From acf6b1f5ae550c37055ecde6effb08331a53c8fc Mon Sep 17 00:00:00 2001
From: Ilya Matyukhin <ilyamaty@google.com>
Date: Mon, 12 Apr 2021 16:47:20 -0700
Subject: [PATCH] Add sepolicy for SystemUIGoogle to write to lhbm

Bug: 184768835
Bug: 182520014
Test: adb logcat | grep "avc: denied"
Change-Id: Ia200983c87e0b826a0b62052e65cc731453a632f
---
 whitechapel/vendor/google/file.te         | 4 ++++
 whitechapel/vendor/google/genfs_contexts  | 4 ++++
 whitechapel/vendor/google/platform_app.te | 7 +++++++
 3 files changed, 15 insertions(+)

diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index e6419b61..e7b7d513 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -188,3 +188,7 @@ type sysfs_bcmdhd, sysfs_type, fs_type;
 
 # Video
 type sysfs_video, sysfs_type, fs_type;
+
+# TODO(b/184768835): remove this once the bug is fixed
+# LHBM (Local High Brightness Mode)
+type sysfs_lhbm, sysfs_type, fs_type, mlstrustedobject;
diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts
index b31a7d0b..47b98d42 100644
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@@ -111,6 +111,10 @@ genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/gamma
 genfscon sysfs /devices/platform/1c2c0000.drmdsim/hs_clock                       u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/1c2d0000.drmdsim/hs_clock                       u:object_r:sysfs_display:s0
 
+# TODO(b/184768835): remove this once the bug is fixed
+# Display / LHBM (Local High Brightness Mode)
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/local_hbm_mode u:object_r:sysfs_lhbm:s0
+
 # Modem
 genfscon sysfs /devices/platform/cp-tm1/cp_temp                                u:object_r:sysfs_modem:s0
 
diff --git a/whitechapel/vendor/google/platform_app.te b/whitechapel/vendor/google/platform_app.te
index 246ec357..b10c994c 100644
--- a/whitechapel/vendor/google/platform_app.te
+++ b/whitechapel/vendor/google/platform_app.te
@@ -12,3 +12,10 @@ binder_call(platform_app, twoshay)
 
 # Fingerprint (UDFPS) GHBM/LHBM toggle
 get_prop(platform_app, fingerprint_ghbm_prop)
+
+# TODO(b/184768835): remove this once the bug is fixed
+# Fingerprint (UDFPS) LHBM access
+userdebug_or_eng(`
+  allow platform_app sysfs_leds:dir search;
+  allow platform_app sysfs_lhbm:file rw_file_perms;
+')