From 25ea0f418ac60689ad7dfdab5018b23446220c65 Mon Sep 17 00:00:00 2001
From: Sandeep Dhavale <dhavale@google.com>
Date: Tue, 8 Nov 2022 23:32:50 +0000
Subject: [PATCH] Add sepolicy rules for fastboot AIDL service

Bug: 205760652
Test: Build & Flash

Change-Id: I02fe5ca6c0276fd08cf5127b7d8b7313374f0cfe
Signed-off-by: Sandeep Dhavale <dhavale@google.com>
---
 whitechapel_pro/hal_fastboot_default.te | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 whitechapel_pro/hal_fastboot_default.te

diff --git a/whitechapel_pro/hal_fastboot_default.te b/whitechapel_pro/hal_fastboot_default.te
new file mode 100644
index 00000000..134f4302
--- /dev/null
+++ b/whitechapel_pro/hal_fastboot_default.te
@@ -0,0 +1,18 @@
+binder_use(hal_fastboot_default)
+
+# For get-off-mode charge state
+allow hal_fastboot_default devinfo_block_device:blk_file { open read };
+allow hal_fastboot_default kmsg_device:chr_file { open write };
+
+# For dev/block/by-name dir
+allow hal_fastboot_default block_device:dir r_dir_perms;
+
+allow hal_fastboot_default tmpfs:dir rw_dir_perms;
+allow hal_fastboot_default rootfs:dir r_dir_perms;
+
+# For set-brightness
+allow hal_fastboot_default sysfs_leds:dir search;
+allow hal_fastboot_default sysfs_leds:file rw_file_perms;
+allow hal_fastboot_default sysfs_leds:lnk_file read;
+
+allow hal_fastboot_default citadel_device:chr_file getattr;