Merge "Add hidraw device sepolicy for headtracking" into udc-d1-dev am: dd5df5791f am: 5c0053c5ec am: 34dd9a81d9

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22874908 Change-Id: Id094f59aa2876b5742ae239f0f546ca9cda868e4 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-02 12:37:13 +00:00 · 2023-05-02 12:37:13 +00:00 · 8fde4edfbf
commit 8fde4edfbf
parent a89fbcc4aa 34dd9a81d9
5 changed files with 9 additions and 6 deletions
--- a/legacy/whitechapel_pro/device.te
+++ b/legacy/whitechapel_pro/device.te
@ -2,6 +2,3 @@ type sg_device, dev_type;
 type vendor_toe_device, dev_type;
 type lwis_device, dev_type;
 type rls_device, dev_type;
-
-# Raw HID device
-type hidraw_device, dev_type;
--- a/legacy/whitechapel_pro/file_contexts
+++ b/legacy/whitechapel_pro/file_contexts
@ -48,6 +48,3 @@
 # Persist
 /mnt/vendor/persist/sensors/registry(/.*)?                                  u:object_r:persist_sensor_reg_file:s0
 /mnt/vendor/persist/uwb(/.*)?                                               u:object_r:persist_uwb_file:s0
-
-# Raw HID device
-/dev/hidraw[0-9]*                        u:object_r:hidraw_device:s0
--- a/vendor/device.te
+++ b/vendor/device.te
@ -20,3 +20,6 @@ type st54spi_device, dev_type;

 # OTA
 type sda_block_device, dev_type;
+
+# Raw HID device
+type hidraw_device, dev_type;
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@ -180,3 +180,6 @@
 /dev/dma_heap/vscaler-secure                                                u:object_r:vscaler_secure_heap_device:s0
 /dev/dma_heap/vstream-secure                                                u:object_r:dmabuf_system_secure_heap_device:s0
 /dev/uci                                                                    u:object_r:uci_device:s0
+
+# Raw HID device
+/dev/hidraw[0-9]*                                                           u:object_r:hidraw_device:s0
--- a/vendor/hal_sensors_default.te
+++ b/vendor/hal_sensors_default.te
@ -46,6 +46,9 @@ binder_call(hal_sensors_default, system_server);
 # Allow access for dynamic sensor properties.
 get_prop(hal_sensors_default, vendor_dynamic_sensor_prop)

+# Allow access to raw HID devices for dynamic sensors.
+allow hal_sensors_default hidraw_device:chr_file rw_file_perms;
+
 # Allow access to the display info for ALS.
 allow hal_sensors_default sysfs_display:file rw_file_perms;