From c6eea8a657cbd9001e52941522def2ab0cfdfb88 Mon Sep 17 00:00:00 2001
From: Kris Chen <chenkris@google.com>
Date: Wed, 20 Apr 2022 02:35:41 +0800
Subject: [PATCH] Allow hal_fingerprint_default to access
 hal_pixel_display_service

Fix the following avc denial:
avc: denied  { find } for pid=1158 uid=1000 name=com.google.hardware.pixel.display.IDisplay/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:hal_pixel_display_service:s0 tclass=service_manager permissive=0
avc: denied { call } for scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder permissive=0

Bug: 229716695
Bug: 224573604
Test: build and test fingerprint on device.
Change-Id: Id24e65213221048d6dfdeae6ed2bcb7b762a0f75
---
 whitechapel/vendor/google/hal_fingerprint_default.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/whitechapel/vendor/google/hal_fingerprint_default.te b/whitechapel/vendor/google/hal_fingerprint_default.te
index 56b1605c..aee24633 100644
--- a/whitechapel/vendor/google/hal_fingerprint_default.te
+++ b/whitechapel/vendor/google/hal_fingerprint_default.te
@@ -29,3 +29,7 @@ allow hal_fingerprint_default sysfs_display:file r_file_perms;
 
 # Allow fingerprint to access trusty sysfs
 allow hal_fingerprint_default sysfs_trusty:file rw_file_perms;
+
+# Allow fingerprint to access display hal
+allow hal_fingerprint_default hal_pixel_display_service:service_manager find;
+binder_call(hal_fingerprint_default, hal_graphics_composer_default)