From 95a756f5346759f1c9d506d4bb844bcd84b37d81 Mon Sep 17 00:00:00 2001
From: Cosmin Tanislav <demonsingur@gmail.com>
Date: Wed, 13 Oct 2021 23:07:28 +0300
Subject: [PATCH] sm8350-common: sepolicy: let fingerprint daemon and tee
 access goodix calibration data

---
 sepolicy/vendor/file_contexts  | 3 +++
 sepolicy/vendor/fingerprint.te | 4 ++++
 sepolicy/vendor/tee.te         | 2 ++
 3 files changed, 9 insertions(+)
 create mode 100644 sepolicy/vendor/tee.te

diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index c0f5ac9..33c3279 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -12,6 +12,9 @@
 # Sensors
 /vendor/bin/hw/android\.hardware\.sensors@2.1-service\.xiaomi_sm8350-multihal                           u:object_r:hal_sensors_default_exec:s0
 
+# Fingerprint
+/mnt/vendor/persist/goodix(/.*)?                                    u:object_r:vendor_fingerprint_data_file:s0
+
 # FOD
 /vendor/bin/hw/vendor\.lineage\.biometrics\.fingerprint\.inscreen@1.0-service\.xiaomi_sm8350            u:object_r:hal_lineage_fod_default_exec:s0
 /sys/devices/platform/soc/soc:qcom,dsi-display-primary/fod_hbm     u:object_r:vendor_sysfs_fod:s0
diff --git a/sepolicy/vendor/fingerprint.te b/sepolicy/vendor/fingerprint.te
index e4990eb..423cac0 100644
--- a/sepolicy/vendor/fingerprint.te
+++ b/sepolicy/vendor/fingerprint.te
@@ -1,2 +1,6 @@
 type vendor_mfp-daemon, domain;
 type vendor_mfp-daemon_exec, exec_type, vendor_file_type, file_type;
+type vendor_fingerprint_data_file, data_file_type, file_type;
+
+allow vendor_mfp-daemon vendor_fingerprint_data_file:dir create_dir_perms;
+allow vendor_mfp-daemon vendor_fingerprint_data_file:file create_file_perms;
diff --git a/sepolicy/vendor/tee.te b/sepolicy/vendor/tee.te
new file mode 100644
index 0000000..d2556fb
--- /dev/null
+++ b/sepolicy/vendor/tee.te
@@ -0,0 +1,2 @@
+allow tee vendor_fingerprint_data_file:dir create_dir_perms;
+allow tee vendor_fingerprint_data_file:file create_file_perms;
-- 
GitLab