From 51be51649bee7e840e0aca48ece132ebfb1ab3e1 Mon Sep 17 00:00:00 2001
From: Lukas Barth <lukas.barth@kit.edu>
Date: Wed, 4 Mar 2020 16:10:28 +0100
Subject: [PATCH 1/3] Fix mounts and permissions for sec_storage on Kirin
 devices

---
 rw-system.sh | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/rw-system.sh b/rw-system.sh
index 6e0ac3d..6b42f11 100644
--- a/rw-system.sh
+++ b/rw-system.sh
@@ -529,12 +529,26 @@ if getprop ro.boot.boot_devices |grep -v , |grep -qE .;then
 fi
 
 if [ -c /dev/dsm ];then
+		# /dev/dsm is a magic device on Kirin chipsets that teecd needs to access.
+		# Make sure that permissions are right.
     chown system:system /dev/dsm
     chmod 0660 /dev/dsm
-    mkdir -p /data/sec_storage_data
-    chown system:system /data/sec_storage_data
-    chcon u:object_r:teecd_data_file_system:s0 /data/sec_storage_data
-    mount /data/sec_storage_data /sec_storage
+
+		# The presence of /dev/dsm indicates that we have a teecd, which needs /sec_storage
+
+		mount | grep " on /sec_storage " > /dev/null 2>&1
+		if [ "$?" -eq "0" ]; then
+				# /sec_storage is already mounted by the vendor, don't try to create and mount it
+				# ourselves. However, some devices have /sec_storage owned by root, which means that
+				# the fingerprint daemon (running as system) cannot access it.
+				chown -R system:system /sec_storage
+				chmod -R 0660 /sec_storage
+		else
+				# No /sec_storage provided by vendor, create our own
+				mkdir -p /data/sec_storage_data
+				chown system:system /data/sec_storage_data
+				mount /data/sec_storage_data /sec_storage
+		fi
 fi
 
 #Try to detect DT2W

From 494da1a8dcbb2bb6037451fdc1b6c530838b261d Mon Sep 17 00:00:00 2001
From: Lukas Barth <lukas.barth@kit.edu>
Date: Tue, 10 Mar 2020 13:09:09 +0100
Subject: [PATCH 2/3] Fix missing /data/sec_storage_data

---
 rw-system.sh | 38 ++++++++++++++++++++++----------------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/rw-system.sh b/rw-system.sh
index 6b42f11..a16c305 100644
--- a/rw-system.sh
+++ b/rw-system.sh
@@ -529,26 +529,32 @@ if getprop ro.boot.boot_devices |grep -v , |grep -qE .;then
 fi
 
 if [ -c /dev/dsm ];then
-		# /dev/dsm is a magic device on Kirin chipsets that teecd needs to access.
-		# Make sure that permissions are right.
+    # /dev/dsm is a magic device on Kirin chipsets that teecd needs to access.
+    # Make sure that permissions are right.
     chown system:system /dev/dsm
     chmod 0660 /dev/dsm
 
-		# The presence of /dev/dsm indicates that we have a teecd, which needs /sec_storage
+    # The presence of /dev/dsm indicates that we have a teecd,
+    # which needs /sec_storage and /data/sec_storage_data
 
-		mount | grep " on /sec_storage " > /dev/null 2>&1
-		if [ "$?" -eq "0" ]; then
-				# /sec_storage is already mounted by the vendor, don't try to create and mount it
-				# ourselves. However, some devices have /sec_storage owned by root, which means that
-				# the fingerprint daemon (running as system) cannot access it.
-				chown -R system:system /sec_storage
-				chmod -R 0660 /sec_storage
-		else
-				# No /sec_storage provided by vendor, create our own
-				mkdir -p /data/sec_storage_data
-				chown system:system /data/sec_storage_data
-				mount /data/sec_storage_data /sec_storage
-		fi
+    mkdir -p /data/sec_storage_data
+    chown system:system /data/sec_storage_data
+    chcon -R u:object_r:teecd_data_file:s0 /data/sec_storage_data
+
+    mount | grep " on /sec_storage " > /dev/null 2>&1
+    if [ "$?" -eq "0" ]; then
+        # /sec_storage is already mounted by the vendor, don't try to create and mount it
+        # ourselves. However, some devices have /sec_storage owned by root, which means that
+        # the fingerprint daemon (running as system) cannot access it.
+        chown -R system:system /sec_storage
+        chmod -R 0660 /sec_storage
+        chcon -R u:object_r:teecd_data_file:s0 /sec_storage
+    else
+        # No /sec_storage provided by vendor, mount /data/sec_storage_data to it
+        mount /data/sec_storage_data /sec_storage
+        chown system:system /sec_storage
+        chcon u:object_r:teecd_data_file:s0 /sec_storage
+    fi
 fi
 
 #Try to detect DT2W

From 93ce496efc7935b08e09535d1d1c57832071773d Mon Sep 17 00:00:00 2001
From: Lukas Barth <lukas.barth@kit.edu>
Date: Tue, 10 Mar 2020 15:28:32 +0100
Subject: [PATCH 3/3] Simplify mount check

---
 rw-system.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/rw-system.sh b/rw-system.sh
index a16c305..8aabd96 100644
--- a/rw-system.sh
+++ b/rw-system.sh
@@ -541,8 +541,7 @@ if [ -c /dev/dsm ];then
     chown system:system /data/sec_storage_data
     chcon -R u:object_r:teecd_data_file:s0 /data/sec_storage_data
 
-    mount | grep " on /sec_storage " > /dev/null 2>&1
-    if [ "$?" -eq "0" ]; then
+    if mount | grep -q " on /sec_storage " ; then
         # /sec_storage is already mounted by the vendor, don't try to create and mount it
         # ourselves. However, some devices have /sec_storage owned by root, which means that
         # the fingerprint daemon (running as system) cannot access it.