Add sepolicy read permissions to hal_dumpstate_impl for bd_* am: 27dc93bbfc
Original change: https://android-review.googlesource.com/c/device/google/coral-sepolicy/+/1516275
Change-Id: Ie74c5db851e42e7d8eaf54c5e0784374a7ff7219
diff --git a/vendor/google/fastbootd.te b/vendor/google/fastbootd.te
index 6206e31..876d957 100644
--- a/vendor/google/fastbootd.te
+++ b/vendor/google/fastbootd.te
@@ -11,5 +11,6 @@
# Allow to read /sys/class/power_supply directory.
allow fastbootd sysfs:dir r_dir_perms;
allow fastbootd sysfs_batteryinfo:dir search;
+ allow fastbootd citadel_device:chr_file rw_file_perms;
')
diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index 41e56ef..9fca815 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -108,6 +108,7 @@
genfscon debugfs /logbuffer/ssoc u:object_r:debugfs_batteryinfo:s0
genfscon debugfs /logbuffer/ttf u:object_r:debugfs_batteryinfo:s0
genfscon debugfs /logbuffer/batt_ce u:object_r:debugfs_batteryinfo:s0
+genfscon debugfs /logbuffer/maxfg u:object_r:debugfs_batteryinfo:s0
genfscon debugfs /logbuffer/wireless u:object_r:debugfs_batteryinfo:s0
genfscon debugfs /google_charger u:object_r:debugfs_batteryinfo:s0
genfscon debugfs /google_battery u:object_r:debugfs_batteryinfo:s0
diff --git a/vendor/google/uv_exposure_reporter.te b/vendor/google/uv_exposure_reporter.te
index 1d9ae56..af7e0d6 100644
--- a/vendor/google/uv_exposure_reporter.te
+++ b/vendor/google/uv_exposure_reporter.te
@@ -1,13 +1,10 @@
type uv_exposure_reporter, domain;
-userdebug_or_eng(`
- app_domain(uv_exposure_reporter)
+app_domain(uv_exposure_reporter)
- allow uv_exposure_reporter app_api_service:service_manager find;
- allow uv_exposure_reporter fwk_stats_hwservice:hwservice_manager find;
- allow uv_exposure_reporter sysfs_msm_subsys:dir search;
- allow uv_exposure_reporter sysfs_msm_subsys:file r_file_perms;
- binder_call(uv_exposure_reporter, gpuservice);
- binder_call(uv_exposure_reporter, stats_service_server);
-')
+allow uv_exposure_reporter app_api_service:service_manager find;
+allow uv_exposure_reporter fwk_stats_hwservice:hwservice_manager find;
+allow uv_exposure_reporter sysfs_msm_subsys:dir search;
+allow uv_exposure_reporter sysfs_msm_subsys:file r_file_perms;
+binder_call(uv_exposure_reporter, stats_service_server);
diff --git a/vendor/qcom/common/hal_wifi_ext.te b/vendor/qcom/common/hal_wifi_ext.te
index e9750ff..3a16e2e 100644
--- a/vendor/qcom/common/hal_wifi_ext.te
+++ b/vendor/qcom/common/hal_wifi_ext.te
@@ -1,4 +1,4 @@
-allow hal_wifi_ext wlan_device:chr_file w_file_perms;
+allow hal_wifi_ext wlan_device:chr_file { w_file_perms read };
# Allow wifi hal access to LOWI
allow hal_wifi_ext location:unix_stream_socket connectto;