From 39b5815a1e5fb53d90b73a70da00c34974323917 Mon Sep 17 00:00:00 2001
From: Victor Liu <victorliu@google.com>
Date: Thu, 12 Aug 2021 14:53:10 -0700
Subject: [PATCH] allow uwb hal sys_nice access

hardware.qorvo.: type=1400 audit(0.0:9): avc: denied { sys_nice } for capability=23 scontext=u:r:hal_uwb_default:s0 tcontext=u:r:hal_uwb_default:s0 tclass=capability permissive=0
hardware.qorvo.: type=1400 audit(0.0:9): avc: denied { setsched } for scontext=u:r:hal_uwb_default:s0 tcontext=u:r:kernel:s0 tclass=process permissive=0

Bug: 196438549
Signed-off-by: Victor Liu <victorliu@google.com>
Change-Id: I742bae701cfcc7b4842cd63abbc8c275d82c8ba1
---
 whitechapel/vendor/google/uwb_vendor_app.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/whitechapel/vendor/google/uwb_vendor_app.te b/whitechapel/vendor/google/uwb_vendor_app.te
index b9e27426..ed53fd00 100644
--- a/whitechapel/vendor/google/uwb_vendor_app.te
+++ b/whitechapel/vendor/google/uwb_vendor_app.te
@@ -15,5 +15,8 @@ allow uwb_vendor_app radio_service:service_manager find;
 allow uwb_vendor_app uwb_vendor_data_file:file create_file_perms;
 allow uwb_vendor_app uwb_vendor_data_file:dir create_dir_perms;
 
+allow hal_uwb_default self:global_capability_class_set { sys_nice };
+allow hal_uwb_default kernel:process { setsched };
+
 binder_call(uwb_vendor_app, hal_uwb_default)
 ')