From 933059f487495506bcd0b1a66b994fea53efa79f Mon Sep 17 00:00:00 2001
From: "Kevin F. Haggerty" <haggertk@lineageos.org>
Date: Thu, 15 Nov 2018 20:30:47 -0700
Subject: [PATCH] klte-common: sepolicy: Label sysfs_fingerprint, resolve
 denials

* avc: denied { setattr } for name="type_check" dev="sysfs" ino=28060
  scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file
  permissive=0

Change-Id: Ide1be660eaa005a7268161a4ab8d301b793ba062
---
 sepolicy/common/file.te       | 1 +
 sepolicy/common/file_contexts | 3 +++
 sepolicy/common/init.te       | 1 +
 3 files changed, 5 insertions(+)
 create mode 100644 sepolicy/common/init.te

diff --git a/sepolicy/common/file.te b/sepolicy/common/file.te
index 9b03bb7..8a03b86 100644
--- a/sepolicy/common/file.te
+++ b/sepolicy/common/file.te
@@ -1 +1,2 @@
+type sysfs_fingerprint, fs_type, sysfs_type;
 type vfsspi_data_file, file_type, data_file_type;
diff --git a/sepolicy/common/file_contexts b/sepolicy/common/file_contexts
index b305392..7c45342 100644
--- a/sepolicy/common/file_contexts
+++ b/sepolicy/common/file_contexts
@@ -11,3 +11,6 @@
 # sysfs - audio
 /sys/devices/[a-f0-9]+\.slim/es705-codec-gen0(/.*)?     u:object_r:sysfs_audio:s0
 /sys/kernel/DualWave/sound(/.*)?                        u:object_r:sysfs_audio:s0
+
+# sysfs - fingerprint
+/sys/devices/virtual/fingerprint(/.*)?                  u:object_r:sysfs_fingerprint:s0
diff --git a/sepolicy/common/init.te b/sepolicy/common/init.te
new file mode 100644
index 0000000..a8db50e
--- /dev/null
+++ b/sepolicy/common/init.te
@@ -0,0 +1 @@
+allow init sysfs_fingerprint:file setattr;