From 24693cd264337394d086239eea27ed67eb59a8c6 Mon Sep 17 00:00:00 2001
From: Alfred Lin <llinlinlin@google.com>
Date: Fri, 8 Oct 2021 07:38:26 +0000
Subject: [PATCH] [Display] Add SELinux policy for
 hal_graphics_composer_default

Add SELinux policy for hal_graphics_composer_default to find persist_display_file

Bug: 202487234

Test: device boot will not find avc denied log as "avc: denied { search } for name="display" dev="sda1" ino=21 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:persist_display_file:s0 tclass=dir permissive=0"
Change-Id: I8fc386cb18397911404e1f2803601711e40edead
---
 display/gs101/hal_graphics_composer_default.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/display/gs101/hal_graphics_composer_default.te b/display/gs101/hal_graphics_composer_default.te
index 0b4c26e8..1bea8b50 100644
--- a/display/gs101/hal_graphics_composer_default.te
+++ b/display/gs101/hal_graphics_composer_default.te
@@ -16,6 +16,7 @@ userdebug_or_eng(`
 allow hal_graphics_composer_default mnt_vendor_file:dir search;
 allow hal_graphics_composer_default persist_file:dir search;
 allow hal_graphics_composer_default persist_display_file:file r_file_perms;
+allow hal_graphics_composer_default persist_display_file:dir search;
 
 # allow HWC to r/w backlight
 allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms;