zl1: sepolicy: fix some denialso8.0

Change-Id: I40497f8c8a4063df13ee131b9da2628013d7d041

4 files changed, 9 insertions, 0 deletions

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index c5f77da..dc86c76 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -2,3 +2,5 @@
 /system/bin/gx_fpd                                              u:object_r:goodix_exec:s0
 /dev/goodix_fp                                                  u:object_r:goodix_device:s0
 /data/goodix(/.*)?                                              u:object_r:goodix_data_file:s0
+
+/persist/data/fingerprint/(/.*)?                                u:object_r:goodix_data_file:s0
diff --git a/sepolicy/goodix.te b/sepolicy/goodix.te
index 84016d8..902a5aa 100644
--- a/sepolicy/goodix.te
+++ b/sepolicy/goodix.te
@@ -5,6 +5,9 @@ init_daemon_domain(goodix)
 
 allow goodix firmware_file:dir { r_dir_perms };
 allow goodix firmware_file:file { r_file_perms };
+allow goodix firmware_file:lnk_file { r_file_perms };
+allow goodix vfat:dir { r_dir_perms };
+allow goodix vfat:file { r_file_perms };
 
 allow goodix self:capability { dac_override };
 allow goodix tee_device:chr_file { rw_file_perms };
diff --git a/sepolicy/servicemanager.te b/sepolicy/servicemanager.te
new file mode 100644
index 0000000..4aaa469
--- /dev/null
+++ b/sepolicy/servicemanager.te
@@ -0,0 +1,3 @@
+allow servicemanager goodix:dir { search };
+allow servicemanager goodix:file { r_file_perms };
+allow servicemanager goodix:process { getattr };
diff --git a/sepolicy/tee.te b/sepolicy/tee.te
new file mode 100644
index 0000000..0bb6506
--- /dev/null
+++ b/sepolicy/tee.te
@@ -0,0 +1 @@
+allow tee goodix_data_file:file { r_file_perms };