whyred: Add sepolicy for goodix script

Change-Id: Ic8b7dba6a5660c17f5db1c743e5d22f31ae1b1b3

rootdir/root/init.qcom.rc

@@ -1313,5 +1313,5 @@ service config_bt_addr /vendor/bin/btnvtool -O
 
 service goodix_script /vendor/bin/init.goodix.sh
     class late_start
-    user root
+    user system
     oneshot

sepolicy/file_contexts

@@ -27,6 +27,9 @@
 /sys/devices/soc/soc:fpc1020.*/hw_reset                       u:object_r:sysfs_fpc_dev:s0
 /sys/devices/soc/soc:fpc1020.*/wakeup_enable                  u:object_r:sysfs_fpc_dev:s0
 
+# Shell Script
+/(vendor|system/vendor)/bin/init\.goodix\.sh    u:object_r:init_fingerprint_exec:s0
+
 # Video4linux sysfs nodes
 /sys/devices/soc/ca00000\.qcom,msm-cam/video4linux/video0(/.*)? u:object_r:sysfs_graphics:s0
 /sys/devices/soc/caa0000\.qcom,jpeg/video4linux/video1(/.*)?   u:object_r:sysfs_graphics:s0

sepolicy/init_fingerprint.te

@@ -0,0 +1,15 @@
+type init_fingerprint, domain;
+type init_fingerprint_exec, exec_type, vendor_file_type, file_type;
+
+# Allow for transition from init domain to init_fingerprint
+init_daemon_domain(init_fingerprint)
+
+# Shell script needs to execute /vendor/bin/sh
+allow init_fingerprint vendor_shell_exec:file rx_file_perms;
+allow init_fingerprint vendor_toolbox_exec:file rx_file_perms;
+
+# Allow to delete file
+allow init_fingerprint persist_file:dir search;
+allow init_fingerprint persist_drm_file:dir { read search open write remove_name };
+allow init_fingerprint persist_drm_file:file { getattr unlink };
+allow init_fingerprint system_data_file:file r_file_perms;