From 43ec21599445fc7048b300c93ab939eda304808e Mon Sep 17 00:00:00 2001
From: Davide Garberi <dade.garberi@gmail.com>
Date: Thu, 19 Sep 2019 19:55:48 +0200
Subject: sdm660-common: sepolicy: Fix some hwservice fingerprint denials

avc:  denied  { find } for interface=com.fingerprints.extension::IFingerprintNavigation sid=u:r:system_server:s0 pid=1282 scontext=u:r:system_server:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager
avc:  denied  { find } for interface=vendor.qti.hardware.perf::IPerf sid=u:r:hal_fingerprint_sdm660:s0 pid=845 scontext=u:r:hal_fingerprint_sdm660:s0 tcontext=u:object_r:hal_perf_hwservice:s0 tclass=hwservice_manager

Change-Id: Id8a26ab1134d8ea4e7b0e712f19784180372ee8b
---
 sepolicy/vendor/hwservice.te        | 1 +
 sepolicy/vendor/hwservice_contexts  | 1 +
 sepolicy/vendor/init_fingerprint.te | 1 -
 sepolicy/vendor/system_server.te    | 1 +
 4 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te
index 32adecb..db29744 100644
--- a/sepolicy/vendor/hwservice.te
+++ b/sepolicy/vendor/hwservice.te
@@ -1,2 +1,3 @@
 type goodixhw_service, hwservice_manager_type;
 type hal_mlipay_hwservice, hwservice_manager_type, untrusted_app_visible_hwservice;
+type fpnav_hwservice, hwservice_manager_type;
diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts
index 8ff7ae7..14bb48b 100644
--- a/sepolicy/vendor/hwservice_contexts
+++ b/sepolicy/vendor/hwservice_contexts
@@ -1,2 +1,3 @@
 vendor.goodix.hardware.fingerprint::IGoodixBiometricsFingerprint u:object_r:goodixhw_service:s0
+com.fingerprints.extension::IFingerprintNavigation               u:object_r:fpnav_hwservice:s0
 vendor.xiaomi.hardware.mlipay::IMlipayService                    u:object_r:hal_mlipay_hwservice:s0
diff --git a/sepolicy/vendor/init_fingerprint.te b/sepolicy/vendor/init_fingerprint.te
index 9ef78c4..29ea735 100644
--- a/sepolicy/vendor/init_fingerprint.te
+++ b/sepolicy/vendor/init_fingerprint.te
@@ -12,5 +12,4 @@ allow init_fingerprint vendor_toolbox_exec:file rx_file_perms;
 allow init_fingerprint persist_file:dir search;
 allow init_fingerprint persist_drm_file:dir { read search open write remove_name };
 allow init_fingerprint persist_drm_file:file { getattr unlink };
-
 allow init_fingerprint system_data_file:file getattr;
diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te
index c9135cf..1ab55bd 100644
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@@ -2,3 +2,4 @@ allow system_server vendor_keylayout_file:dir search;
 allow system_server vendor_keylayout_file:file r_file_perms;
 allow system_server sysfs_vibrator:file rw_file_perms;
 allow system_server sysfs_rtc:file r_file_perms;
+allow system_server fpnav_hwservice:hwservice_manager { add find };
-- 
cgit v1.2.3