Merge "sepolicy allow fingerprint hal to read mfg_data" into sc-dev am: ff13d1adee

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/15292860

Change-Id: I53ca776b64edda2d1cabf505445f2f7768f04dc6

whitechapel/vendor/google/device.te

@@ -6,6 +6,7 @@ type modem_userdata_block_device, dev_type;
 type persist_block_device, dev_type;
 type vendor_block_device, dev_type;
 type sda_block_device, dev_type;
+type mfg_data_block_device, dev_type;
 
 # Exynos devices
 type vendor_m2m1shot_device, dev_type;

whitechapel/vendor/google/file_contexts

@@ -73,6 +73,7 @@
 /dev/block/platform/14700000\.ufs/by-name/vbmeta_[ab]         u:object_r:custom_ab_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/vbmeta_system_[ab]  u:object_r:custom_ab_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab]    u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/mfg_data            u:object_r:mfg_data_block_device:s0
 /dev/block/sda                                                u:object_r:sda_block_device:s0
 /dev/sys/block/bootdevice(/.*)?                               u:object_r:bootdevice_sysdev:s0
 

whitechapel/vendor/google/hal_fingerprint_default.te

@@ -18,3 +18,7 @@ hal_client_domain(hal_fingerprint_default, hal_power);
 
 # Allow access to the files of CDT information.
 r_dir_file(hal_fingerprint_default, sysfs_chosen)
+
+# Allow fingerprint to access calibration blk device.
+allow hal_fingerprint_default mfg_data_block_device:blk_file { rw_file_perms };
+allow hal_fingerprint_default block_device:dir search;

whitechapel/vendor/google/vendor_init.te

@@ -16,6 +16,7 @@ set_prop(vendor_init, vendor_logger_prop)
 allow vendor_init proc_dirty:file w_file_perms;
 allow vendor_init proc_sched:file write;
 allow vendor_init bootdevice_sysdev:file create_file_perms;
+allow vendor_init block_device:lnk_file setattr;
 
 userdebug_or_eng(`
   set_prop(vendor_init, logpersistd_logging_prop)