From e0e2342e1675cf7bf5636aa5b9cec09c7297b221 Mon Sep 17 00:00:00 2001
From: Ruchi Kandoi <kandoiruchi@google.com>
Date: Tue, 6 Mar 2018 14:26:34 -0800
Subject: [PATCH] Add secure_element_device

Test: eSE initializes at boot
Bug: 64881253
Change-Id: Ib2388b7368c790c402c000adddf1488bee492cce
(cherry picked from commit ea3cf0007e405a22fa23591a7c2ff29a5ddd1c55)
---
 private/compat/26.0/26.0.ignore.cil  | 1 +
 private/compat/27.0/27.0.ignore.cil  | 1 +
 public/device.te                     | 1 +
 vendor/hal_secure_element_default.te | 2 ++
 4 files changed, 5 insertions(+)

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index be8e75058..f293d0808 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -67,6 +67,7 @@
     perfprofd_service
     property_info
     secure_element
+    secure_element_device
     secure_element_tmpfs
     secure_element_service
     slice_service
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index d7bac8de8..ed6f8bffd 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -54,6 +54,7 @@
     perfprofd_service
     property_info
     secure_element
+    secure_element_device
     secure_element_service
     secure_element_tmpfs
     slice_service
diff --git a/public/device.te b/public/device.te
index 43c89abd0..231c83938 100644
--- a/public/device.te
+++ b/public/device.te
@@ -39,6 +39,7 @@ type kmsg_device, dev_type;
 type kmsg_debug_device, dev_type;
 type null_device, dev_type, mlstrustedobject;
 type random_device, dev_type, mlstrustedobject;
+type secure_element_device, dev_type;
 type sensors_device, dev_type;
 type serial_device, dev_type;
 type socket_device, dev_type;
diff --git a/vendor/hal_secure_element_default.te b/vendor/hal_secure_element_default.te
index 86fe0b993..b1a94a110 100644
--- a/vendor/hal_secure_element_default.te
+++ b/vendor/hal_secure_element_default.te
@@ -2,4 +2,6 @@ type hal_secure_element_default, domain;
 hal_server_domain(hal_secure_element_default, hal_secure_element)
 type hal_secure_element_default_exec, exec_type, vendor_file_type, file_type;
 
+allow hal_secure_element_default secure_element_device:chr_file rw_file_perms;
+
 init_daemon_domain(hal_secure_element_default)