From 8c57947a5793460b2f93cf55283889b5d214bc68 Mon Sep 17 00:00:00 2001
From: sabarop <sabar.pakpahan@gmail.com>
Date: Fri, 10 Mar 2023 13:37:52 +0700
Subject: [PATCH] sdm660-common: sepolicy: multiple address denials

Coauthored-by: pix106 <sbordenave@gmail.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
---
 sepolicy/vendor/hal_fingerprint_sdm660.te | 7 +++++++
 sepolicy/vendor/hal_health_default.te     | 1 +
 sepolicy/vendor/hal_light_default.te      | 3 ++-
 sepolicy/vendor/hvdcp.te                  | 2 +-
 4 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/sepolicy/vendor/hal_fingerprint_sdm660.te b/sepolicy/vendor/hal_fingerprint_sdm660.te
index 95d5a725..b934a7f0 100644
--- a/sepolicy/vendor/hal_fingerprint_sdm660.te
+++ b/sepolicy/vendor/hal_fingerprint_sdm660.te
@@ -30,4 +30,11 @@ r_dir_file(hal_fingerprint_sdm660, firmware_file)
 r_dir_file(hal_fingerprint_sdm660, sysfs_devfreq)
 set_prop(hal_fingerprint_sdm660, hal_fingerprint_prop)
 
+# allow hal_fingerprint_sdm660 default_android_hwservice:hwservice_manager find;
+allow hal_fingerprint_sdm660 kcal_dev:dir search;
+allow hal_fingerprint_sdm660 kcal_dev:file read;
+allow hal_fingerprint_sdm660 mnt_vendor_file:dir search;
+allow hal_fingerprint_sdm660 persist_drm_file:dir read;
+# allow hal_fingerprint_sdm660 vendor_toolbox_exec:file execute_no_trans;
+
 dontaudit hal_fingerprint_default storage_file:dir search;
diff --git a/sepolicy/vendor/hal_health_default.te b/sepolicy/vendor/hal_health_default.te
index 6cecf70e..ce7cc10b 100644
--- a/sepolicy/vendor/hal_health_default.te
+++ b/sepolicy/vendor/hal_health_default.te
@@ -1,2 +1,3 @@
 allow hal_health_default sysfs_wakeup:dir r_dir_perms;
 allow hal_health_default sysfs_wakeup:file r_file_perms;
+allow hal_health_default sysfs:file { open read write getattr };
diff --git a/sepolicy/vendor/hal_light_default.te b/sepolicy/vendor/hal_light_default.te
index 250aa6c1..7cc41d5a 100644
--- a/sepolicy/vendor/hal_light_default.te
+++ b/sepolicy/vendor/hal_light_default.te
@@ -1 +1,2 @@
-allow hal_light_default sysfs:file rw_file_perms;
\ No newline at end of file
+allow hal_light_default sysfs:file rw_file_perms;
+allow hal_light_default sysfs:file { open read write };
diff --git a/sepolicy/vendor/hvdcp.te b/sepolicy/vendor/hvdcp.te
index a2375dcb..b26c3132 100644
--- a/sepolicy/vendor/hvdcp.te
+++ b/sepolicy/vendor/hvdcp.te
@@ -1,2 +1,2 @@
 allow hvdcp vendor_sysfs_hvdcp:file r_file_perms;
-allow hvdcp sysfs:file { open  read };
+allow hvdcp sysfs:file { open  read getattr };