From a7c90de7405702506b7f7593705c9f444412dba8 Mon Sep 17 00:00:00 2001
From: chenkris <chenkris@google.com>
Date: Mon, 11 Dec 2023 03:45:16 +0000
Subject: [PATCH] fingerprint: fix SELinux denials

Fix following AVC denials:
1. Could not enable service: File /vendor/bin/hw/android.hardware.biometrics.fingerprint-service.goodix(labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined
2. Could not start service 'vendor.fps_hal' as part of class 'late_start': File /vendor/bin/hw/android.hardware.biometrics.fingerprint@2.1-service.goodix(labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined.
3. avc:  denied  { ioctl } for  path="/dev/goodix_fp" dev="tmpfs" ino=1499 ioctlcmd=0x6701 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1

Bug: 315737323
Test: boot with no relevant error
Change-Id: Ideeac108b8470232a258254437086451550fcc8d
---
 vendor/file_contexts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/vendor/file_contexts b/vendor/file_contexts
index daf8956..9d12c9a 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -25,6 +25,8 @@
 /vendor/bin/hw/android\.hardware\.security\.secretkeeper\.trusty            u:object_r:hal_secretkeeper_default_exec:s0
 /vendor/bin/ufs_firmware_update\.sh                                         u:object_r:ufs_firmware_update_exec:s0
 /vendor/bin/hw/qfp-daemon                                                   u:object_r:hal_fingerprint_default_exec:s0
+/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix  u:object_r:hal_fingerprint_default_exec:s0
+/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix   u:object_r:hal_fingerprint_default_exec:s0
 
 # Vendor libraries
 /vendor/lib64/libdrm\.so                                                 u:object_r:same_process_hal_file:s0
@@ -153,6 +155,7 @@
 /dev/dma_heap/gcma_camera-uncached                                          u:object_r:gcma_camera_heap_device:s0
 /dev/qbt_ipc                                                                u:object_r:fingerprint_device:s0
 /dev/qbt_fd                                                                 u:object_r:fingerprint_device:s0
+/dev/goodix_fp                                                              u:object_r:fingerprint_device:s0
 
 # Data
 /data/vendor/ss(/.*)?                                                       u:object_r:tee_data_file:s0