From ea65f1e6bd08fee54eb3c7cc6773dedea02ad789 Mon Sep 17 00:00:00 2001
From: Yixuan Wang <yixuanwang@google.com>
Date: Wed, 21 Jun 2023 22:13:45 +0000
Subject: [PATCH] Add selinux policy for chre vendor data directory

Bug: 278114604
Test: on device test
Change-Id: Ic8f0256c43ab3bc7c7bd30484f47e77bb970ce56
---
 vendor/chre.te       | 4 ++++
 vendor/file.te       | 1 +
 vendor/file_contexts | 1 +
 3 files changed, 6 insertions(+)

diff --git a/vendor/chre.te b/vendor/chre.te
index a1d1ca5..7c0ad8f 100644
--- a/vendor/chre.te
+++ b/vendor/chre.te
@@ -12,5 +12,9 @@ allow chre sysfs_aoc_boottime:file r_file_perms;
 # Allow CHRE to create thread to watch AOC's device
 allow chre device:dir r_dir_perms;
 
+# Allow CHRE to write to data to chre data directory
+allow chre chre_data_file:dir create_dir_perms;
+allow chre chre_data_file:file create_file_perms;
+
 # Allow CHRE to use WakeLock
 wakelock_use(chre)
diff --git a/vendor/file.te b/vendor/file.te
index cc0f2b9..3ef4000 100644
--- a/vendor/file.te
+++ b/vendor/file.te
@@ -35,6 +35,7 @@ type vendor_bt_data_file, file_type, data_file_type;
 
 # Data
 type sensor_reg_data_file, file_type, data_file_type;
+type chre_data_file, file_type, data_file_type;
 
 # Vendor sched files
 userdebug_or_eng(`
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 547067b..d401cd1 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -38,6 +38,7 @@
 
 # Vendor
 /data/vendor/bluetooth(/.*)?                                                u:object_r:vendor_bt_data_file:s0
+/data/vendor/chre(/.*)?                                                     u:object_r:chre_data_file:s0
 
 # persist
 /mnt/vendor/persist/camera(/.*)?                                            u:object_r:persist_camera_file:s0