From ba0eb551e97aff2575cd7ec8c37409ec10fced5f Mon Sep 17 00:00:00 2001
From: eddielan <eddielan@google.com>
Date: Mon, 22 Aug 2022 17:43:18 +0800
Subject: [PATCH] fingerprint: Allow fingerprint to access thermal hal

SELinux : avc:  denied  { find } for interface=android.hardware.thermal::IThermal
sid=u:r:hal_fingerprint_default:s0 pid=1064
scontext=u:r:hal_fingerprint_default:s0
tcontext=u:object_r:hal_thermal_hwservice:s0
tclass=hwservice_manager permissive=0

Bug: 243115023
Test: make selinux_policy -j128
Test: Check avc log on device
Change-Id: Ida1b18536468df11be5bf44fb6fb79b03a35f4b9
---
 whitechapel_pro/hal_fingerprint_default.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/whitechapel_pro/hal_fingerprint_default.te b/whitechapel_pro/hal_fingerprint_default.te
index ec02f9c4..912776dd 100644
--- a/whitechapel_pro/hal_fingerprint_default.te
+++ b/whitechapel_pro/hal_fingerprint_default.te
@@ -30,3 +30,6 @@ allow hal_fingerprint_default sysfs_trusty:file rw_file_perms;
 # Allow fingerprint to access display hal
 allow hal_fingerprint_default hal_pixel_display_service:service_manager find;
 binder_call(hal_fingerprint_default, hal_graphics_composer_default)
+
+# allow fingerprint to access thermal hal
+hal_client_domain(hal_fingerprint_default, hal_thermal);