Sepolicy to split light HAL out from small_hals
Bug: 125349137
Test: Build and boot crosshatch.
Change-Id: I6cd2b3968e02eaa7affdd099a9340fb6732cd9c4
diff --git a/vendor/google/small_hals.te b/vendor/google/small_hals.te
index b8e8359..79a3dfd 100644
--- a/vendor/google/small_hals.te
+++ b/vendor/google/small_hals.te
@@ -6,12 +6,6 @@
type small_hals_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(small_hals)
-# Light Permissions
-
-# This is the same as a line below for vibrator. We keep both so that it is
-# easier to see what rules are needed for what HAL.
-allow small_hals sysfs_msm_subsys:dir search;
-
# Memtrack Permissions
allow small_hals debugfs_kgsl:file { open read getattr };
diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index d85a1f7..2729ce4 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -146,6 +146,7 @@
/vendor/bin/hw/vendor\.qti\.media\.c2@1\.0-service u:object_r:mediacodec_exec:s0
/vendor/bin/hw/vendor\.qti\.hardware\.display\.allocator@1\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/vendor/bin/hw/vendor\.google\.wireless_charger@1\.0-service-vendor u:object_r:hal_wlc_exec:s0
+/vendor/bin/hw/hardware\.google\.light@1\.0-service u:object_r:hal_light_default_exec:s0
###############################################
# same-process HAL files and their dependencies
diff --git a/vendor/qcom/common/hal_light_default.te b/vendor/qcom/common/hal_light_default.te
new file mode 100644
index 0000000..14df5a5
--- /dev/null
+++ b/vendor/qcom/common/hal_light_default.te
@@ -0,0 +1,2 @@
+allow hal_light_default sysfs_msm_subsys:dir search;
+
