissions
 PRODUCT_COPY_FILES += \
     vendor/aospa/target/config/permissions/default_permissions_com.google.android.deskclock.xml:$(TARGET_COPY_OUT_PRODUCT)/etc/default-permissions/default_permissions_com.google.android.deskclock.xml \
-    vendor/aospa/target/config/permissions/privapp-permissions-hotword.xml:$(TARGET_COPY_OUT_PRODUCT)/etc/permissions/privapp-permissions-hotword.xml
+    vendor/aospa/target/config/permissions/privapp-permissions-hotword.xml:$(TARGET_COPY_OUT_PRODUCT)/etc/permissions/privapp-permissions-hotword.xml \
+    vendor/aospa/target/config/permissions/aospa-power-whitelist.xml:$(TARGET_COPY_OUT_SYSTEM)/etc/sysconfig/aospa-power-whitelist.xml
 
 # Privapp-permissions
 PRODUCT_SYSTEM_EXT_PROPERTIES += \

target/product/version.mk

@@ -74,3 +74,6 @@ PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
     ro.aospa.version.major=$(shell V1=$(AOSPA_MAJOR_VERSION); echo $${V1^}) \
     ro.aospa.version.minor=$(AOSPA_MINOR_VERSION) \
     ro.aospa.build.variant=$(shell V2=$(AOSPA_BUILD_VARIANT); echo $${V2^})
+
+PRODUCT_SYSTEM_DEFAULT_PROPERTIES += \
+     ro.modversion=$(AOSPA_VERSION)