From c5bbba476d688380dd2cda8c86304256d93d0686 Mon Sep 17 00:00:00 2001
From: Sebastiano Barezzi <seba@sebaubuntu.dev>
Date: Wed, 1 Mar 2023 22:54:00 +0100
Subject: [PATCH] rosemary: sepolicy: Fix fingerprint neverallows

* Mark vendor domains using fingerprint data as
  data_between_core_and_vendor_violators

Change-Id: Ic4e68597ace96598d10eb4439949a264aae5d229
---
 sepolicy/vendor/hal_fingerprint_default.te | 2 ++
 sepolicy/vendor/vendor_init.te             | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te
index 11e854d..d4cb7ba 100644
--- a/sepolicy/vendor/hal_fingerprint_default.te
+++ b/sepolicy/vendor/hal_fingerprint_default.te
@@ -1,3 +1,5 @@
+typeattribute hal_fingerprint_default data_between_core_and_vendor_violators;
+
 # Allow fingerprint HAL to read and write fingerprint node
 allow hal_fingerprint_default vendor_fingerprint_device:chr_file rw_file_perms;
 allow hal_fingerprint_default sysfs_fingerprint:dir r_dir_perms;
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index 6e86a83..08de00f 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -1,3 +1,5 @@
+typeattribute vendor_init data_between_core_and_vendor_violators;
+
 get_prop(vendor_init, vts_status_prop)
 
 allow vendor_init vendor_fingerprint_data_file:dir { rw_dir_perms relabelto setattr };