1#
2# USF sensor HAL SELinux type enforcements.
3#
4
5# Allow reading of sensor registry persist files.
6allow hal_sensors_default mnt_vendor_file:dir search;
7allow hal_sensors_default persist_file:dir search;
8allow hal_sensors_default persist_file:file r_file_perms;
9r_dir_file(hal_sensors_default, persist_sensor_reg_file)
10
11# Allow creation and writing of sensor registry data files.
12allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms;
13allow hal_sensors_default sensor_reg_data_file:file create_file_perms;
14
15userdebug_or_eng(`
16    # Allow creation and writing of sensor debug data files.
17    allow hal_sensors_default sensor_debug_data_file:dir rw_dir_perms;
18    allow hal_sensors_default sensor_debug_data_file:file create_file_perms;
19')
20
21# Allow access to the AoC communication driver.
22allow hal_sensors_default aoc_device:chr_file rw_file_perms;
23
24# Allow access to the AoC clock and kernel boot time sys FS node. This is needed
25# to synchronize the AP and AoC clock timestamps.
26allow hal_sensors_default sysfs_aoc_boottime:file rw_file_perms;
27
28# Allow access to the sysfs_aoc.
29allow hal_sensors_default sysfs_aoc:dir search;
30allow hal_sensors_default sysfs_aoc:file r_file_perms;
31
32# Allow sensor HAL to reset AOC.
33allow hal_sensors_default sysfs_aoc_reset:file rw_file_perms;
34
35# Allow sensor HAL to read AoC dumpstate.
36allow hal_sensors_default sysfs_aoc_dumpstate:file r_file_perms;
37
38# Allow access for AoC properties.
39get_prop(hal_sensors_default, vendor_aoc_prop)
40
41# Allow create thread to watch AOC's device.
42allow hal_sensors_default device:dir r_dir_perms;
43
44# Allow access to sensor service for sensor_listener.
45binder_call(hal_sensors_default, system_server);
46
47# Allow use of the USF low latency transport.
48usf_low_latency_transport(hal_sensors_default)
49
50# Allow sensor HAL to access to display sysfs.
51allow hal_sensors_default sysfs_display:file r_file_perms;
52
53# Allow display_info_service access to the backlight driver.
54allow hal_sensors_default sysfs_leds:dir search;
55allow hal_sensors_default sysfs_leds:file rw_file_perms;
56
57# Allow SensorSuez to connect AIDL stats.
58binder_use(hal_sensors_default);
59allow hal_sensors_default fwk_stats_service:service_manager find;
60
61# Allow access to CHRE socket to connect to nanoapps.
62unix_socket_connect(hal_sensors_default, chre, chre)
63## TODO(b/248615564): Remove above rule after CHRE multiclient HAL is launched.
64unix_socket_connect(hal_sensors_default, chre, hal_contexthub_default)
65
66# Allow access to CHRE multiclient HAL.
67get_prop(hal_sensors_default, vendor_chre_hal_prop)
68binder_call(hal_sensors_default, hal_contexthub_default)
69allow hal_sensors_default hal_contexthub_service:service_manager find;
70
71
72# Allow access to the power supply files for MagCC.
73r_dir_file(hal_sensors_default, sysfs_batteryinfo)
74