From 94095e1fd38f53f1478650d073b462032d05a60e Mon Sep 17 00:00:00 2001
From: matthuang <matthuang@google.com>
Date: Mon, 8 Mar 2021 13:59:03 +0800
Subject: [PATCH] sepolicy: add sensor related rules for AIDL APIs

SELinux : avc:  denied  { find } for pid=703 uid=1000name=android.frameworks.stats.IStats/default
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=1
android.hardwar: type=1400 audit(0.0:24): avc: denied { transfer } for scontext=u:r:hal_sensors_default:s0
tcontext=u:r:servicemanager:s0 tclass=binder permissive=1

Bug: 182086688
Test: make selinux_policy -j128 and push to device.
Test: avc denials are disappeared in boot log.
Change-Id: I13e658c1cef3bd24ae25cc1c22dd9336b4e45b0f
---
 whitechapel/vendor/google/hal_sensors_default.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/whitechapel/vendor/google/hal_sensors_default.te b/whitechapel/vendor/google/hal_sensors_default.te
index 64620ba3..396fd3c5 100644
--- a/whitechapel/vendor/google/hal_sensors_default.te
+++ b/whitechapel/vendor/google/hal_sensors_default.te
@@ -17,3 +17,7 @@ allow hal_sensors_default fwk_stats_hwservice:hwservice_manager find;
 
 # Allow access to the sysfs_aoc.
 allow hal_sensors_default sysfs_aoc:dir search;
+
+# Allow SensorSuez to connect AIDL stats.
+binder_use(hal_sensors_default);
+allow hal_sensors_default fwk_stats_service:service_manager find;