From 580139f8798dd073ddeeda8fcedb1eb3e0120175 Mon Sep 17 00:00:00 2001
From: jhonboy121 <alfredmathew05@gmail.com>
Date: Wed, 20 Oct 2021 11:05:05 +0530
Subject: [PATCH] sm7250-common: sepolicy: address denials for fp hal

Change-Id: I69be81a37de6fca38659281ebca490292cb7bbaa
---
 sepolicy/vendor/hal_fingerprint_device.te | 7 +++++++
 sepolicy/vendor/surfaceflinger.te         | 3 +++
 2 files changed, 10 insertions(+)
 create mode 100644 sepolicy/vendor/surfaceflinger.te

diff --git a/sepolicy/vendor/hal_fingerprint_device.te b/sepolicy/vendor/hal_fingerprint_device.te
index 1d207b5..1f518d1 100644
--- a/sepolicy/vendor/hal_fingerprint_device.te
+++ b/sepolicy/vendor/hal_fingerprint_device.te
@@ -2,6 +2,13 @@ allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
 
 binder_call(hal_fingerprint_default, hal_perf_default)
 
+# Allow binder communication with hal_display_default
+binder_call(hal_fingerprint_default, hal_display_default)
+
+# Allow hal_fingerprint_default to find hal_display_hwservice
+allow hal_fingerprint_default hal_display_hwservice:hwservice_manager find;
+
+# Allow hal_fingerprint_default to find vendor_hal_perf_hwservice
 allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find;
 
 allow hal_fingerprint_default fingerprintd_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/surfaceflinger.te b/sepolicy/vendor/surfaceflinger.te
new file mode 100644
index 0000000..ccddbeb
--- /dev/null
+++ b/sepolicy/vendor/surfaceflinger.te
@@ -0,0 +1,3 @@
+binder_call(surfaceflinger, hal_display_default)
+
+allow surfaceflinger hal_display_hwservice:hwservice_manager find;