From 349d0dda2ed7f6dab77739bd28995892c6f8486c Mon Sep 17 00:00:00 2001
From: Huang Li <lhuang@codeaurora.org>
Date: Fri, 14 Aug 2020 13:29:12 +0800
Subject: [PATCH] sepolicy: add rule to use diag hal for Factory tool

As diag team use diag hal instead of /dev/diag, need add sepolicy to access diag hal for factory tool.

Change-Id: I151fda397d4b54d340e367a202bc43ac117fa9df
CRs-Fixed: 2744148
---
 generic/vendor/test/system_app.te | 7 +++++++
 legacy/vendor/common/mmi_sys.te   | 2 ++
 legacy/vendor/common/qcomsysd.te  | 2 ++
 legacy/vendor/test/system_app.te  | 7 +++++++
 qva/vendor/common/mmi_sys.te      | 2 ++
 qva/vendor/common/qcomsysd.te     | 2 ++
 6 files changed, 22 insertions(+)
 mode change 100644 => 100755 generic/vendor/test/system_app.te
 mode change 100644 => 100755 legacy/vendor/test/system_app.te

diff --git a/generic/vendor/test/system_app.te b/generic/vendor/test/system_app.te
old mode 100644
new mode 100755
index 4c9aebad..55d4ecf4
--- a/generic/vendor/test/system_app.te
+++ b/generic/vendor/test/system_app.te
@@ -33,3 +33,10 @@ userdebug_or_eng(`
 
   allow system_app self:socket create_socket_perms_no_ioctl;
 ')
+
+userdebug_or_eng(`
+  # allow system_app access diag hal
+  diag_use(system_app)
+  hal_client_domain(system_app, vendor_hal_diaghal)
+  hal_client_domain(system_app, hal_allocator)
+')
diff --git a/legacy/vendor/common/mmi_sys.te b/legacy/vendor/common/mmi_sys.te
index 0ae67ebc..d95156c7 100755
--- a/legacy/vendor/common/mmi_sys.te
+++ b/legacy/vendor/common/mmi_sys.te
@@ -37,4 +37,6 @@ hal_client_domain(vendor_mmi_sys, vendor_hal_factory_qti);
 #diag
 userdebug_or_eng(`
     diag_use(vendor_mmi_sys)
+    hal_client_domain(vendor_mmi_sys, vendor_hal_diaghal)
+    hal_client_domain(vendor_mmi_sys, hal_allocator)
 ')
diff --git a/legacy/vendor/common/qcomsysd.te b/legacy/vendor/common/qcomsysd.te
index 9e0ed422..fbb6dfdc 100755
--- a/legacy/vendor/common/qcomsysd.te
+++ b/legacy/vendor/common/qcomsysd.te
@@ -57,4 +57,6 @@ userdebug_or_eng(`
     allow vendor_qcomsysd sysfs_qdss_dev:dir r_dir_perms;
     allow vendor_qcomsysd sysfs_qdss_dev:file rw_file_perms;
     allow vendor_qcomsysd sysfs_data:file r_file_perms;
+    hal_client_domain(vendor_qcomsysd, vendor_hal_diaghal)
+    hal_client_domain(vendor_qcomsysd, hal_allocator)
 ')
diff --git a/legacy/vendor/test/system_app.te b/legacy/vendor/test/system_app.te
old mode 100644
new mode 100755
index ba473b0d..754a163a
--- a/legacy/vendor/test/system_app.te
+++ b/legacy/vendor/test/system_app.te
@@ -35,3 +35,10 @@ userdebug_or_eng(`
 
   allow system_app self:socket create_socket_perms_no_ioctl;
 ')
+
+userdebug_or_eng(`
+  # allow system_app access diag hal
+  diag_use(system_app)
+  hal_client_domain(system_app, vendor_hal_diaghal)
+  hal_client_domain(system_app, hal_allocator)
+')
\ No newline at end of file
diff --git a/qva/vendor/common/mmi_sys.te b/qva/vendor/common/mmi_sys.te
index 6abb3d41..7d7295d2 100755
--- a/qva/vendor/common/mmi_sys.te
+++ b/qva/vendor/common/mmi_sys.te
@@ -33,4 +33,6 @@ hal_client_domain(vendor_mmi_sys, vendor_hal_factory_qti);
 #diag
 userdebug_or_eng(`
     diag_use(vendor_mmi_sys)
+    hal_client_domain(vendor_mmi_sys, vendor_hal_diaghal)
+    hal_client_domain(vendor_mmi_sys, hal_allocator)
 ')
diff --git a/qva/vendor/common/qcomsysd.te b/qva/vendor/common/qcomsysd.te
index d1558373..8835c57a 100755
--- a/qva/vendor/common/qcomsysd.te
+++ b/qva/vendor/common/qcomsysd.te
@@ -55,4 +55,6 @@ userdebug_or_eng(`
     allow vendor_qcomsysd vendor_sysfs_qdss_dev:dir r_dir_perms;
     allow vendor_qcomsysd vendor_sysfs_qdss_dev:file rw_file_perms;
     allow vendor_qcomsysd vendor_sysfs_data:file r_file_perms;
+    hal_client_domain(vendor_qcomsysd, vendor_hal_diaghal)
+    hal_client_domain(vendor_qcomsysd, hal_allocator)
 ')