From 3f91d6417ab1b25f6e95540a089144f7a9021d2e Mon Sep 17 00:00:00 2001
From: Chia-Ching Yu <ethanyu@google.com>
Date: Mon, 26 Apr 2021 04:22:34 +0800
Subject: [PATCH] Add sepolicy for sensor HAL to read lhbm

04-23 08:54:18.000   742   742 I /vendor/bin/hw/android.hardware.sensors@2.0-service.multihal: type=1400 audit(0.0:23): avc: denied { read } for comm=504F5349582074696D6572203430 name="local_hbm_mode" dev="sysfs" ino=70515 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_lhbm:s0 tclass=file permissive=1

Bug: 181617640
Test: Forrest build with this patch(ab/P22167685).
      No local_hbm_mode related avc deined log.
Change-Id: Ibac3317cbca8652885310b1f5af8f4ea4d44a5c4
---
 usf/sensor_hal.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/usf/sensor_hal.te b/usf/sensor_hal.te
index f10cd46a..ce088a9c 100644
--- a/usf/sensor_hal.te
+++ b/usf/sensor_hal.te
@@ -54,3 +54,6 @@ allow hal_sensors_default fwk_stats_service:service_manager find;
 
 # Allow access to CHRE socket to connect to nanoapps.
 unix_socket_connect(hal_sensors_default, chre, chre)
+
+# Allow sensor HAL to read lhbm.
+allow hal_sensors_default sysfs_lhbm:file r_file_perms;