From 79e12fe426ad88d8be407816b5b816e7de002740 Mon Sep 17 00:00:00 2001
From: Cheng Chang <chengcha@google.com>
Date: Mon, 18 Mar 2024 10:28:58 +0000
Subject: [PATCH] sepolicy: Allow PixelGnss to connect to Chre HAL

avc:  denied  { call } for  scontext=u:r:hal_contexthub_default:s0 tcontext=u:r:hal_gnss_pixel:s0 tclass=binder permissive=0

Bug: 316227249
Test: Verify PixelGnss HAL can connect to Chre HAL.
Test: Function test verification b/330120749 without disable selinux.
Test: No avc error log in logcat.
Change-Id: I7f6a45cd80c7ccbba2af1a0d3f3d89f30267db00
---
 vendor/hal_contexthub_default.te | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 vendor/hal_contexthub_default.te

diff --git a/vendor/hal_contexthub_default.te b/vendor/hal_contexthub_default.te
new file mode 100644
index 0000000..e749f01
--- /dev/null
+++ b/vendor/hal_contexthub_default.te
@@ -0,0 +1,6 @@
+#
+# Context hub multiclient HAL common selinux policies
+#
+# Allow binder call to PixelGnss PPS function.
+binder_call(hal_contexthub_default, hal_gnss_pixel)
+