From 9a7af460a56a92a9ed2bad173d58f40547eb564c Mon Sep 17 00:00:00 2001
From: Chia-Chi Teng <ccteng@google.com>
Date: Mon, 11 Mar 2024 19:01:57 +0000
Subject: [PATCH 1/2] sepolicy: Allow PixelGnss to connect to Chre HAL

avc:  denied  { read } for  name="u:object_r:vendor_chre_hal_prop:s0" dev="tmpfs" ino=401 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:vendor_chre_hal_prop:s0 tclass=file permissive=0
avc:  denied  { find } for pid=900 uid=1021 name=android.hardware.contexthub.IContextHub/default scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:hal_contexthub_service:s0 tclass=service_manager permissive=0
avc:  denied  { call } for  scontext=u:r:hal_gnss_pixel:s0 tcontext=u:r:hal_contexthub_default:s0 tclass=binder permissive=0
avc:  denied  { call } for  scontext=u:r:hal_contexthub_default:s0 tcontext=u:r:hal_gnss_pixel:s0 tclass=binder permissive=0

Bug: 316227249
Test: Verify PixelGnss HAL can connect to Chre HAL.
Test: Function test verification b/330120749 without disable selinux.
Test: No avc error log in logcat.
Change-Id: Ia1052dbc14fdbb6287cd0958b30e1a1a116b7a80
---
 gps/pixel/sepolicy/hal_gnss_pixel.te | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/gps/pixel/sepolicy/hal_gnss_pixel.te b/gps/pixel/sepolicy/hal_gnss_pixel.te
index 512ecc9..0d9a8b5 100644
--- a/gps/pixel/sepolicy/hal_gnss_pixel.te
+++ b/gps/pixel/sepolicy/hal_gnss_pixel.te
@@ -12,3 +12,10 @@ allow hal_gnss_pixel sysfs_modem_state:file r_file_perms;
 
 #Toggle coredump node
 allow hal_gnss_pixel sysfs_gps:file rw_file_perms;
+
+# Allow access to CHRE multiclient HAL.
+get_prop(hal_gnss_pixel, vendor_chre_hal_prop)
+
+# Allow binder to CHRE.
+binder_call(hal_gnss_pixel, hal_contexthub_default)
+allow hal_gnss_pixel hal_contexthub_service:service_manager find;

From d4de4ddf902f75ebcb6b0e1079e78b8a96410ed5 Mon Sep 17 00:00:00 2001
From: Klines Jiang <klinesjiang@google.com>
Date: Mon, 25 Mar 2024 08:58:41 +0000
Subject: [PATCH 2/2] [Gyotaku] Update the build rule to exclude build Gyotaku
 dump for barbet

Pixel 5a (barbet) does not support Pixel dump, we need to exclude build
Pixel dump for Pixel 5a (barbet). The git_24Q2-beta-release TARGET_PRODUCT is barbet_beta, updated to barbet% for all barbet target products.

Bug: 330819191

Test: Local build and trigger a new build the result passed

Change-Id: I2c1785105bab74a483bc68893d96a8a88eabfd90
---
 gyotaku_app/gyotaku.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gyotaku_app/gyotaku.mk b/gyotaku_app/gyotaku.mk
index c6c41d5..8a6bb10 100644
--- a/gyotaku_app/gyotaku.mk
+++ b/gyotaku_app/gyotaku.mk
@@ -6,7 +6,7 @@ ifneq ($(TARGET_BUILD_VARIANT), user)
       BOARD_SEPOLICY_DIRS += device/google/gs-common/gyotaku_app/sepolicy/
 
       # Pixel 5a (barbet) does not support Pixel dump
-      ifneq ($(TARGET_PRODUCT), barbet)
+      ifeq (,$(filter barbet%,$(TARGET_PRODUCT)))
         PRODUCT_PACKAGES_DEBUG += dump_gyotaku
         BOARD_SEPOLICY_DIRS += device/google/gs-common/gyotaku_app/dump
       endif