From e43ab3c52a0e4eb5fa06ae90df35ea5238abb627 Mon Sep 17 00:00:00 2001
From: Rick Chen <rickctchen@google.com>
Date: Tue, 8 Nov 2022 22:44:09 +0800
Subject: [PATCH] Allow CHRE to use EPOLLWAKEUP

avc: denied { block_suspend } for comm="UsfTransport" capability=36 scontext=u:r:chre:s0 tcontext=u:r:chre:s0 tclass=capability2 permissive=0

Bug: 238666865
Test: Check no chre avc denied.
Change-Id: Ie936055550c6221beae394c264d664c1e76f946b
Signed-off-by: Rick Chen <rickctchen@google.com>
---
 whitechapel_pro/chre.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/whitechapel_pro/chre.te b/whitechapel_pro/chre.te
index ebee19df..2531af89 100644
--- a/whitechapel_pro/chre.te
+++ b/whitechapel_pro/chre.te
@@ -26,3 +26,6 @@ binder_call(chre, stats_service_server)
 
 # Allow CHRE to use WakeLock
 wakelock_use(chre)
+
+# Allow CHRE to block suspend, which is required to use EPOLLWAKEUP.
+allow chre self:global_capability2_class_set block_suspend;