From 99914783af0787b265e058b1611567b94d496da9 Mon Sep 17 00:00:00 2001
From: eddielan <eddielan@google.com>
Date: Fri, 29 Jul 2022 12:01:21 +0800
Subject: [PATCH] Fix FPS hwservice sepolicy issue

 avc:  denied  { find } for interface=com.fingerprints42.extension::IFingerprintEngineering sid=u:r:hal_fingerprint_capacitance:s0 pid=895 scontext=u:r:hal_fingerprint_capacitance:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0

Bug: 240633068
Test: make selinux_policy -j128
Change-Id: Ifd13d8c73c97cef9a85555a7d09de4424548ca73
---
 fingerprint_capacitance/hal_fingerprint_capacitance.te | 4 ++++
 fingerprint_capacitance/hwservice.te                   | 1 +
 fingerprint_capacitance/hwservice_contexts             | 2 ++
 3 files changed, 7 insertions(+)
 create mode 100644 fingerprint_capacitance/hwservice.te
 create mode 100644 fingerprint_capacitance/hwservice_contexts

diff --git a/fingerprint_capacitance/hal_fingerprint_capacitance.te b/fingerprint_capacitance/hal_fingerprint_capacitance.te
index 23b31e4..8cc623f 100644
--- a/fingerprint_capacitance/hal_fingerprint_capacitance.te
+++ b/fingerprint_capacitance/hal_fingerprint_capacitance.te
@@ -22,3 +22,7 @@ allow hal_fingerprint_capacitance fwk_stats_service:service_manager find;
 # allow fingerprint to access input_device
 allow hal_fingerprint_capacitance input_device:dir r_dir_perms;
 allow hal_fingerprint_capacitance input_device:chr_file rw_file_perms;
+
+# allow fingerprint to access hwservice
+hwbinder_use(hal_fingerprint_capacitance)
+add_hwservice(hal_fingerprint_capacitance, hal_fingerprint_capacitance_ext_hwservice)
diff --git a/fingerprint_capacitance/hwservice.te b/fingerprint_capacitance/hwservice.te
new file mode 100644
index 0000000..68c51ab
--- /dev/null
+++ b/fingerprint_capacitance/hwservice.te
@@ -0,0 +1 @@
+type hal_fingerprint_capacitance_ext_hwservice, hwservice_manager_type;
diff --git a/fingerprint_capacitance/hwservice_contexts b/fingerprint_capacitance/hwservice_contexts
new file mode 100644
index 0000000..ed09300
--- /dev/null
+++ b/fingerprint_capacitance/hwservice_contexts
@@ -0,0 +1,2 @@
+com.fingerprints42.extension::IFingerprintEngineering  u:object_r:hal_fingerprint_capacitance_ext_hwservice:s0
+com.fingerprints42.extension::IFingerprintSensorTest   u:object_r:hal_fingerprint_capacitance_ext_hwservice:s0