Include test folder policies and fix build errors.

Change-Id: I1f8393adced420f2fbf5f36294325f3aeda0285c

Android.mk

@@ -14,4 +14,9 @@ BOARD_PLAT_PUBLIC_SEPOLICY_DIR := \
 BOARD_PLAT_PRIVATE_SEPOLICY_DIR := \
     $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR) \
     $(LOCAL_PATH)/private
+
+ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
+BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/vendor/test
+endif
+
 endif

vendor/test/energyawareness.te

@@ -24,10 +24,3 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-#Access to power costs for testing
-
-userdebug_or_eng(`
-allow energyawareness qti_debugfs:dir r_dir_perms;
-allow energyawareness qti_debugfs:file rw_file_perms;
-')

vendor/test/fidotest.te

@@ -29,8 +29,6 @@ type fidotest, domain;
 type fidotest_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(fidotest)
 userdebug_or_eng(`
-  #Allow fido test daemons to use Binder IPC
-  #binder_use(fidotest)
 
   #Allow apps to interact with fido test daemons
   binder_call(fidotest, platform_app)
@@ -38,9 +36,6 @@ userdebug_or_eng(`
   binder_call(fidotest, system_app)
   binder_call(system_app, fidotest)
 
-  # Mark fido test daemons as a Binder service domain
-  #binder_service(fidotest)
-
   #Allow fido test daemons to be registered with service manager
   allow fidotest fidotest_service:service_manager add;
 
@@ -54,6 +49,4 @@ userdebug_or_eng(`
   allow fidotest firmware_file:dir r_dir_perms;
   allow fidotest firmware_file:file r_file_perms;
 
-  # Allow service manager to find
-  #allow qsee_svc_app fidotest_service:service_manager find;
 ')

vendor/test/file.te

@@ -25,9 +25,5 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-#Define the files written during the operation of mm-pp-daemon
-type display_test_media_file, file_type, data_file_type;
 # kgsl snapshot file type for sysfs access
 type sysfs_kgsl_snapshot, sysfs_type, fs_type;
-# To allow GPU application to write "/data/vendor/gpu" path
-#typeattribute coredump_file mlstrustedobject,  data_file_type;

vendor/test/file_contexts

@@ -92,10 +92,6 @@
 /(vendor|system/vendor)/bin/sns.*               u:object_r:sensors_test_exec:s0
 #for testscripts support
 /(vendor|system/vendor)/bin/init\.qcom\.vendor\.testscripts\.sh u:object_r:vendor-qti-testscripts_exec:s0
-
-#Context for mediaserver
-/data/display-tests/media(/.*)?                 u:object_r:display_test_media_file:s0
-
 #TODO: coredump_file need have a attribute of data_file_type and
 # is going to show compile time issue need to fix this
 #Context for GPU applications

vendor/test/genfs_contexts

@@ -24,6 +24,3 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-genfscon debugfs /regmap u:object_r:qti_debugfs:s0
-genfscon debugfs /asoc u:object_r:qti_debugfs:s0

vendor/test/qmi_ping.te

@@ -31,11 +31,8 @@ type qmi_ping_exec, exec_type, vendor_file_type, file_type;
 userdebug_or_eng(`
   type qmi_ping, domain;
   domain_auto_trans(shell, qmi_ping_exec, qmi_ping)
-  #domain_auto_trans(adbd, qmi_ping_exec, qmi_ping)
   #test launched from pseudo terminal, so output goes there
   allow qmi_ping devpts:chr_file {read write ioctl getattr};
-  #to access smem logs
-  allow qmi_ping smem_log_device:chr_file {read write open ioctl};
   #enable accessing the path where qmuxds named sockets are present
   #to interface with qmuxd through unix sockets
   #to use socket interface to ipc router

vendor/test/qmi_test_service.te

@@ -36,8 +36,6 @@ userdebug_or_eng(`
   allow qmi_test_service shell:fd use;
   #test is launched from pseudo terminal so output goes there
   allow qmi_test_service devpts:chr_file {read write getattr ioctl};
-  #to access smem log
-  allow qmi_test_service smem_log_device:chr_file {read write open ioctl};
   #enable accessing the path where qmuxds named sockets are present
   #to interface with qmuxd through unix sockets
   #to access ipc router socket
@@ -45,7 +43,4 @@ userdebug_or_eng(`
   #enable running test as root user => privileged process
   #enable privileged processes to bypass permission checks
   allow qmi_test_service qmi_test_service:capability {setgid setuid fsetid};
-  #enable accessing the system health monitor to check the system health,
-  #if a request times out
-  allow qmi_test_service system_health_monitor_device:chr_file rw_file_perms;
 ')

vendor/test/qseeproxysample.te

@@ -29,15 +29,6 @@ type qseeproxysample, domain;
 type qseeproxysample_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(qseeproxysample)
 userdebug_or_eng(`
-  #Allow test daemons to use Binder IPC
-  #binder_use(qseeproxysample)
-
-  #Allow services to interact with test daemon
-  binder_call(qseeproxysample, qsee_svc_app)
-  binder_call(qsee_svc_app, qseeproxysample)
-
-  # Mark test daemon as a Binder service domain
-  #binder_service(qseeproxysample)
 
   #Allow test daemon to be registered with service manager
   allow qseeproxysample qseeproxysample_service:service_manager add;
@@ -55,6 +46,4 @@ userdebug_or_eng(`
   allow qseeproxysample firmware_file:dir r_dir_perms;
   allow qseeproxysample firmware_file:file r_file_perms;
 
-  #Allow service manager to find
-  #allow qsee_svc_app qseeproxysample_service:service_manager find;
 ')

vendor/test/seapp_contexts

@@ -25,12 +25,5 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-user=_app seinfo=platform name=com.qualcomm.location.qvtester domain=location_app type=location_app_data_file
-user=_app seinfo=platform name=com.qualcomm.qct.dlt domain=location_app type=location_app_data_file
-
-#Add new domain for QSEE sample services
-user=system seinfo=platform name=com.qualcomm.qti.auth.securesampleauthservice domain=qsee_svc_app type=qsee_svc_app_data_file
-user=system seinfo=platform name=com.qualcomm.qti.auth.secureextauthservice domain=qsee_svc_app type=qsee_svc_app_data_file
-
 #Add new domain for pdt apps
 user=system seinfo=platform name=.pdtapps domain=pdt_app type=system_app_data_file

vendor/test/sectest.te

@@ -30,15 +30,10 @@ type sectest_exec, exec_type, vendor_file_type, file_type;
 userdebug_or_eng(`
   init_daemon_domain(sectest)
   # allow sectest access to drm related paths
-  allow sectest persist_file:dir r_dir_perms;
+  allow sectest mnt_vendor_file:dir r_dir_perms;
   r_dir_file(sectest, persist_data_file)
   # Write to drm related pieces of persist partition
   allow sectest persist_drm_file:dir create_dir_perms;
   allow sectest persist_drm_file:file create_file_perms;
   allow sectest tee_device:chr_file rw_file_perms;
-
-  # Allow qseecom to qsee folder so that listeners can create
-  # respective directories
-  allow sectest data_qsee_file:dir create_dir_perms;
-  allow sectest data_qsee_file:file create_file_perms;
 ')

vendor/test/sensors_test.te

@@ -37,8 +37,6 @@ userdebug_or_eng(`
   allow sensors_test devpts:chr_file rw_file_perms;
   allow sensors_test sensors:unix_stream_socket connectto;
   allow sensors_test sensors_device:chr_file rw_file_perms;
-  allow sensors_test sensors_socket:sock_file rw_file_perms;
   allow sensors_test smd_device:chr_file rw_file_perms;
   allow sensors_test socket_device:dir r_dir_perms;
-  allow system_app sensors_test_exec:file rx_file_perms;
 ')

vendor/test/system_app.te

@@ -28,12 +28,8 @@
 #============= system_app ==============
 userdebug_or_eng(`
   # Rules for QSensors Test Application
-  #allow system_app sensors:unix_stream_socket connectto;
   allow system_app sensors_device:chr_file getattr;
-  allow system_app sensors_socket:sock_file write;
   allow system_app socket_device:dir read;
 
   allow system_app self:socket create_socket_perms_no_ioctl;
-  allow system_app sensors_persist_file:dir r_dir_perms;
-  allow system_app sensors_persist_file:file r_file_perms;
 ')