From 4fd216060ceb1353416d9398d30efbb5094dba9f Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 19 Nov 2015 18:18:13 -0800
Subject: [PATCH] system_server: allow restorecon /data/system/users/0/fpdata

Addresses the following denial:

  avc: denied { relabelfrom } for pid=9971 comm="system_server" name="fpdata" dev="dm-0" ino=678683 scontext=u:r:system_server:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0

Bug: 25801240
Change-Id: I043f48f410505acaee4bb97446945316f656a210
---
 system_server.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/system_server.te b/system_server.te
index 15e847dec..476a6be62 100644
--- a/system_server.te
+++ b/system_server.te
@@ -273,6 +273,9 @@ allow system_server system_data_file:file relabelfrom;
 allow system_server wallpaper_file:file relabelto;
 allow system_server wallpaper_file:file { rw_file_perms unlink };
 
+# FingerprintService.java does a restorecon of the directory /data/system/users/[0-9]+/fpdata(/.*)?
+allow system_server system_data_file:dir relabelfrom;
+
 # Property Service write
 set_prop(system_server, system_prop)
 set_prop(system_server, dhcp_prop)
-- 
GitLab