From 75a9ea1ee46062943714d97c65aba3d30cf927f9 Mon Sep 17 00:00:00 2001
From: eddielan <eddielan@google.com>
Date: Fri, 16 Apr 2021 13:16:43 +0800
Subject: [PATCH] sepolicy: fix fingerprint sepolicy

04-16 01:56:07.948  1039  1039 W fingerprint@2.1: type=1400 audit(0.0:110):
avc: denied { write } for name="wakeup_enable" dev="sysfs" ino=69197
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:sysfs:s0
tclass=file permissive=0

Bug: 185538163
Test: Build Pass
Change-Id: I8f75daf22577e6a68f3b2a0250eebebd1873ea28
---
 whitechapel/vendor/google/file.te                    | 3 +++
 whitechapel/vendor/google/genfs_contexts             | 3 +++
 whitechapel/vendor/google/hal_fingerprint_default.te | 2 ++
 3 files changed, 8 insertions(+)

diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index ea239081..25d5b1da 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -58,6 +58,9 @@ type sensor_vendor_data_file, file_type, data_file_type, mlstrustedobject;
 type sensors_cal_file, file_type;
 type sysfs_nanoapp_cmd, sysfs_type, fs_type;
 
+# Fingerprint
+type sysfs_fingerprint, sysfs_type, fs_type;
+
 # CHRE
 type chre_socket, file_type;
 
diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts
index a1755adc..fd043700 100644
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@@ -66,6 +66,9 @@ genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/4-0043            u:object
 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-0042            u:object_r:sysfs_vibrator:s0
 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-0043            u:object_r:sysfs_vibrator:s0
 
+# Fingerprint
+genfscon sysfs /devices/platform/odm/odm:fp_fpc1020                 u:object_r:sysfs_fingerprint:s0
+
 # System_suspend
 genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/5-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/cpif/wakeup/wakeup                                           u:object_r:sysfs_wakeup:s0
diff --git a/whitechapel/vendor/google/hal_fingerprint_default.te b/whitechapel/vendor/google/hal_fingerprint_default.te
index 4c248981..3d0f2298 100644
--- a/whitechapel/vendor/google/hal_fingerprint_default.te
+++ b/whitechapel/vendor/google/hal_fingerprint_default.te
@@ -4,5 +4,7 @@ allow hal_fingerprint_default sysfs_batteryinfo:file r_file_perms;
 allow hal_fingerprint_default sysfs_batteryinfo:dir search;
 allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
 allow hal_fingerprint_default dmabuf_system_heap_device:chr_file r_file_perms;
+allow hal_fingerprint_default sysfs_fingerprint:dir r_dir_perms;
+allow hal_fingerprint_default sysfs_fingerprint:file rw_file_perms;
 get_prop(hal_fingerprint_default, fingerprint_ghbm_prop)
 add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice)