From 6bbcfb4c1d1c700a8d45717e2e6b02bf4195be64 Mon Sep 17 00:00:00 2001
From: Max Weffers <rcstar6696@gmail.com>
Date: Sat, 28 Dec 2019 16:09:33 +0100
Subject: [PATCH] sdm660: sepolicy: fix denials while fingerprint enrollment

---
 sepolicy/vendor/hal_fingerprint_sdm660.te | 4 ++++
 sepolicy/vendor/vendor_init.te            | 1 +
 2 files changed, 5 insertions(+)

diff --git a/sepolicy/vendor/hal_fingerprint_sdm660.te b/sepolicy/vendor/hal_fingerprint_sdm660.te
index 7856675f..f6f12fe9 100644
--- a/sepolicy/vendor/hal_fingerprint_sdm660.te
+++ b/sepolicy/vendor/hal_fingerprint_sdm660.te
@@ -16,6 +16,10 @@ allow hal_fingerprint_sdm660 { mnt_user_file storage_file }:lnk_file read;
 allow hal_fingerprint_sdm660 fingerprint_sysfs:dir r_dir_perms;
 allow hal_fingerprint_sdm660 fingerprint_sysfs:file rw_file_perms;
 
+allow hal_fingerprint_sdm660 hal_perf_hwservice:hwservice_manager find;
+allow hal_fingerprint_sdm660 rootfs:dir read;
+allow hal_fingerprint_sdm660 vendor_mpctl_prop:file read;
+
 allow hal_fingerprint_sdm660 vendor_fp_prop:property_service set;
 allow hal_fingerprint_sdm660 vendor_fp_prop:file { getattr open read };
 
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index 5e1d051b..ac9a4acb 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -22,5 +22,6 @@ allow vendor_init vendor_fp_prop:property_service set;
 
 allow vendor_init rootfs:dir { add_name write };
 allow vendor_init rootfs:lnk_file setattr;
+allow vendor_init fingerprint_data_file:dir setattr;
 set_prop(vendor_init, camera_prop)
 set_prop(vendor_init, vendor_camera_prop)