From 01ebfad97ae0220573faa8a051c79ed53b1f6592 Mon Sep 17 00:00:00 2001
From: "Kevin F. Haggerty" <haggertk@lineageos.org>
Date: Thu, 15 Feb 2018 20:33:28 -0700
Subject: [PATCH] klte-common: sepolicy: Allow FP HAL more privs for
 vcs_data_file

avc: denied { read } for name="validity" dev="mmcblk0p26"
  ino=219889 scontext=u:r:hal_fingerprint_default:s0
  tcontext=u:object_r:vcs_data_file:s0 tclass=dir permissive=0
avc: denied { write } for name="validity" dev="mmcblk0p26"
  ino=219889 scontext=u:r:hal_fingerprint_default:s0
  tcontext=u:object_r:vcs_data_file:s0 tclass=dir permissive=0
avc: denied { create } for name="finger.db"
  scontext=u:r:hal_fingerprint_default:s0
  tcontext=u:object_r:vcs_data_file:s0 tclass=file permissive=0

Change-Id: I2e0caa8b3763b8cdcd19b40d174f1a8fc3dc332e
---
 sepolicy/common/hal_fingerprint_default.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sepolicy/common/hal_fingerprint_default.te b/sepolicy/common/hal_fingerprint_default.te
index ae671aa..17bc016 100644
--- a/sepolicy/common/hal_fingerprint_default.te
+++ b/sepolicy/common/hal_fingerprint_default.te
@@ -1,6 +1,6 @@
 r_dir_file(hal_fingerprint_default, firmware_file)
 
 allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
-allow hal_fingerprint_default vcs_data_file:dir search;
-allow hal_fingerprint_default vcs_data_file:file rw_file_perms;
+allow hal_fingerprint_default vcs_data_file:dir rw_dir_perms;
+allow hal_fingerprint_default vcs_data_file:file create_file_perms;
 allow hal_fingerprint_default vcs_device:chr_file rw_file_perms;