From a5c9028cedc6276ffc0be939f19f9c8c50e5bebd Mon Sep 17 00:00:00 2001
From: Kris Chen <chenkris@google.com>
Date: Thu, 8 Jul 2021 00:56:29 +0800
Subject: [PATCH] Add sepolicy rules for fingerprint hal

Fix following avc denial:
servicemanager: type=1400 audit(0.0:8): avc: denied { call } for scontext=u:r:servicemanager:s0 tcontext=u:r:hal_fingerprint_default:s0 tclass=binder permissive=0

Bug: 192040144
Test: No above avc denial in logcat.
Change-Id: I1b93474cac4ccb24736bc97665a7ca533ef0a7d3
---
 tracking_denials/servicemanager.te          | 2 --
 whitechapel/vendor/google/servicemanager.te | 1 +
 2 files changed, 1 insertion(+), 2 deletions(-)
 delete mode 100644 tracking_denials/servicemanager.te
 create mode 100644 whitechapel/vendor/google/servicemanager.te

diff --git a/tracking_denials/servicemanager.te b/tracking_denials/servicemanager.te
deleted file mode 100644
index cf725d21..00000000
--- a/tracking_denials/servicemanager.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/192040144
-dontaudit servicemanager hal_fingerprint_default:binder call;
diff --git a/whitechapel/vendor/google/servicemanager.te b/whitechapel/vendor/google/servicemanager.te
new file mode 100644
index 00000000..efddd92c
--- /dev/null
+++ b/whitechapel/vendor/google/servicemanager.te
@@ -0,0 +1 @@
+binder_call(servicemanager, hal_fingerprint_default)