Merge "[DO NOT MERGE] Add selinux policy for chre vendor data directory" into udc-qpr-dev

3 files changed, 6 insertions, 0 deletions

diff --git a/vendor/chre.te b/vendor/chre.te
index a1d1ca5..081da08 100644
--- a/vendor/chre.te
+++ b/vendor/chre.te
@@ -9,6 +9,10 @@ allow chre aoc_device:chr_file rw_file_perms;
 allow chre sysfs_aoc:dir search;
 allow chre sysfs_aoc_boottime:file r_file_perms;
 
+# Allow CHRE to write to data to chre data directory
+allow chre chre_data_file:dir create_dir_perms;
+allow chre chre_data_file:file create_file_perms;
+
 # Allow CHRE to create thread to watch AOC's device
 allow chre device:dir r_dir_perms;
 
diff --git a/vendor/file.te b/vendor/file.te
index c87d37c..9b35607 100644
--- a/vendor/file.te
+++ b/vendor/file.te
@@ -43,6 +43,7 @@ type vendor_bt_data_file, file_type, data_file_type;
 type sensor_reg_data_file, file_type, data_file_type;
 type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type;
 type uwb_data_vendor, file_type, data_file_type;
+type chre_data_file, file_type, data_file_type;
 
 # Vendor sched files
 userdebug_or_eng(`
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 765d161..638b0ed 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -44,6 +44,7 @@
 # Vendor
 /data/vendor/bluetooth(/.*)?                                                u:object_r:vendor_bt_data_file:s0
 /data/vendor/uwb(/.*)?                                                      u:object_r:uwb_data_vendor:s0
+/data/vendor/chre(/.*)?                                                     u:object_r:chre_data_file:s0
 
 # persist
 /mnt/vendor/persist/camera(/.*)?                                            u:object_r:persist_camera_file:s0