From 303cf04de1bc9ee566fa53d779216ed6171f75bf Mon Sep 17 00:00:00 2001
From: Cheng Chang <chengcha@google.com>
Date: Thu, 14 Nov 2024 08:30:49 +0000
Subject: [PATCH] sepolicy: Allow hal_gnss_pixel create file

[ 7564.504317] type=1400 audit(1731556655.872:63): avc:  denied  { create } for  comm="android.hardwar" name="android.hardware.gnss-service.pixel" scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:vendor_gps_file:s0 tclass=file permissive=0 bug=b/378004800

flag: EXEMPT the function has been verified at userdebug ROM.
Bug: 378004800
Bug: 377446770
Test: b/378004800 abtd to check sepolicy
Test: b/377446770#comment1 verified the coredump function on user ROM.
Change-Id: If5cbe1dfde904f7d1eb0daaa53fa6bef19161f01
---
 gps/pixel/sepolicy/hal_gnss_pixel.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gps/pixel/sepolicy/hal_gnss_pixel.te b/gps/pixel/sepolicy/hal_gnss_pixel.te
index e3e4d92..b9e1bd4 100644
--- a/gps/pixel/sepolicy/hal_gnss_pixel.te
+++ b/gps/pixel/sepolicy/hal_gnss_pixel.te
@@ -24,3 +24,6 @@ allow hal_gnss_pixel vendor_gps_file:fifo_file create_file_perms;
 # Allow access ssrdump information
 allow hal_gnss_pixel sscoredump_vendor_data_crashinfo_file:file r_file_perms;
 allow hal_gnss_pixel sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
+
+# Allow pixel gnss access vendor_gps_file
+allow hal_gnss_pixel vendor_gps_file:file create_file_perms;