Merge "[SELinux] Fix hal_uwb_default dev access errors" into udc-d1-dev am: eecb5380e3

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/21981863

Change-Id: I8cc34c5a70f8304e81defa9dff34de6a271c7852
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

tracking_denials/hal_uwb_default.te

@@ -1,7 +1,3 @@
-# b/260366065
-dontaudit hal_uwb_default device:chr_file { ioctl };
-dontaudit hal_uwb_default device:chr_file { open };
-dontaudit hal_uwb_default device:chr_file { read write };
 # b/264489750
 userdebug_or_eng(`
   permissive hal_uwb_default;

vendor/device.te

@@ -7,6 +7,7 @@ type ufs_internal_block_device, dev_type;
 type logbuffer_device, dev_type;
 type gxp_device, dev_type, mlstrustedobject;
 type fingerprint_device, dev_type;
+type uci_device, dev_type;
 
 # Dmabuf heaps
 type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type;

vendor/file_contexts

@@ -161,4 +161,4 @@
 /dev/dma_heap/vframe-secure                                                 u:object_r:video_secure_heap_device:s0
 /dev/dma_heap/vscaler-secure                                                u:object_r:video_secure_heap_device:s0
 /dev/dma_heap/vstream-secure                                                u:object_r:video_secure_heap_device:s0
-
+/dev/uci                                                                    u:object_r:uci_device:s0

vendor/hal_uwb_vendor_default.te

@@ -1,4 +1,5 @@
 type hal_uwb_vendor_default, domain;
 type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type;
+allow hal_uwb_default uci_device:chr_file rw_file_perms;
 init_daemon_domain(hal_uwb_vendor_default)