From d678ee322642eeb99b1d5fd66677b13fb74492a5 Mon Sep 17 00:00:00 2001
From: Kris Chen <chenkris@google.com>
Date: Tue, 21 Mar 2023 20:18:28 +0800
Subject: [PATCH] Allow fingerprint hal to read sysfs_leds

Fix the following avc denials:
avc: denied { search } for name="backlight" dev="sysfs" ino=79316
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_leds:s0
tclass=dir permissive=1

avc: denied { read } for name="state" dev="sysfs" ino=79365
scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_leds:s0
tclass=file permissive=1

Bug: 271072126
Test: Authenticate fingerprint.
Change-Id: I67f5502bc7b4b1d6e14cf493f1bc6575980bcd0d
---
 whitechapel/vendor/google/hal_fingerprint_default.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/whitechapel/vendor/google/hal_fingerprint_default.te b/whitechapel/vendor/google/hal_fingerprint_default.te
index aee24633..69549701 100644
--- a/whitechapel/vendor/google/hal_fingerprint_default.te
+++ b/whitechapel/vendor/google/hal_fingerprint_default.te
@@ -33,3 +33,7 @@ allow hal_fingerprint_default sysfs_trusty:file rw_file_perms;
 # Allow fingerprint to access display hal
 allow hal_fingerprint_default hal_pixel_display_service:service_manager find;
 binder_call(hal_fingerprint_default, hal_graphics_composer_default)
+
+# allow fingerprint to read sysfs_leds
+allow hal_fingerprint_default sysfs_leds:file r_file_perms;
+allow hal_fingerprint_default sysfs_leds:dir r_dir_perms;