From 2460cdcc9fec63c33e6a9d7a4d13588fc967bed0 Mon Sep 17 00:00:00 2001
From: Ilya Matyukhin <ilyamaty@google.com>
Date: Wed, 23 Jun 2021 23:38:27 -0700
Subject: [PATCH] raviole: transition SystemUI to use HWC for LHBM

This change removes direct access to the LHBM sysfs node from SystemUI,
but allows SystemUI to make binder calls to the hardware composer (HWC),
which can be used to enable or disable LHBM.

Bug: 191132545
Bug: 190563896
Bug: 184768835
Test: no avc denials
Change-Id: I5417377ff096e869ad772e4fd2fb23f8c1fd4f1e
---
 display/gs101/hal_graphics_composer_default.te    | 3 ---
 tracking_denials/hal_graphics_composer_default.te | 2 --
 usf/sensor_hal.te                                 | 3 ---
 whitechapel/vendor/google/bug_map                 | 1 -
 whitechapel/vendor/google/file.te                 | 4 ----
 whitechapel/vendor/google/genfs_contexts          | 4 ----
 whitechapel/vendor/google/platform_app.te         | 8 ++------
 7 files changed, 2 insertions(+), 23 deletions(-)

diff --git a/display/gs101/hal_graphics_composer_default.te b/display/gs101/hal_graphics_composer_default.te
index aa429277..0b4c26e8 100644
--- a/display/gs101/hal_graphics_composer_default.te
+++ b/display/gs101/hal_graphics_composer_default.te
@@ -40,6 +40,3 @@ allow hal_graphics_composer_default vendor_log_file:file create_file_perms;
 # allow HWC to output to dumpstate via pipe fd
 allow hal_graphics_composer_default hal_dumpstate_default:fifo_file { append write };
 allow hal_graphics_composer_default hal_dumpstate_default:fd use;
-
-# allow HWC to access LHBM sysfs
-allow hal_graphics_composer_default sysfs_lhbm:file rw_file_perms;
diff --git a/tracking_denials/hal_graphics_composer_default.te b/tracking_denials/hal_graphics_composer_default.te
index 9640b83e..e69de29b 100644
--- a/tracking_denials/hal_graphics_composer_default.te
+++ b/tracking_denials/hal_graphics_composer_default.te
@@ -1,2 +0,0 @@
-# b/191132545
-dontaudit hal_graphics_composer_default sysfs_lhbm:file { read write };
diff --git a/usf/sensor_hal.te b/usf/sensor_hal.te
index 502e14c3..03cdc090 100644
--- a/usf/sensor_hal.te
+++ b/usf/sensor_hal.te
@@ -55,6 +55,3 @@ allow hal_sensors_default fwk_stats_service:service_manager find;
 
 # Allow access to CHRE socket to connect to nanoapps.
 unix_socket_connect(hal_sensors_default, chre, chre)
-
-# Allow sensor HAL to read lhbm.
-allow hal_sensors_default sysfs_lhbm:file r_file_perms;
diff --git a/whitechapel/vendor/google/bug_map b/whitechapel/vendor/google/bug_map
index e97b8e14..6faa712a 100644
--- a/whitechapel/vendor/google/bug_map
+++ b/whitechapel/vendor/google/bug_map
@@ -1,2 +1 @@
-hal_graphics_composer_default sysfs_lhbm file b/190563896
 permissioncontroller_app sysfs_vendor_sched file b/190671898
diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index a7eeea53..b961dcd9 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -184,10 +184,6 @@ type sysfs_bcmdhd, sysfs_type, fs_type;
 # Video
 type sysfs_video, sysfs_type, fs_type;
 
-# TODO(b/184768835): remove this once the bug is fixed
-# LHBM (Local High Brightness Mode)
-type sysfs_lhbm, sysfs_type, fs_type, mlstrustedobject;
-
 # UWB vendor
 type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type;
 
diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts
index 34c93866..e0542a78 100644
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@@ -124,10 +124,6 @@ genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_extin
 genfscon sysfs /devices/platform/1c2c0000.drmdsim/hs_clock                         u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/1c2d0000.drmdsim/hs_clock                         u:object_r:sysfs_display:s0
 
-# TODO(b/184768835): remove this once the bug is fixed
-# Display / LHBM (Local High Brightness Mode)
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/local_hbm_mode u:object_r:sysfs_lhbm:s0
-
 # Modem
 genfscon sysfs /devices/platform/cp-tm1/cp_temp                                u:object_r:sysfs_modem:s0
 
diff --git a/whitechapel/vendor/google/platform_app.te b/whitechapel/vendor/google/platform_app.te
index 40556ded..66e7721d 100644
--- a/whitechapel/vendor/google/platform_app.te
+++ b/whitechapel/vendor/google/platform_app.te
@@ -19,9 +19,5 @@ binder_call(platform_app, twoshay)
 # Fingerprint (UDFPS) GHBM/LHBM toggle
 get_prop(platform_app, fingerprint_ghbm_prop)
 
-# TODO(b/184768835): remove this once the bug is fixed
-# Fingerprint (UDFPS) LHBM access
-userdebug_or_eng(`
-  allow platform_app sysfs_leds:dir search;
-  allow platform_app sysfs_lhbm:file rw_file_perms;
-')
+allow platform_app hal_pixel_display_service:service_manager find;
+binder_call(platform_app, hal_graphics_composer_default)