From caa5a8a29ef15ee7a4305de8ff4cf2444d0cc8ee Mon Sep 17 00:00:00 2001
From: Michael Bestas <mkbestas@lineageos.org>
Date: Wed, 14 Feb 2024 15:04:35 +0200
Subject: [PATCH] Exempt data_between_core_and_vendor_violators from vold
 neverallow

Commit 9a5992336e888533ac3f6536f7ad9a70eb861396 changed the label of
/data/vendor_de. Unfortunately some devices with very old tz applets
store fingerprint configuration directly in /data/vendor_de.

Since we do not have source code access and we cannot modify/hex patch
the tz applet because it is signed, use the existing
data_between_core_and_vendor_violators attribute to make fingerprint
work again on these devices.

Test: m
Change-Id: Ibb78f837ff808fc5e15c4b790105c07f4501a08b
---
 prebuilts/api/34.0/private/vold.te | 1 +
 private/vold.te                    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/prebuilts/api/34.0/private/vold.te b/prebuilts/api/34.0/private/vold.te
index 957e5d0ba..c5c916769 100644
--- a/prebuilts/api/34.0/private/vold.te
+++ b/prebuilts/api/34.0/private/vold.te
@@ -86,6 +86,7 @@ allow vold {
 neverallow {
     domain
     -vold
+    -data_between_core_and_vendor_violators
 } {
     media_userdir_file
     system_userdir_file
diff --git a/private/vold.te b/private/vold.te
index 2c1fb8f91..096639a98 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -391,6 +391,7 @@ neverallow {
 neverallow {
     domain
     -vold
+    -data_between_core_and_vendor_violators
 } {
     media_userdir_file
     system_userdir_file