Adding selinux policy for sensor hal

Bug: 159964102
Test: Build,test that there is no "avc: denied" message for
      hal_sensors_default in logcat
Change-Id: I89174ba4da59ba30cf7b31b60b1e13166775827b

3 files changed, 11 insertions, 0 deletions

diff --git a/sepolicy/vendor/google/file.te b/sepolicy/vendor/google/file.te
new file mode 100644
index 0000000..44f654a
--- /dev/null
+++ b/sepolicy/vendor/google/file.te
@@ -0,0 +1 @@
+type sysfs_iio_file_ctrl, fs_type, sysfs_type;
diff --git a/sepolicy/vendor/google/file_contexts b/sepolicy/vendor/google/file_contexts
index 2442508..63e7355 100644
--- a/sepolicy/vendor/google/file_contexts
+++ b/sepolicy/vendor/google/file_contexts
@@ -9,3 +9,10 @@
 
 # Audio Control HAL
 /vendor/bin/hw/android\.hardware\.audiocontrol@2\.0-service\.trout  u:object_r:hal_audiocontrol_impl_exec:s0
+
+# Sensor HAL
+/sys/bus/iio/devices/iio:device[0-9]+  u:object_r:sysfs_iio_devices:s0
+/sys/devices/platform/system-controller/scmi_dev\.[0-9]+/iio:device[0-9]+(/.*)?  u:object_r:sysfs_iio_devices:s0
+/sys/devices/platform/system-controller/scmi_dev\.[0-9]+/iio:device[0-9]+/[^/]+_sampling_frequency$  u:object_r:sysfs_iio_file_ctrl:s0
+/sys/devices/platform/system-controller/scmi_dev\.[0-9]+/iio:device[0-9]+/scan_elements/[^/]+_en$  u:object_r:sysfs_iio_file_ctrl:s0
+/sys/devices/platform/system-controller/scmi_dev\.[0-9]+/iio:device[0-9]+/buffer/enable$  u:object_r:sysfs_iio_file_ctrl:s0
diff --git a/sepolicy/vendor/google/hal_sensors_default.te b/sepolicy/vendor/google/hal_sensors_default.te
new file mode 100644
index 0000000..e0c6871
--- /dev/null
+++ b/sepolicy/vendor/google/hal_sensors_default.te
@@ -0,0 +1,3 @@
+r_dir_file(hal_sensors_default, sysfs_iio_devices);
+allow hal_sensors_default sysfs_iio_file_ctrl:file rw_file_perms;
+allow hal_sensors_default iio_device:chr_file r_file_perms;