From 477d58d69580a6e839331ff22c6cfc0698be0f7d Mon Sep 17 00:00:00 2001
From: kuanyuhuang <kuanyuhuang@google.com>
Date: Wed, 26 Apr 2023 09:18:01 +0000
Subject: [PATCH] Add hidraw device sepolicy for headtracking

Test: make and incoming HID data from Pixel Buds Pro
Bug: 276163506
Change-Id: I10833e215962ad007ad32a0d713e9b37ae888fdb
---
 legacy/whitechapel_pro/device.te     | 3 ---
 legacy/whitechapel_pro/file_contexts | 3 ---
 vendor/device.te                     | 3 +++
 vendor/file_contexts                 | 3 +++
 vendor/hal_sensors_default.te        | 3 +++
 5 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/legacy/whitechapel_pro/device.te b/legacy/whitechapel_pro/device.te
index bf6f21ca..7d31940a 100644
--- a/legacy/whitechapel_pro/device.te
+++ b/legacy/whitechapel_pro/device.te
@@ -2,6 +2,3 @@ type sg_device, dev_type;
 type vendor_toe_device, dev_type;
 type lwis_device, dev_type;
 type rls_device, dev_type;
-
-# Raw HID device
-type hidraw_device, dev_type;
diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts
index a694d515..f7bce196 100644
--- a/legacy/whitechapel_pro/file_contexts
+++ b/legacy/whitechapel_pro/file_contexts
@@ -49,6 +49,3 @@
 # Persist
 /mnt/vendor/persist/sensors/registry(/.*)?                                  u:object_r:persist_sensor_reg_file:s0
 /mnt/vendor/persist/uwb(/.*)?                                               u:object_r:persist_uwb_file:s0
-
-# Raw HID device
-/dev/hidraw[0-9]*                        u:object_r:hidraw_device:s0
diff --git a/vendor/device.te b/vendor/device.te
index 695c54fe..0c93859c 100644
--- a/vendor/device.te
+++ b/vendor/device.te
@@ -20,3 +20,6 @@ type st54spi_device, dev_type;
 
 # OTA
 type sda_block_device, dev_type;
+
+# Raw HID device
+type hidraw_device, dev_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 2b82ff45..dc477c87 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -177,3 +177,6 @@
 /dev/dma_heap/vscaler-secure                                                u:object_r:vscaler_secure_heap_device:s0
 /dev/dma_heap/vstream-secure                                                u:object_r:dmabuf_system_secure_heap_device:s0
 /dev/uci                                                                    u:object_r:uci_device:s0
+
+# Raw HID device
+/dev/hidraw[0-9]*                                                           u:object_r:hidraw_device:s0
diff --git a/vendor/hal_sensors_default.te b/vendor/hal_sensors_default.te
index b9f6a72b..51ab1fbf 100644
--- a/vendor/hal_sensors_default.te
+++ b/vendor/hal_sensors_default.te
@@ -46,6 +46,9 @@ binder_call(hal_sensors_default, system_server);
 # Allow access for dynamic sensor properties.
 get_prop(hal_sensors_default, vendor_dynamic_sensor_prop)
 
+# Allow access to raw HID devices for dynamic sensors.
+allow hal_sensors_default hidraw_device:chr_file rw_file_perms;
+
 # Allow access to the display info for ALS.
 allow hal_sensors_default sysfs_display:file rw_file_perms;