From 85937908707f6c65b42ef586b7b9f5a43bb3892e Mon Sep 17 00:00:00 2001
From: raju <raju.mallikarjun.chegaraddi@intel.com>
Date: Wed, 23 Aug 2023 05:31:41 +0000
Subject: [PATCH 1/2] adding se-policies partition based disk swap

Signed-off-by: raju <raju.mallikarjun.chegaraddi@intel.com>
---
 partition_based_swap/create_swap.te | 18 ++++++++++++++++++
 partition_based_swap/file_contexts  |  1 +
 2 files changed, 19 insertions(+)
 create mode 100644 partition_based_swap/create_swap.te
 create mode 100644 partition_based_swap/file_contexts

diff --git a/partition_based_swap/create_swap.te b/partition_based_swap/create_swap.te
new file mode 100644
index 00000000..a7cc11a1
--- /dev/null
+++ b/partition_based_swap/create_swap.te
@@ -0,0 +1,18 @@
+type create_swap, domain;
+type create_swap_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(create_swap)
+
+allow create_swap vendor_file:file rx_file_perms;
+allow create_swap proc_meminfo:file r_file_perms;
+# allow the create_swap domain to set prop sys.low_ram
+set_prop(create_swap, vendor_mem_prop)
+
+not_full_treble(`
+  allow create_swap system_file:file rx_file_perms;
+  allow create_swap shell_exec:file rx_file_perms;
+')
+full_treble_only(`
+  allow create_swap vendor_shell_exec:file rx_file_perms;
+  allow create_swap vendor_toolbox_exec:file rx_file_perms;
+')
diff --git a/partition_based_swap/file_contexts b/partition_based_swap/file_contexts
new file mode 100644
index 00000000..fc04ed2d
--- /dev/null
+++ b/partition_based_swap/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/create_swap.sh u:object_r:create_swap_exec:s0

From 02ab08d9bade29e66c3a6d9547886e880f728ed1 Mon Sep 17 00:00:00 2001
From: raju <raju.mallikarjun.chegaraddi@intel.com>
Date: Sun, 27 Aug 2023 14:55:30 +0000
Subject: [PATCH 2/2] adding se-policies for filebased swap

Signed-off-by: raju <raju.mallikarjun.chegaraddi@intel.com>
---
 file_based_swap/create_swap.te | 20 ++++++++++++++++++++
 file_based_swap/file_contexts  |  1 +
 2 files changed, 21 insertions(+)
 create mode 100644 file_based_swap/create_swap.te
 create mode 100644 file_based_swap/file_contexts

diff --git a/file_based_swap/create_swap.te b/file_based_swap/create_swap.te
new file mode 100644
index 00000000..15642d55
--- /dev/null
+++ b/file_based_swap/create_swap.te
@@ -0,0 +1,20 @@
+type create_swap, domain;
+type create_swap_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(create_swap)
+
+allow create_swap vendor_file:file rx_file_perms;
+allow create_swap proc_meminfo:file r_file_perms;
+
+# allow the create_swap domain to set prop sys.enable_swap
+set_prop(create_swap, vendor_mem_prop)
+
+not_full_treble(`
+  allow create_swap system_file:file rx_file_perms;
+  allow create_swap shell_exec:file rx_file_perms;
+')
+
+full_treble_only(`
+  allow create_swap vendor_shell_exec:file rx_file_perms;
+  allow create_swap vendor_toolbox_exec:file rx_file_perms;
+')
diff --git a/file_based_swap/file_contexts b/file_based_swap/file_contexts
new file mode 100644
index 00000000..fc04ed2d
--- /dev/null
+++ b/file_based_swap/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/create_swap.sh u:object_r:create_swap_exec:s0