From aa55cb6f2e9fe60660dd5734dd5797954a25a60a Mon Sep 17 00:00:00 2001
From: Chungjui Fan <chungjuifan@google.com>
Date: Thu, 8 Sep 2022 09:50:57 +0000
Subject: [PATCH] Add sepolicy of dumping LED file in dumpstate

Bug: 242300919
Change-Id: I14b0af18244c4a71fd7908fdb35e2e86354e02e0
---
 whitechapel_pro/file.te                  | 1 +
 whitechapel_pro/file_contexts            | 1 +
 whitechapel_pro/genfs_contexts           | 4 ++++
 whitechapel_pro/hal_dumpstate_default.te | 7 +++++++
 4 files changed, 13 insertions(+)

diff --git a/whitechapel_pro/file.te b/whitechapel_pro/file.te
index 1ec9e095..d20b6f58 100644
--- a/whitechapel_pro/file.te
+++ b/whitechapel_pro/file.te
@@ -83,6 +83,7 @@ type persist_sensor_reg_file, file_type, vendor_persist_type;
 type persist_ss_file, file_type, vendor_persist_type;
 type persist_uwb_file, file_type, vendor_persist_type;
 type persist_display_file, file_type, vendor_persist_type;
+type persist_leds_file, file_type, vendor_persist_type;
 
 # CHRE
 type chre_socket, file_type;
diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts
index a78c7163..e5467e81 100644
--- a/whitechapel_pro/file_contexts
+++ b/whitechapel_pro/file_contexts
@@ -223,6 +223,7 @@
 /mnt/vendor/persist/ss(/.*)?                                                u:object_r:persist_ss_file:s0
 /mnt/vendor/persist/uwb(/.*)?                                               u:object_r:persist_uwb_file:s0
 /mnt/vendor/persist/display(/.*)?                                           u:object_r:persist_display_file:s0
+/mnt/vendor/persist/led(/.*)?                                               u:object_r:persist_leds_file:s0
 
 # Extra mount images
 /mnt/vendor/modem_img(/.*)?                                                 u:object_r:modem_img_file:s0
diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts
index 6ca38c63..452f93b2 100644
--- a/whitechapel_pro/genfs_contexts
+++ b/whitechapel_pro/genfs_contexts
@@ -416,3 +416,7 @@ genfscon sysfs /module/trusty_core/parameters/use_high_wq                 u:obje
 
 # EM Profile
 genfscon sysfs /kernel/pixel_em/active_profile                            u:object_r:sysfs_em_profile:s0
+
+# Privacy LED
+genfscon sysfs /devices/platform/pwmleds/leds/green/brightness            u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/pwmleds/leds/green/max_brightness        u:object_r:sysfs_leds:s0
diff --git a/whitechapel_pro/hal_dumpstate_default.te b/whitechapel_pro/hal_dumpstate_default.te
index 4676641f..21fa7025 100644
--- a/whitechapel_pro/hal_dumpstate_default.te
+++ b/whitechapel_pro/hal_dumpstate_default.te
@@ -99,6 +99,13 @@ allow hal_dumpstate_default vendor_shell_exec:file execute_no_trans;
 allow hal_dumpstate_default proc_vendor_sched:dir r_dir_perms;
 allow hal_dumpstate_default proc_vendor_sched:file r_file_perms;
 
+userdebug_or_eng(`
+  allow hal_dumpstate_default sysfs_leds:dir search;
+  allow hal_dumpstate_default sysfs_leds:file rw_file_perms;
+  allow hal_dumpstate_default persist_file:dir search;
+  r_dir_file(hal_dumpstate_default, persist_leds_file);
+')
+
 get_prop(hal_dumpstate_default, vendor_camera_debug_prop);
 get_prop(hal_dumpstate_default, boottime_public_prop)
 get_prop(hal_dumpstate_default, vendor_camera_prop)