From 81aaf6cda36e88c0deedb8f41dc1ef6f042da3a3 Mon Sep 17 00:00:00 2001
From: linpeter <linpeter@google.com>
Date: Mon, 19 Apr 2021 21:06:45 +0800
Subject: [PATCH] Add sepolicy for hwcomposer to access lhbm sysfs

avc: denied { read write } for comm="android.hardwar" name="local_hbm_mode" dev="sysfs" ino=70189 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:sysfs_lhbm:s0 tclass=file permissive=0

Bug: 190563896
test: check avc denied
Change-Id: I0f6abc1244d24781ff3318908b524a889490993d
---
 display/gs101/hal_graphics_composer_default.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/display/gs101/hal_graphics_composer_default.te b/display/gs101/hal_graphics_composer_default.te
index 0b4c26e8..aa429277 100644
--- a/display/gs101/hal_graphics_composer_default.te
+++ b/display/gs101/hal_graphics_composer_default.te
@@ -40,3 +40,6 @@ allow hal_graphics_composer_default vendor_log_file:file create_file_perms;
 # allow HWC to output to dumpstate via pipe fd
 allow hal_graphics_composer_default hal_dumpstate_default:fifo_file { append write };
 allow hal_graphics_composer_default hal_dumpstate_default:fd use;
+
+# allow HWC to access LHBM sysfs
+allow hal_graphics_composer_default sysfs_lhbm:file rw_file_perms;