Add SE policies for SE HAL to access device-tree files Bug: 109664165 Test: Check if SE HAL has access to the file Change-Id: I0006d552a751e90f7e81707fc653ef9c78fef975

commit: ce795d1585ffbb5c912054155cc560af7037e64c [log] [tgz]
author: Ruchi Kandoi <kandoiruchi@google.com> Thu Jul 12 15:33:19 2018 -0700
committer: Ruchi Kandoi <kandoiruchi@google.com> Wed Jul 18 20:06:25 2018 +0000
tree: af87f440ebdffc93a9eacafca6b1f6afebcbca1b
parent: 6cecaaaf20d7ba7136d822c826157e313d597b86 [diff]
diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te
index a117905..83b88f8 100644
--- a/vendor/qcom/common/file.te
+++ b/vendor/qcom/common/file.te

@@ -26,6 +26,7 @@
 # See b/67205273.
 type sysfs_gpio_export, fs_type, sysfs_type;
 type sysfs_pinctrl, fs_type, sysfs_type;
+type sysfs_devicetree_ese, fs_type, sysfs_type;
 type sysfs_rpm, sysfs_type, fs_type;
 type sysfs_wlc, sysfs_type, fs_type;
 type sysfs_esim, sysfs_type, fs_type;

diff --git a/vendor/qcom/common/genfs_contexts b/vendor/qcom/common/genfs_contexts
index b28192d..9082476 100644
--- a/vendor/qcom/common/genfs_contexts
+++ b/vendor/qcom/common/genfs_contexts

@@ -103,6 +103,7 @@
 genfscon sysfs /class/gpio/export                     u:object_r:sysfs_gpio_export:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8998@0:pinctrl@c000 u:object_r:sysfs_pinctrl:s0
 genfscon sysfs /firmware/devicetree/base/soc/qcom,spmi@c440000/qcom,pm8998@0/pinctrl@c000/ u:object_r:sysfs_pinctrl:s0
+genfscon sysfs /firmware/devicetree/base/soc/i2c@88c000/nq@28/ese/loader_scripts_path       u:object_r:sysfs_devicetree_ese:s0
 genfscon sysfs /power/rpmh_stats/master_stats         u:object_r:sysfs_rpm:s0
 
 genfscon sysfs /devices/virtual/block/                                  u:object_r:sysfs_devices_block:s0

diff --git a/vendor/qcom/common/hal_secure_element_default.te b/vendor/qcom/common/hal_secure_element_default.te
index 4c1096d..a492a26 100644
--- a/vendor/qcom/common/hal_secure_element_default.te
+++ b/vendor/qcom/common/hal_secure_element_default.te

@@ -7,4 +7,5 @@
 allow hal_secure_element_default secure_element_vendor_data_file:dir create_dir_perms;
 allow hal_secure_element_default secure_element_vendor_data_file:file create_file_perms;
 
+allow hal_secure_element_default sysfs_devicetree_ese:file r_file_perms;
 allow hal_secure_element_default debugfs_ipc:dir search;

diff --git a/vendor/qcom/common/property_contexts b/vendor/qcom/common/property_contexts
index 9b16783..f633637 100644
--- a/vendor/qcom/common/property_contexts
+++ b/vendor/qcom/common/property_contexts

@@ -30,7 +30,7 @@
 sys.wlan.driver.version    u:object_r:vendor_wifi_version:s0
 sys.wlan.firmware.version  u:object_r:vendor_wifi_version:s0
 vendor.peripheral.         u:object_r:per_mgr_state_prop:s0
-vendor.ese.debug_enabled   u:object_r:vendor_secure_element_prop:s0
+vendor.ese.                u:object_r:vendor_secure_element_prop:s0
 vendor.qcom.devup          u:object_r:vendor_device_prop:s0
 vendor.all.modules.ready   u:object_r:vendor_device_prop:s0
 sys.slpi.firmware.version  u:object_r:public_vendor_system_prop:s0
commit	ce795d1585ffbb5c912054155cc560af7037e64c	[log] [tgz]
author	Ruchi Kandoi <kandoiruchi@google.com>	Thu Jul 12 15:33:19 2018 -0700
committer	Ruchi Kandoi <kandoiruchi@google.com>	Wed Jul 18 20:06:25 2018 +0000
tree	af87f440ebdffc93a9eacafca6b1f6afebcbca1b
parent	6cecaaaf20d7ba7136d822c826157e313d597b86 [diff]