From a39b131e9db1fed7e5ce90174f19515f465c8739 Mon Sep 17 00:00:00 2001
From: Jim Miller <jaggies@google.com>
Date: Thu, 21 May 2015 17:42:09 -0700
Subject: [PATCH] Selinux: Allow system_server to create fpdata dir.

Fixes avc errors;
avc: denied { relabelto } for name="fpdata" dev="mmcblk0p28" ino=586465 scontext=u:r:system_server:s0 tcontext=u:object_r:fingerprintd_data_file:s0 tclass=dir permissive=0
avc: denied { read } for name="fpdata" dev="mmcblk0p28" ino=586409 scontext=u:r:system_server:s0 tcontext=u:object_r:fingerprintd_data_file:s0 tclass=dir permissive=0

Change-Id: I3ba16af14632d803e09ac1490af9a0b652cba3a6
---
 system_server.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/system_server.te b/system_server.te
index 150103ef5..d3457491f 100644
--- a/system_server.te
+++ b/system_server.te
@@ -429,6 +429,9 @@ allow system_server sdcard_type:dir { getattr search };
 # Traverse into expanded storage
 allow system_server mnt_expand_file:dir r_dir_perms;
 
+# Allow system process to relabel the fingerprint directory after mkdir
+allow system_server fingerprintd_data_file:dir {r_dir_perms relabelto};
+
 ###
 ### Neverallow rules
 ###
-- 
GitLab