From 0d04ca71f98d22af947fc90cdc5b16b564dd70ad Mon Sep 17 00:00:00 2001
From: Lukas Barth <lukas.barth@kit.edu>
Date: Tue, 10 Mar 2020 13:09:09 +0100
Subject: [PATCH] Fix missing /data/sec_storage_data

---
 rw-system.sh | 38 ++++++++++++++++++++++----------------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/rw-system.sh b/rw-system.sh
index a8e8862..cd4cc71 100644
--- a/rw-system.sh
+++ b/rw-system.sh
@@ -534,26 +534,32 @@ if getprop ro.boot.boot_devices |grep -v , |grep -qE .;then
 fi
 
 if [ -c /dev/dsm ];then
-		# /dev/dsm is a magic device on Kirin chipsets that teecd needs to access.
-		# Make sure that permissions are right.
+    # /dev/dsm is a magic device on Kirin chipsets that teecd needs to access.
+    # Make sure that permissions are right.
     chown system:system /dev/dsm
     chmod 0660 /dev/dsm
 
-		# The presence of /dev/dsm indicates that we have a teecd, which needs /sec_storage
+    # The presence of /dev/dsm indicates that we have a teecd,
+    # which needs /sec_storage and /data/sec_storage_data
 
-		mount | grep " on /sec_storage " > /dev/null 2>&1
-		if [ "$?" -eq "0" ]; then
-				# /sec_storage is already mounted by the vendor, don't try to create and mount it
-				# ourselves. However, some devices have /sec_storage owned by root, which means that
-				# the fingerprint daemon (running as system) cannot access it.
-				chown -R system:system /sec_storage
-				chmod -R 0660 /sec_storage
-		else
-				# No /sec_storage provided by vendor, create our own
-				mkdir -p /data/sec_storage_data
-				chown system:system /data/sec_storage_data
-				mount /data/sec_storage_data /sec_storage
-		fi
+    mkdir -p /data/sec_storage_data
+    chown system:system /data/sec_storage_data
+    chcon -R u:object_r:teecd_data_file:s0 /data/sec_storage_data
+
+    mount | grep " on /sec_storage " > /dev/null 2>&1
+    if [ "$?" -eq "0" ]; then
+        # /sec_storage is already mounted by the vendor, don't try to create and mount it
+        # ourselves. However, some devices have /sec_storage owned by root, which means that
+        # the fingerprint daemon (running as system) cannot access it.
+        chown -R system:system /sec_storage
+        chmod -R 0660 /sec_storage
+        chcon -R u:object_r:teecd_data_file:s0 /sec_storage
+    else
+        # No /sec_storage provided by vendor, mount /data/sec_storage_data to it
+        mount /data/sec_storage_data /sec_storage
+        chown system:system /sec_storage
+        chcon u:object_r:teecd_data_file:s0 /sec_storage
+    fi
 fi
 
 has_hostapd=false