Update the common sepolicy for file access
Bug: 248615564
Test: load sepolicy onto pixel device and verify the output using
audit2allow
Change-Id: I295cefa3637298fba3d266f5f95f83cb7329bd02
diff --git a/chre/sepolicy/hal_contexthub_default.te b/chre/sepolicy/hal_contexthub_default.te
index de5ca64..3d67bd3 100644
--- a/chre/sepolicy/hal_contexthub_default.te
+++ b/chre/sepolicy/hal_contexthub_default.te
@@ -9,7 +9,7 @@
allow hal_contexthub_default sysfs_aoc_boottime:file r_file_perms;
# Allow context hub HAL to create thread to watch AOC's device
-allow hal_contexthub_default aoc_device:dir r_dir_perms;
+allow hal_contexthub_default device:dir r_dir_perms;
# Allow context hub HAL to use the USF low latency transport
usf_low_latency_transport(hal_contexthub_default)
@@ -22,6 +22,10 @@
binder_call(hal_contexthub_default, stats_service_server)
allow hal_contexthub_default fwk_stats_service:service_manager find;
+# Allow context hub HAL to write data to /data/vendor/chre/ directory
+allow hal_contexthub_default chre_data_file:dir create_dir_perms;
+allow hal_contexthub_default chre_data_file:file create_file_perms;
+
# Allow context hub HAL to use WakeLock
wakelock_use(hal_contexthub_default)