From 04275485f7862a54367f1d56c4a42007f27c9196 Mon Sep 17 00:00:00 2001
From: matthuang <matthuang@google.com>
Date: Mon, 8 Mar 2021 14:07:36 +0800
Subject: [PATCH] sepolicy: add usf folder to BOARD_SEPOLICY_DIRS.

03-08 09:26:34.320   701   701 I MonitorFdThread: type=1400
audit(0.0:5): avc: denied { read } for name="/" dev="tmpfs" ino=1
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:device:s0
tclass=dir permissive=1
03-08 09:26:34.320   701   701 I MonitorFdThread: type=1400
audit(0.0:6): avc: denied { watch } for path="/dev" dev="tmpfs" ino=1
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:device:s0
tclass=dir permissive=1
03-08 09:26:36.344   701   701 I android.hardwar: type=1400
audit(0.0:11): avc: denied { read write } for name="acd-com.google.usf"
dev="tmpfs" ino=932 scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:aoc_device:s0 tclass=chr_file permissive=1
03-08 09:26:36.344   701   701 I android.hardwar: type=1400
audit(0.0:12): avc: denied { open } for path="/dev/acd-com.google.usf"
dev="tmpfs" ino=932 scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:aoc_device:s0 tclass=chr_file permissive=1
03-08 09:26:36.948   701   701 I android.hardwar: type=1400
audit(0.0:13): avc: denied { search } for name="vendor" dev="tmpfs"
ino=2 scontext=u:r:hal_sensors_default:s0
tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=1
03-08 09:26:36.948   701   701 I android.hardwar: type=1400
audit(0.0:14): avc: denied { search } for name="/" dev="sda1" ino=2
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:persist_file:s0
tclass=dir permissive=1
03-08 09:26:36.952   701   701 I android.hardwar: type=1400
audit(0.0:15): avc: denied { getattr } for
path="/mnt/vendor/persist/sensors/registry" dev="sda1" ino=24
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:persist_file:s0
tclass=dir permissive=1
03-08 09:26:36.952   701   701 I android.hardwar: type=1400
audit(0.0:16): avc: denied { read } for name="registry" dev="sda1"
ino=24

Bug:182086633
Test: make selinux_policy -j128 and push to device.
Test: avc denials are disappeared in boot log.

Change-Id: Id7ad6dcb63c880a4b7b07dbe4588ec231e9e00b5
---
 gs101-sepolicy.mk | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gs101-sepolicy.mk b/gs101-sepolicy.mk
index c08b8023..e623328a 100644
--- a/gs101-sepolicy.mk
+++ b/gs101-sepolicy.mk
@@ -21,3 +21,6 @@ BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
 # Display
 BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/display/common
 BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/display/gs101
+
+# Micro sensor framework (usf)
+BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/usf