yukawa: Fix SELinux error report for wificond

Bug: 223668844
Test: adb logcat -b all -d | audit2allow -p
      out/target/product/yukawa/vendor/etc/selinux/precompiled_sepolicy

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Change-Id: I9e6a0ae7b141028ff5a151adff3eaf56da629aa0

3 files changed, 6 insertions, 0 deletions

diff --git a/sepolicy/file.te b/sepolicy/file.te
index 38a4afb..0344795 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -6,3 +6,6 @@ type sensor_vendor_data_file, file_type, data_file_type, mlstrustedobject;
 
 # /sys
 type sysfs_nanoapp_cmd, sysfs_type, fs_type;
+
+# /vendor/firmware
+type vendor_firmware_file, vendor_file_type, file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index ecf9cda..04f8a1a 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -21,6 +21,7 @@
 /(vendor|system/vendor)/lib(64)?/hw/gralloc\.yukawa\.so u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/hw/android\.hardware\.health@2\.0-impl-2\.1-cuttlefish\.so u:object_r:same_process_hal_file:s0
 /vendor/bin/hw/lights-yukawa u:object_r:hal_light_default_exec:s0
+/(vendor|system/vendor)/firmware(/.*)?        u:object_r:vendor_firmware_file:s0
 
 #Block devices
 /dev/block/platform/soc/ffe07000\.mmc/by-name/userdata u:object_r:userdata_block_device:s0
diff --git a/sepolicy/wificond.te b/sepolicy/wificond.te
new file mode 100644
index 0000000..e336575
--- /dev/null
+++ b/sepolicy/wificond.te
@@ -0,0 +1,2 @@
+allow wificond vendor_firmware_file:dir search;
+dontaudit wificond vendor_firmware_file:file { open read };