From 27a8c002cedd1ff16cb9adc1ac56c40619498813 Mon Sep 17 00:00:00 2001
From: Marc Bourgoin <themard85@gmail.com>
Date: Sat, 27 Aug 2022 06:53:41 -0600
Subject: [PATCH] sm7325-common: Address dubai's vibrator denials

Example:
I auditd  : type=1400 audit(0.0:18): avc: denied { open } for comm="vendor.qti.hard" path="/sys/devices/platform/soc/990000.i2c/i2c-1/1-005a/leds/vibrator/activate" dev="sysfs" ino=93558 scontext=u:r:hal_vibrator_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file

Change-Id: Iea46e718f4e2c1ed3b3037dcfecb4536fd47ef2d
---
 sepolicy/vendor/file.te                 | 3 +++
 sepolicy/vendor/file_contexts           | 3 +++
 sepolicy/vendor/hal_vibrator_default.te | 2 ++
 sepolicy/vendor/init.te                 | 2 ++
 4 files changed, 10 insertions(+)
 create mode 100644 sepolicy/vendor/hal_vibrator_default.te

diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index 7d9635a..0e3d4f2 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -31,3 +31,6 @@ type vendor_sysfs_touchpanel, fs_type, sysfs_type;
 
 # V4L2 Name
 type vendor_sysfs_v4l2_name, fs_type, sysfs_type;
+
+# Vibrator
+type vendor_sysfs_vibrator, fs_type, sysfs_type;
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index ad72803..508a61d 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -84,6 +84,9 @@
 /sys/devices/platform/soc/soc:qcom,cam-sync/video4linux/video([0-9])+/name                u:object_r:vendor_sysfs_v4l2_name:s0
 /sys/devices/platform/soc/soc:qcom,cam-req-mgr/video4linux/video([0-9])+/name             u:object_r:vendor_sysfs_v4l2_name:s0
 
+# Vibrator
+/sys/devices/platform/soc/990000.i2c/i2c-1/1-005a/leds/vibrator(/.*)?                     u:object_r:vendor_sysfs_vibrator:s0
+
 # Wakeups
 /sys/devices/virtual/input/input[0-9]+/wakeup[0-9]+(/.*)?                                 u:object_r:sysfs_wakeup:s0
 /sys/devices/platform/soc/[^*]+/wakeup/wakeup[0-9]+(/.*)?                                 u:object_r:sysfs_wakeup:s0
diff --git a/sepolicy/vendor/hal_vibrator_default.te b/sepolicy/vendor/hal_vibrator_default.te
new file mode 100644
index 0000000..b308714
--- /dev/null
+++ b/sepolicy/vendor/hal_vibrator_default.te
@@ -0,0 +1,2 @@
+allow hal_vibrator_default vendor_sysfs_vibrator:dir r_dir_perms;
+allow hal_vibrator_default vendor_sysfs_vibrator:file rw_file_perms;
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
index 76767dd..d26288a 100644
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
@@ -21,3 +21,5 @@ recovery_only(`
   allow init self:capability sys_module;
   allow init rootfs:system module_load;
 ')
+
+allow init vendor_sysfs_vibrator:file create_file_perms;