From 89f5fff66865417710ed5acfd2fbfa325f158576 Mon Sep 17 00:00:00 2001
From: Sandeep Dhavale <dhavale@google.com>
Date: Thu, 24 Nov 2022 04:16:33 +0000
Subject: [PATCH] Add fastboot sepolicy changes to allow wiping of device

With new AIDL fastboot service, wiping permissions need to be added
for hal_fastboot_default.

Bug: 260140380
Test: fastboot -w

Change-Id: I08e98461d0697d7539e14435acdacc3cc64eab3d
Signed-off-by: Sandeep Dhavale <dhavale@google.com>
---
 whitechapel_pro/hal_fastboot_default.te | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/whitechapel_pro/hal_fastboot_default.te b/whitechapel_pro/hal_fastboot_default.te
index 134f4302..396120e2 100644
--- a/whitechapel_pro/hal_fastboot_default.te
+++ b/whitechapel_pro/hal_fastboot_default.te
@@ -15,4 +15,10 @@ allow hal_fastboot_default sysfs_leds:dir search;
 allow hal_fastboot_default sysfs_leds:file rw_file_perms;
 allow hal_fastboot_default sysfs_leds:lnk_file read;
 
-allow hal_fastboot_default citadel_device:chr_file getattr;
+#for fastboot -w (wiping device)
+allow hal_fastboot_default citadel_device:chr_file { rw_file_perms };
+allow hal_fastboot_default proc_bootconfig:file { rw_file_perms };
+allow hal_fastboot_default proc_cmdline:file { rw_file_perms };
+allow hal_fastboot_default st54spi_device:chr_file { rw_file_perms };
+allow hal_fastboot_default metadata_block_device:blk_file { rw_file_perms };
+allowxperm hal_fastboot_default metadata_block_device:blk_file ioctl { BLKSECDISCARD BLKDISCARD };