From 458b60e5c94f0be6a89cd7a5a3797f8e2b4721bd Mon Sep 17 00:00:00 2001
From: leohsieh <leohsieh@google.com>
Date: Tue, 14 Mar 2023 23:12:06 +0800
Subject: [PATCH] Allow hal_fingerprint_default to access sysfs_aoc_udfps [DO
 NOT MERGE]

Fix the following avc denial:
avc: denied { search } for name="17000000.aoc" dev="sysfs" ino=22035 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc:s0 tclass=dir permissive=0
avc: denied { write } for name="udfps_set_clock_source" dev="sysfs" ino=106891 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc_udfps:s0 tclass=file permissive=0
avc: denied { read } for name="udfps_get_disp_freq" dev="sysfs" ino=106893 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:sysfs_aoc_udfps:s0 tclass=file permissive=0

Bug: 267271482
Test: Verify fingerprint HAL process can read/write to the sysfs node.
Change-Id: I39a2e69b1c314d52944bb16ada61e7e6761561cf
---
 vendor/file.te                    | 1 +
 vendor/genfs_contexts             | 3 +++
 vendor/hal_fingerprint_default.te | 4 ++++
 3 files changed, 8 insertions(+)

diff --git a/vendor/file.te b/vendor/file.te
index d5ecec27..9865c50a 100644
--- a/vendor/file.te
+++ b/vendor/file.te
@@ -10,6 +10,7 @@ type sysfs_power_dump, sysfs_type, fs_type;
 type sysfs_acpm_stats, sysfs_type, fs_type;
 type sysfs_write_leds, sysfs_type, fs_type;
 type sysfs_pca, sysfs_type, fs_type;
+type sysfs_aoc_udfps, sysfs_type, fs_type;
 
 # Trusty
 type sysfs_trusty, sysfs_type, fs_type;
diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts
index dabab26b..08056a85 100644
--- a/vendor/genfs_contexts
+++ b/vendor/genfs_contexts
@@ -469,6 +469,9 @@ genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup        u:ob
 genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception      u:object_r:sysfs_aoc_dumpstate:s0
 genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32      u:object_r:sysfs_aoc_dumpstate:s0
 genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1      u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/17000000.aoc/control/udfps_set_clock_source    u:object_r:sysfs_aoc_udfps:s0
+genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_osc_freq        u:object_r:sysfs_aoc_udfps:s0
+genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_disp_freq       u:object_r:sysfs_aoc_udfps:s0
 
 # OTA
 genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled           u:object_r:sysfs_ota:s0
diff --git a/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te
index 6aa57dde..b0a81160 100644
--- a/vendor/hal_fingerprint_default.te
+++ b/vendor/hal_fingerprint_default.te
@@ -37,3 +37,7 @@ hal_client_domain(hal_fingerprint_default, hal_thermal);
 # allow fingerprint to read sysfs_leds
 allow hal_fingerprint_default sysfs_leds:file r_file_perms;
 allow hal_fingerprint_default sysfs_leds:dir r_dir_perms;
+
+# Allow fingerprint to access sysfs_aoc_udfps
+allow hal_fingerprint_default sysfs_aoc:dir search;
+allow hal_fingerprint_default sysfs_aoc_udfps:file rw_file_perms;