hal_light: add permission to sys/class/leds.
/sys/class/leds is the standard location for linux files dealing with
leds, however the exact contents of this directory is non-standard
(hence the need for a hal).
Bug: 32022100
Test: compiles and works for the subset of common files
Change-Id: I7571d7267d5ed531c4cf95599d5f2acc22287ef4
diff --git a/private/file_contexts b/private/file_contexts
index 0ca1c58..16ecbf0 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -419,6 +419,7 @@
#############################
# sysfs files
#
+/sys/class/leds(/.*)? u:object_r:sysfs_leds:s0
/sys/devices/platform/nfc-power/nfc_power -- u:object_r:sysfs_nfc_power_writable:s0
/sys/devices/system/cpu(/.*)? u:object_r:sysfs_devices_system_cpu:s0
/sys/devices/virtual/block/zram\d+(/.*)? u:object_r:sysfs_zram:s0
diff --git a/public/file.te b/public/file.te
index a113948..527e496 100644
--- a/public/file.te
+++ b/public/file.te
@@ -32,6 +32,7 @@
type sysfs_uio, sysfs_type, fs_type;
type sysfs_batteryinfo, fs_type, sysfs_type;
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_leds, fs_type, sysfs_type;
type sysfs_hwrandom, fs_type, sysfs_type;
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_wake_lock, fs_type, sysfs_type;
diff --git a/public/hal_light.te b/public/hal_light.te
index 4fb38b8..145b02e 100644
--- a/public/hal_light.te
+++ b/public/hal_light.te
@@ -1,2 +1,6 @@
# call into system_server process (callbacks)
binder_call(hal_light, system_server)
+
+allow hal_light sysfs_leds:lnk_file read;
+allow hal_light sysfs_leds:file rw_file_perms;
+allow hal_light sysfs_leds:dir r_dir_perms;