platform_system_sepolicy/private/virtual_touchpad.te

typeattribute virtual_touchpad coredomain;

init_daemon_domain(virtual_touchpad)

binder_use(virtual_touchpad)
binder_service(virtual_touchpad)
add_service(virtual_touchpad, virtual_touchpad_service)

# Needed to check app permissions.
binder_call(virtual_touchpad, system_server)

# Requires access to /dev/uinput to create and feed the virtual device.
allow virtual_touchpad uhid_device:chr_file { w_file_perms ioctl };

# Requires access to the permission service to validate that clients have the
# appropriate VR permissions.
allow virtual_touchpad permission_service:service_manager find;