Revert "Revert "[DO NOT MERGE] Add selinux policy for chre vendo..." am: bd654f00d9

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/24589942

Change-Id: Id83469911f8d0f9bd997f53aa49176dc6c083bd5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

3 files changed, 6 insertions, 0 deletions

diff --git a/vendor/chre.te b/vendor/chre.te
index a1d1ca5..081da08 100644
--- a/vendor/chre.te
+++ b/vendor/chre.te
@@ -9,6 +9,10 @@ allow chre aoc_device:chr_file rw_file_perms;
 allow chre sysfs_aoc:dir search;
 allow chre sysfs_aoc_boottime:file r_file_perms;
 
+# Allow CHRE to write to data to chre data directory
+allow chre chre_data_file:dir create_dir_perms;
+allow chre chre_data_file:file create_file_perms;
+
 # Allow CHRE to create thread to watch AOC's device
 allow chre device:dir r_dir_perms;
 
diff --git a/vendor/file.te b/vendor/file.te
index ce20aa0..a444741 100644
--- a/vendor/file.te
+++ b/vendor/file.te
@@ -44,6 +44,7 @@ type vendor_bt_data_file, file_type, data_file_type;
 type sensor_reg_data_file, file_type, data_file_type;
 type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type;
 type uwb_data_vendor, file_type, data_file_type;
+type chre_data_file, file_type, data_file_type;
 
 # Vendor sched files
 userdebug_or_eng(`
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 92046c5..f93f5c7 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -44,6 +44,7 @@
 # Vendor
 /data/vendor/bluetooth(/.*)?                                                u:object_r:vendor_bt_data_file:s0
 /data/vendor/uwb(/.*)?                                                      u:object_r:uwb_data_vendor:s0
+/data/vendor/chre(/.*)?                                                     u:object_r:chre_data_file:s0
 
 # persist
 /mnt/vendor/persist/camera(/.*)?                                            u:object_r:persist_camera_file:s0