From d1f3ee501fdaeffb271f28abf86c9175bc2a839c Mon Sep 17 00:00:00 2001
From: Cheng Chang <chengcha@google.com>
Date: Tue, 19 Mar 2024 03:45:45 +0000
Subject: [PATCH] sepolicy: Allow PixelGnss to connect to Chre HAL

avc:  denied  { call } for  scontext=u:r:hal_contexthub_default:s0 tcontext=u:r:hal_gnss_pixel:s0 tclass=binder permissive=0

Bug: 330120749
Test: Verify PixelGnss HAL can connect to Chre HAL.
Test: Function test verification b/330120749.
Test: b/330120749#comment24 health boot check.
Test: b/330120749#comment25 health boot check.
Change-Id: Ida89c542e8dc4ce29011357255385a0661962e16
---
 vendor/hal_contexthub_default.te | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 vendor/hal_contexthub_default.te

diff --git a/vendor/hal_contexthub_default.te b/vendor/hal_contexthub_default.te
new file mode 100644
index 0000000..e749f01
--- /dev/null
+++ b/vendor/hal_contexthub_default.te
@@ -0,0 +1,6 @@
+#
+# Context hub multiclient HAL common selinux policies
+#
+# Allow binder call to PixelGnss PPS function.
+binder_call(hal_contexthub_default, hal_gnss_pixel)
+