From cf7ee8a8e57a3d0c92bfeb4532dfcd82760ecede Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 17 Dec 2015 23:55:15 +0000
Subject: [PATCH] Revert "fingerprintd.te: neverallow fingerprint data file
 access"

Both angler and bullhead violate these SELinux rules.

Bullhead: tee has access to these files
Angler: system_server has read/write access to these files.

Fixes the following compile time error:

  libsepol.report_failure: neverallow on line 32 of external/sepolicy/fingerprintd.te (or line 6704 of policy.conf) violated by allow tee fingerprintd_data_file:file { ioctl read write create setattr lock append rename open };
  libsepol.check_assertions: 1 neverallow failures occurred
  Error while expanding policy
  out/host/linux-x86/bin/checkpolicy:  loading policy configuration from out/target/product/bullhead/obj/ETC/sepolicy_intermediates/policy.conf

This reverts commit 604a8cae620b1bb31e954c54049c22dbd137795c.

Change-Id: Iabb8f2e9de96f9082cd6a790d1af80cbc6a569b1
---
 fingerprintd.te | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/fingerprintd.te b/fingerprintd.te
index 41e1aca6b..1c0ab1c9e 100644
--- a/fingerprintd.te
+++ b/fingerprintd.te
@@ -21,12 +21,3 @@ allow fingerprintd keystore:keystore_key { add_auth };
 # For permissions checking
 binder_call(fingerprintd, system_server);
 allow fingerprintd permission_service:service_manager find;
-
-###
-### Neverallow rules
-###
-
-# Protect fingerprint data files from access by anything other
-# than fingerprintd and init
-neverallow { domain -fingerprintd -init } fingerprintd_data_file:file
-  { append create link relabelfrom rename setattr write open read ioctl lock };
-- 
GitLab