From ec3a55308067d4a608960527d18a5c901522e04e Mon Sep 17 00:00:00 2001
From: Cheng Chang <chengcha@google.com>
Date: Tue, 2 Apr 2024 10:05:36 +0000
Subject: [PATCH 1/2] sepolicy: Allow gnssd access modem_state

avc:  denied  { read } for  name="modem_state" dev="sysfs" ino=77641 scontext=u:r:gnssd:s0 tcontext=u:object_r:sysfs_modem_state:s0 tclass=file
avc:  denied  { open } for  path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=77641 scontext=u:r:gnssd:s0 tcontext=u:object_r:sysfs_modem_state:s0 tclass=file
avc:  denied  { getattr } for  path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=77641 scontext=u:r:gnssd:s0 tcontext=u:object_r:sysfs_modem_state:s0 tclass=file

Bug: 342284863
Test: b/342284863 for boot-health check.
Test: b/342284863 for function verification.
Change-Id: I1accfe367915737c14ee79dce71fe04cdcdbb727
---
 gps/lsi/sepolicy/gnssd.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gps/lsi/sepolicy/gnssd.te b/gps/lsi/sepolicy/gnssd.te
index 56ab51f..a293b95 100644
--- a/gps/lsi/sepolicy/gnssd.te
+++ b/gps/lsi/sepolicy/gnssd.te
@@ -31,3 +31,6 @@ set_prop(gnssd, vendor_gps_prop)
 
 # Read RIL property
 get_prop(gnssd, vendor_rild_prop)
+
+# Read modme state
+allow gnssd sysfs_modem_state:file r_file_perms;

From bb3522634e7494513dd11ea8084c35e7bf7645c9 Mon Sep 17 00:00:00 2001
From: Cheng Chang <chengcha@google.com>
Date: Fri, 31 May 2024 02:12:23 +0000
Subject: [PATCH 2/2] sepolicy: Allow hal_gnss_pixel access sscoredump file

avc:  denied  { read } for  name="ssrdump" dev="dm-48" ino=404 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0
avc:  denied  { search } for  name="ssrdump" dev="dm-48" ino=404 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0
avc:  denied  { read } for  name="ssrdump" dev="dm-48" ino=404 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
avc:  denied  { open } for  path="/data/vendor/ssrdump" dev="dm-48" ino=404 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
avc:  denied  { search } for  name="ssrdump" dev="dm-48" ino=404 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
avc:  denied  { getattr } for  path="/data/vendor/ssrdump/crashinfo_gnss_2024-05-22_16-00-45.txt" dev="dm-48" ino=19897 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
avc:  denied  { read } for  name="crashinfo_modem_2024-05-22_16-34-51.txt" dev="dm-48" ino=20760 scontext=u:r:hal_gnss_pixel:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1

Bug: 341224300
Test: b/341224300#comment13 abtd boot health check.
Test: b/341224300 SST test verification.
Change-Id: Ie2b55cb487e7e801a0199b1e9dd9ad16f1e3d682
---
 gps/pixel/sepolicy/hal_gnss_pixel.te | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/gps/pixel/sepolicy/hal_gnss_pixel.te b/gps/pixel/sepolicy/hal_gnss_pixel.te
index ecdfcd3..43ff35d 100644
--- a/gps/pixel/sepolicy/hal_gnss_pixel.te
+++ b/gps/pixel/sepolicy/hal_gnss_pixel.te
@@ -22,4 +22,8 @@ allow hal_gnss_pixel hal_contexthub_service:service_manager find;
 
 # Allow connect to gnss service
 allow hal_gnss_pixel vendor_gps_file:dir create_dir_perms;
-allow hal_gnss_pixel vendor_gps_file:fifo_file create_file_perms;
\ No newline at end of file
+allow hal_gnss_pixel vendor_gps_file:fifo_file create_file_perms;
+
+# Allow access ssrdump information
+allow hal_gnss_pixel sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+allow hal_gnss_pixel sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;