From bb5d3053860142df5900ac9d5a9092143984ce71 Mon Sep 17 00:00:00 2001
From: Ramkumar Radhakrishnan <ramkumar@codeaurora.org>
Date: Thu, 18 Jul 2019 16:14:10 -0700
Subject: [PATCH] sepolicy: Add permissions for feature_enabler_client

1. Allow read permission to /mnt/vendor/persist/data/*
2. Binder access for featenab_client.service

Change-Id: I2fcc6e34c5c208c41fcff5ab526a420210a9204c
---
 generic/vendor/common/feature_enabler_client.te | 12 ++++++++++--
 generic/vendor/common/vndservice.te             |  3 ++-
 generic/vendor/common/vndservice_contexts       |  1 +
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/generic/vendor/common/feature_enabler_client.te b/generic/vendor/common/feature_enabler_client.te
index 643d0aa4..351a96ec 100644
--- a/generic/vendor/common/feature_enabler_client.te
+++ b/generic/vendor/common/feature_enabler_client.te
@@ -33,6 +33,14 @@ allow feature_enabler_client tee_device:chr_file rw_file_perms;
 allow feature_enabler_client ion_device:chr_file rw_file_perms;
 unix_socket_connect(feature_enabler_client , ssgtzd, ssgtzd)
 
+
+# Allow read permission to /mnt/vendor/persist/feature_enabler_client/*
 allow feature_enabler_client mnt_vendor_file:dir search;
-allow feature_enabler_client persist_feature_enabler_file:dir r_dir_perms;
-allow feature_enabler_client persist_feature_enabler_file:file r_file_perms;
+r_dir_file(feature_enabler_client, persist_feature_enabler_file)
+
+# Allow read permission to /mnt/vendor/persist/data/*
+r_dir_file(feature_enabler_client, persist_data_file)
+
+# Binder access for featenab_client.service
+vndbinder_use(feature_enabler_client)
+allow feature_enabler_client qfeatenab_client_service:service_manager { add find };
diff --git a/generic/vendor/common/vndservice.te b/generic/vendor/common/vndservice.te
index d03cfa7a..bd8b8d2b 100644
--- a/generic/vendor/common/vndservice.te
+++ b/generic/vendor/common/vndservice.te
@@ -25,4 +25,5 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 type qdisplay_service,             vndservice_manager_type;
-type vendor_per_mgr_service,              vndservice_manager_type;
+type vendor_per_mgr_service,       vndservice_manager_type;
+type qfeatenab_client_service,     vndservice_manager_type;
diff --git a/generic/vendor/common/vndservice_contexts b/generic/vendor/common/vndservice_contexts
index 4b9491df..640b3dcd 100644
--- a/generic/vendor/common/vndservice_contexts
+++ b/generic/vendor/common/vndservice_contexts
@@ -25,4 +25,5 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 display.qservice                        u:object_r:qdisplay_service:s0
+featenab_client.service                 u:object_r:qfeatenab_client_service:s0
 vendor.qcom.PeripheralManager           u:object_r:vendor_per_mgr_service:s0