type hal_fingerprint_sdm660, domain;
type hal_fingerprint_sdm660_exec, exec_type, vendor_file_type, file_type;
hal_server_domain(hal_fingerprint_sdm660, hal_fingerprint)
init_daemon_domain(hal_fingerprint_sdm660)

allow hal_fingerprint_sdm660 {
    fingerprint_device
    tee_device
    uhid_device
}:chr_file rw_file_perms;

# TODO(b/36644492): Remove data_between_core_and_vendor_violators once
# hal_fingerprint no longer directly accesses fingerprintd_data_file.
typeattribute hal_fingerprint_sdm660 data_between_core_and_vendor_violators;

# access to /data/system/users/[0-9]+/fpdata
allow hal_fingerprint_sdm660 fingerprintd_data_file:dir rw_dir_perms;
allow hal_fingerprint_sdm660 fingerprintd_data_file:file create_file_perms;
allow hal_fingerprint_sdm660 hal_perf_hwservice:hwservice_manager find;
allow hal_fingerprint_sdm660 self:netlink_socket create_socket_perms_no_ioctl;
allow hal_fingerprint_sdm660 sysfs_fingerprint:file rw_file_perms;
allow hal_fingerprint_sdm660 sysfs_devfreq:dir search;
allow hal_fingerprint_sdm660 sysfs_devfreq:file r_file_perms;
allow hal_fingerprint_sdm660 mnt_vendor_file:dir search; 
allow hal_fingerprint_sdm660 mnt_vendor_file:file r_file_perms;
allow hal_fingerprint_sdm660 persist_drm_file:dir rw_dir_perms;

binder_call(hal_fingerprint_sdm660, hal_perf_default)
r_dir_file(hal_fingerprint_sdm660, firmware_file)
r_dir_file(hal_fingerprint_sdm660, sysfs_devfreq)
set_prop(hal_fingerprint_sdm660, hal_fingerprint_prop)

dontaudit hal_fingerprint_default storage_file:dir search;