diff options
author | eddielan <eddielan@google.com> | 2022-07-04 14:15:21 +0800 |
---|---|---|
committer | eddielan <eddielan@google.com> | 2022-07-04 14:23:16 +0800 |
commit | c16dc8d22646b4446fa91570ea60c68b773c413c (patch) | |
tree | cd2201c9d24a5c1041071e07ef71fac27953e3d0 | |
parent | bc7b3c639c58767c2285894c28d45f77a05acbf0 (diff) | |
download | felix-sepolicy-c16dc8d22646b4446fa91570ea60c68b773c413c.tar.gz |
fingerprint: Add new lable for capacitance fingerprint
u:object_r:hal_fingerprint_capacitance_exec:s0
android.hardware.biometrics.fingerprint-service.fpc42
Cherry-pick from ag/19085661
Bug: 235424180
Test: make selinux_policy -j128
Test: Check binary sepolicy on device
Change-Id: I8859965df77356b4691292ab66dbbb8c0b9db3b3
-rw-r--r-- | felix-sepolicy.mk | 3 | ||||
-rw-r--r-- | fingerprint_capacitance/file.te | 1 | ||||
-rw-r--r-- | fingerprint_capacitance/file_contexts | 1 | ||||
-rw-r--r-- | fingerprint_capacitance/genfs_contexts | 1 | ||||
-rw-r--r-- | fingerprint_capacitance/hal_fingerprint_capacitance.te | 24 |
5 files changed, 30 insertions, 0 deletions
diff --git a/felix-sepolicy.mk b/felix-sepolicy.mk index bebb8db..c2d5ed2 100644 --- a/felix-sepolicy.mk +++ b/felix-sepolicy.mk @@ -1,2 +1,5 @@ # sepolicy that are shared among devices using whitechapel BOARD_SEPOLICY_DIRS += device/google/felix-sepolicy/vendor + +# Fingerprint +BOARD_SEPOLICY_DIRS += device/google/felix-sepolicy/fingerprint_capacitance diff --git a/fingerprint_capacitance/file.te b/fingerprint_capacitance/file.te new file mode 100644 index 0000000..0218b46 --- /dev/null +++ b/fingerprint_capacitance/file.te @@ -0,0 +1 @@ +type sysfs_fingerprint, sysfs_type, fs_type; diff --git a/fingerprint_capacitance/file_contexts b/fingerprint_capacitance/file_contexts new file mode 100644 index 0000000..aa6d801 --- /dev/null +++ b/fingerprint_capacitance/file_contexts @@ -0,0 +1 @@ +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.fpc42 u:object_r:hal_fingerprint_capacitance_exec:s0 diff --git a/fingerprint_capacitance/genfs_contexts b/fingerprint_capacitance/genfs_contexts new file mode 100644 index 0000000..9fe2a86 --- /dev/null +++ b/fingerprint_capacitance/genfs_contexts @@ -0,0 +1 @@ +genfscon sysfs /devices/platform/odm/odm:fp_fpc1020 u:object_r:sysfs_fingerprint:s0 diff --git a/fingerprint_capacitance/hal_fingerprint_capacitance.te b/fingerprint_capacitance/hal_fingerprint_capacitance.te new file mode 100644 index 0000000..23b31e4 --- /dev/null +++ b/fingerprint_capacitance/hal_fingerprint_capacitance.te @@ -0,0 +1,24 @@ +# hal_fingerprint_capacitance definition +type hal_fingerprint_capacitance, domain; +hal_server_domain(hal_fingerprint_capacitance, hal_fingerprint) + +type hal_fingerprint_capacitance_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_fingerprint_capacitance) + +set_prop(hal_fingerprint_capacitance, vendor_fingerprint_prop) + +# allow fingerprint to access file +allow hal_fingerprint_capacitance fingerprint_device:chr_file rw_file_perms; +allow hal_fingerprint_capacitance tee_device:chr_file rw_file_perms; +allow hal_fingerprint_capacitance sysfs_fingerprint:dir r_dir_perms; +allow hal_fingerprint_capacitance sysfs_fingerprint:file rw_file_perms; + +# allow fingerprint to access power hal +hal_client_domain(hal_fingerprint_capacitance, hal_power); + +# allow fingerprint to find fwk service +allow hal_fingerprint_capacitance fwk_stats_service:service_manager find; + +# allow fingerprint to access input_device +allow hal_fingerprint_capacitance input_device:dir r_dir_perms; +allow hal_fingerprint_capacitance input_device:chr_file rw_file_perms; |