From b45758328a0f0ef94fda0a52fbfb5f3c508be2bc Mon Sep 17 00:00:00 2001
From: Sebastiano Barezzi <barezzisebastiano@gmail.com>
Date: Sun, 26 Jun 2022 22:21:46 +0200
Subject: [PATCH] sm6250-common: sepolicy: Label fingerprint props as
 restricted vendor

* System only reads them, but never sets them
* Rename to vendor_fingerprint_prop while at it

Change-Id: Id980731ec53338c5c5a07b81f10a283c428d17aa
---
 sepolicy/vendor/app.te                     | 2 +-
 sepolicy/vendor/hal_fingerprint_default.te | 4 ++--
 sepolicy/vendor/property.te                | 2 +-
 sepolicy/vendor/property_contexts          | 8 ++++----
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te
index 8f27966..7cf5cde 100644
--- a/sepolicy/vendor/app.te
+++ b/sepolicy/vendor/app.te
@@ -2,5 +2,5 @@ allow { appdomain -isolated_app } adsprpcd_file:dir r_dir_perms;
 allow { appdomain -isolated_app } public_adsprpcd_file:file r_file_perms;
 allow { appdomain -isolated_app } vendor_xdsp_device:chr_file r_file_perms;
 
-get_prop({ appdomain -isolated_app }, vendor_fp_prop)
+get_prop({ appdomain -isolated_app }, vendor_fingerprint_prop)
 get_prop({ appdomain -isolated_app }, vendor_tee_listener_prop)
diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te
index 5b62226..f9c26b2 100644
--- a/sepolicy/vendor/hal_fingerprint_default.te
+++ b/sepolicy/vendor/hal_fingerprint_default.te
@@ -27,9 +27,9 @@ allow hal_fingerprint_default {
 
 r_dir_file(hal_fingerprint_default, firmware_file)
 
-get_prop(system_server, vendor_fp_prop);
+get_prop(system_server, vendor_fingerprint_prop);
 
-set_prop(hal_fingerprint_default, vendor_fp_prop)
+set_prop(hal_fingerprint_default, vendor_fingerprint_prop)
 
 allow hal_fingerprint_default vendor_sysfs_spss:dir { search };
 allow hal_fingerprint_default vendor_sysfs_spss:file { open read };
diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te
index 8181341..d16a64a 100644
--- a/sepolicy/vendor/property.te
+++ b/sepolicy/vendor/property.te
@@ -2,4 +2,4 @@ vendor_internal_prop(vendor_power_prop)
 
 vendor_internal_prop(vendor_thermal_prop)
 
-vendor_public_prop(vendor_fp_prop)
+vendor_restricted_prop(vendor_fingerprint_prop);
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index 7411987..0ec0083 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -4,10 +4,10 @@ vendor.camera.				u:object_r:vendor_camera_prop:s0
 persist.camera.				u:object_r:vendor_camera_prop:s0
 
 # Fingerprint
-persist.vendor.sys.fp.                  u:object_r:vendor_fp_prop:s0
-ro.hardware.fp                          u:object_r:vendor_fp_prop:s0
-vendor.fps_hal.                         u:object_r:vendor_fp_prop:s0
-vendor.sys.fp                           u:object_r:vendor_fp_prop:s0
+persist.vendor.sys.fp.                  u:object_r:vendor_fingerprint_prop:s0
+ro.hardware.fp                          u:object_r:vendor_fingerprint_prop:s0
+vendor.fps_hal.                         u:object_r:vendor_fingerprint_prop:s0
+vendor.sys.fp                           u:object_r:vendor_fingerprint_prop:s0
 
 # Power
 vendor.powerhal.state                   u:object_r:vendor_power_prop:s0