bullhead: sepolicy: allow system_server to write sensor properties

fixes the following denial:

init: avc:  denied  { set } for property=sensors.contexthub.lid_state scontext=u:r:system_server:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service

Bug: 22590601
Change-Id: I100cbab214421ac0c74c80d8ad75d9a115688ecc

3 files changed, 10 insertions, 5 deletions

diff --git a/sepolicy/property.te b/sepolicy/property.te
index 580b92f..5fc4726 100644
--- a/sepolicy/property.te
+++ b/sepolicy/property.te
@@ -2,3 +2,4 @@ type wc_transport_prop, property_type;
 type qseecomtee_prop, property_type;
 type radio_atfwd_prop, property_type;
 type qcom_ims_prop, property_type;
+type contexthub_prop, property_type;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
index 1f5e66e..7d98fb4 100644
--- a/sepolicy/property_contexts
+++ b/sepolicy/property_contexts
@@ -1,5 +1,6 @@
-wc_transport.    u:object_r:wc_transport_prop:s0
-sys.listeners.   u:object_r:qseecomtee_prop:s0
-sys.keymaster.   u:object_r:qseecomtee_prop:s0
-radio.atfwd.     u:object_r:radio_atfwd_prop:s0
-sys.ims.         u:object_r:qcom_ims_prop:s0
+wc_transport.        u:object_r:wc_transport_prop:s0
+sys.listeners.       u:object_r:qseecomtee_prop:s0
+sys.keymaster.       u:object_r:qseecomtee_prop:s0
+radio.atfwd.         u:object_r:radio_atfwd_prop:s0
+sys.ims.             u:object_r:qcom_ims_prop:s0
+sensors.contexthub.  u:object_r:contexthub_prop:s0
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index cfbf301..d294985 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -30,3 +30,6 @@ allow system_server mpctl_data_file:dir search;
 
 # talk to perfd
 unix_socket_connect(system_server, mpctl, perfd)
+
+# hubconnection to get and set sensors.contexthub.* properties
+set_prop(system_server, contexthub_prop);