Add selinux policy for chre vendor data directory

Bug: 278114604 Test: on device test Change-Id: Ic8f0256c43ab3bc7c7bd30484f47e77bb970ce56
2023-06-21 22:13:45 +00:00 · 2023-06-21 22:13:45 +00:00 · ea65f1e6bd
commit ea65f1e6bd
parent 7bf1eb8960
3 changed files with 6 additions and 0 deletions
--- a/vendor/chre.te
+++ b/vendor/chre.te
@ -12,5 +12,9 @@ allow chre sysfs_aoc_boottime:file r_file_perms;
 # Allow CHRE to create thread to watch AOC's device
 allow chre device:dir r_dir_perms;

+# Allow CHRE to write to data to chre data directory
+allow chre chre_data_file:dir create_dir_perms;
+allow chre chre_data_file:file create_file_perms;
+
 # Allow CHRE to use WakeLock
 wakelock_use(chre)
--- a/vendor/file.te
+++ b/vendor/file.te
@ -35,6 +35,7 @@ type vendor_bt_data_file, file_type, data_file_type;

 # Data
 type sensor_reg_data_file, file_type, data_file_type;
+type chre_data_file, file_type, data_file_type;

 # Vendor sched files
 userdebug_or_eng(`
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@ -38,6 +38,7 @@

 # Vendor
 /data/vendor/bluetooth(/.*)?                                                u:object_r:vendor_bt_data_file:s0
+/data/vendor/chre(/.*)?                                                     u:object_r:chre_data_file:s0

 # persist
 /mnt/vendor/persist/camera(/.*)?                                            u:object_r:persist_camera_file:s0