platform_system_sepolicy/private/hal_usb_gadget.te

# HwBinder IPC from client to server, and callbacks
binder_call(hal_usb_gadget_client, hal_usb_gadget_server)
binder_call(hal_usb_gadget_server, hal_usb_gadget_client)

hal_attribute_service(hal_usb_gadget, hal_usb_gadget_service)
binder_call(hal_usb_gadget_server, servicemanager)

hal_attribute_hwservice(hal_usb_gadget, hal_usb_gadget_hwservice)

# Configuring usb gadget functions
allow hal_usb_gadget_server configfs:lnk_file { read create unlink};
allow hal_usb_gadget_server configfs:dir rw_dir_perms;
allow hal_usb_gadget_server configfs:file create_file_perms;
allow hal_usb_gadget_server functionfs:dir { read search };
allow hal_usb_gadget_server functionfs:file read;
allow hal_usb_gadget_server proc_interrupts:file r_file_perms;

# Read access to ro.usb.uvc.enabled
get_prop(hal_usb_gadget_server, usb_uvc_enabled_prop)