From a4dbe2ef4069bcb18eef32518c53554eb499c066 Mon Sep 17 00:00:00 2001
From: Rick Yiu <rickyiu@google.com>
Date: Thu, 3 Jun 2021 17:52:36 +0800
Subject: [PATCH] gs101-sepolicy: Fix avc denials for sysfs_vendor_sched

Bug: 190011861
Bug: 190011862
Bug: 190011863
Bug: 190012301
Bug: 190012320
Test: boot to home
Change-Id: Icddb42fb194547211e33cf1d871e839a954b0919
---
 whitechapel/vendor/google/hbmsvmanager_app.te | 3 +++
 whitechapel/vendor/google/nfc.te              | 2 ++
 whitechapel/vendor/google/platform_app.te     | 3 +++
 whitechapel/vendor/google/radio.te            | 2 ++
 whitechapel/vendor/google/secure_element.te   | 2 ++
 5 files changed, 12 insertions(+)
 create mode 100644 whitechapel/vendor/google/nfc.te
 create mode 100644 whitechapel/vendor/google/secure_element.te

diff --git a/whitechapel/vendor/google/hbmsvmanager_app.te b/whitechapel/vendor/google/hbmsvmanager_app.te
index 534f6c82..2300a2a8 100644
--- a/whitechapel/vendor/google/hbmsvmanager_app.te
+++ b/whitechapel/vendor/google/hbmsvmanager_app.te
@@ -2,6 +2,9 @@ type hbmsvmanager_app, domain, coredomain;
 
 app_domain(hbmsvmanager_app);
 
+allow hbmsvmanager_app sysfs_vendor_sched:dir r_dir_perms;
+allow hbmsvmanager_app sysfs_vendor_sched:file w_file_perms;
+
 allow hbmsvmanager_app hal_pixel_display_service:service_manager find;
 binder_call(hbmsvmanager_app, hal_graphics_composer_default)
 
diff --git a/whitechapel/vendor/google/nfc.te b/whitechapel/vendor/google/nfc.te
new file mode 100644
index 00000000..febd851a
--- /dev/null
+++ b/whitechapel/vendor/google/nfc.te
@@ -0,0 +1,2 @@
+allow nfc sysfs_vendor_sched:dir r_dir_perms;
+allow nfc sysfs_vendor_sched:file w_file_perms;
diff --git a/whitechapel/vendor/google/platform_app.te b/whitechapel/vendor/google/platform_app.te
index 14cf0554..40556ded 100644
--- a/whitechapel/vendor/google/platform_app.te
+++ b/whitechapel/vendor/google/platform_app.te
@@ -4,6 +4,9 @@ allow platform_app hal_exynos_rild_hwservice:hwservice_manager find;
 allow platform_app hal_wlc_hwservice:hwservice_manager find;
 binder_call(platform_app, hal_wlc)
 
+allow platform_app sysfs_vendor_sched:dir r_dir_perms;
+allow platform_app sysfs_vendor_sched:file w_file_perms;
+
 allow platform_app nfc_service:service_manager find;
 allow platform_app uwb_service:service_manager find;
 
diff --git a/whitechapel/vendor/google/radio.te b/whitechapel/vendor/google/radio.te
index ffa43521..47a70dda 100644
--- a/whitechapel/vendor/google/radio.te
+++ b/whitechapel/vendor/google/radio.te
@@ -1 +1,3 @@
 allow radio hal_exynos_rild_hwservice:hwservice_manager find;
+allow radio sysfs_vendor_sched:dir r_dir_perms;
+allow radio sysfs_vendor_sched:file w_file_perms;
diff --git a/whitechapel/vendor/google/secure_element.te b/whitechapel/vendor/google/secure_element.te
new file mode 100644
index 00000000..831d360e
--- /dev/null
+++ b/whitechapel/vendor/google/secure_element.te
@@ -0,0 +1,2 @@
+allow secure_element sysfs_vendor_sched:dir r_dir_perms;
+allow secure_element sysfs_vendor_sched:file w_file_perms;