From e7616e393455b99bd744b7669fa7cf8b4c049b49 Mon Sep 17 00:00:00 2001
From: Rex Lin <rexcylin@google.com>
Date: Mon, 13 Mar 2023 11:52:39 +0800
Subject: [PATCH] [SELinux] Fix hal_uwb_default dev access errors

Allow hal_uwb_default to access /dev/uci

Bug: 263048994
Test: http://ab/I86600010139623509
Change-Id: I6324044822f74d1f0d14cc9c6d057dce0dfcc9ee
Signed-off-by: Rex Lin <rexcylin@google.com>
---
 tracking_denials/hal_uwb_default.te | 4 ----
 vendor/device.te                    | 1 +
 vendor/file_contexts                | 2 +-
 vendor/hal_uwb_vendor_default.te    | 1 +
 4 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/tracking_denials/hal_uwb_default.te b/tracking_denials/hal_uwb_default.te
index 7923849d..ed4b1e00 100644
--- a/tracking_denials/hal_uwb_default.te
+++ b/tracking_denials/hal_uwb_default.te
@@ -1,7 +1,3 @@
-# b/260366065
-dontaudit hal_uwb_default device:chr_file { ioctl };
-dontaudit hal_uwb_default device:chr_file { open };
-dontaudit hal_uwb_default device:chr_file { read write };
 # b/264489750
 userdebug_or_eng(`
   permissive hal_uwb_default;
diff --git a/vendor/device.te b/vendor/device.te
index 6297ce5d..50510d66 100644
--- a/vendor/device.te
+++ b/vendor/device.te
@@ -7,6 +7,7 @@ type ufs_internal_block_device, dev_type;
 type logbuffer_device, dev_type;
 type gxp_device, dev_type, mlstrustedobject;
 type fingerprint_device, dev_type;
+type uci_device, dev_type;
 
 # Dmabuf heaps
 type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index f32cb61b..09acca4b 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -160,4 +160,4 @@
 /dev/dma_heap/vframe-secure                                                 u:object_r:video_secure_heap_device:s0
 /dev/dma_heap/vscaler-secure                                                u:object_r:video_secure_heap_device:s0
 /dev/dma_heap/vstream-secure                                                u:object_r:video_secure_heap_device:s0
-
+/dev/uci                                                                    u:object_r:uci_device:s0
diff --git a/vendor/hal_uwb_vendor_default.te b/vendor/hal_uwb_vendor_default.te
index d3bc4892..06a67d0d 100644
--- a/vendor/hal_uwb_vendor_default.te
+++ b/vendor/hal_uwb_vendor_default.te
@@ -1,4 +1,5 @@
 type hal_uwb_vendor_default, domain;
 type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type;
+allow hal_uwb_default uci_device:chr_file rw_file_perms;
 init_daemon_domain(hal_uwb_vendor_default)