From 24ad0c2d7fe9de6c83905a9621a3a205cb3f4672 Mon Sep 17 00:00:00 2001
From: Wiwit Rifa'i <wiwitrifai@google.com>
Date: Wed, 31 Jan 2024 06:50:31 +0800
Subject: [PATCH] Allow binder calls between composer and powerstats

This will fix some avc denials:

* SELinux : avc:  denied  { find } for pid=508 uid=1000
name=power.stats-vendor scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:hal_power_stats_vendor_service:s0
tclass=service_manager permissive=0

* binder:501_1: type=1400 audit(0.0:30): avc:  denied  { call } for
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:r:hal_power_stats_default:s0 tclass=binder permissive=0

* android.hardwar: type=1400 audit(0.0:10): avc:  denied  { call }
for  scontext=u:r:hal_power_stats_default:s0
tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder
permissive=0

Bug: 315497129
Test: check no avc denied between composer & powerstats
Change-Id: I6033e088d5706a0d2a6f942f983a05e6148764a9
---
 vendor/hal_graphics_composer_default.te | 4 ++++
 vendor/hal_power_stats_default.te       | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/vendor/hal_graphics_composer_default.te b/vendor/hal_graphics_composer_default.te
index 5c4aef4..4035a57 100644
--- a/vendor/hal_graphics_composer_default.te
+++ b/vendor/hal_graphics_composer_default.te
@@ -41,3 +41,7 @@ add_service(hal_graphics_composer_default, vendor_surfaceflinger_vndservice)
 allow hal_graphics_composer_default vendor_hwc_log_file:dir rw_dir_perms;
 allow hal_graphics_composer_default vendor_hwc_log_file:file create_file_perms;
 allow hal_graphics_composer_default vendor_log_file:dir search;
+
+# allow HWC to access powerstats
+allow hal_graphics_composer_default hal_power_stats_vendor_service:service_manager find;
+binder_call(hal_graphics_composer_default, hal_power_stats_default)
diff --git a/vendor/hal_power_stats_default.te b/vendor/hal_power_stats_default.te
index 001b5fa..24cf4f7 100644
--- a/vendor/hal_power_stats_default.te
+++ b/vendor/hal_power_stats_default.te
@@ -18,3 +18,6 @@ allow hal_power_stats_default sysfs_odpm:file rw_file_perms;
 
 # getStateResidency AIDL callback for Bluetooth HAL
 binder_call(hal_power_stats_default, hal_bluetooth_btlinux)
+
+# getStateResidency AIDL callback for Composer HAL
+binder_call(hal_power_stats_default, hal_graphics_composer_default)