From a1f0d2aa9a69b09a022c1aafbf9d3a5d9e95ed8a Mon Sep 17 00:00:00 2001
From: Roshan Pius <rpius@google.com>
Date: Tue, 1 Mar 2022 07:27:43 -0800
Subject: [PATCH] gs-sepolicy: Fix legacy UWB stack sepolicy rules

This rule was present on previous devices.

Denial logs:
02-24 09:22:08.214   427   427 E SELinux : avc:  denied  { find } for
pid=1479 uid=1000 name=uwb_vendor scontext=u:r:system_server:s0
tcontext=u:object_r:uwb_vendor_service:s0 tclass=service_manager permissive=0

Bug: 221292100
Test: Compiles
Change-Id: I6de4000a9cebf46a0d94032aade7b2d40b94ca16
---
 whitechapel_pro/system_server.te | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/whitechapel_pro/system_server.te b/whitechapel_pro/system_server.te
index 0e0a159b..6e797f55 100644
--- a/whitechapel_pro/system_server.te
+++ b/whitechapel_pro/system_server.te
@@ -1 +1,7 @@
 binder_call(system_server, hal_camera_default);
+
+# Allow system server to find vendor uwb service. In the legacy
+# UWB stack, system_server talks directly to the vendor stack.
+# TODO(b/186585880): This will be obsoleted when the new UCI stack for
+# UWB lands.
+allow system_server uwb_vendor_service:service_manager find;