diff options
| author | eddielan <eddielan@google.com> | 2022-01-19 19:35:23 +0800 |
|---|---|---|
| committer | eddielan <eddielan@google.com> | 2022-01-21 09:38:30 +0800 |
| commit | e81ce5bad190cc229e3923b286c8a9590ee4f298 (patch) | |
| tree | e62b6917835c1ef424007411e2daa7164e6d9861 | |
| parent | 5e940d2c3348d341f92caa05ecd9c921dccffabd (diff) | |
| download | pixel-sepolicy-e81ce5bad190cc229e3923b286c8a9590ee4f298.tar.gz | |
sepolicy: Add policy for fingerprint extension script
Bug: 208400345
Test: build Pass
Change-Id: Idef8a639e612754d3542e1bad318430a69b465d9
5 files changed, 34 insertions, 0 deletions
diff --git a/fingerprint-extension/system_ext/private/file_contexts b/fingerprint-extension/system_ext/private/file_contexts new file mode 100644 index 0000000..e66f969 --- /dev/null +++ b/fingerprint-extension/system_ext/private/file_contexts @@ -0,0 +1 @@ +/system_ext/bin/fingerprint\.extension\.sh u:object_r:init-fingerprint-extension_exec:s0 diff --git a/fingerprint-extension/system_ext/private/init-fingerprint-extension.te b/fingerprint-extension/system_ext/private/init-fingerprint-extension.te new file mode 100644 index 0000000..86730fe --- /dev/null +++ b/fingerprint-extension/system_ext/private/init-fingerprint-extension.te @@ -0,0 +1,17 @@ +type init-fingerprint-extension, domain, coredomain; +type init-fingerprint-extension_exec, exec_type, system_file_type, file_type; + +userdebug_or_eng(` + init_daemon_domain(init-fingerprint-extension) + + allow init-fingerprint-extension shell_exec:file rx_file_perms; + allow init-fingerprint-extension system_file:file execute_no_trans; + allow init-fingerprint-extension toolbox_exec:file {execute read open execute_no_trans map getattr}; + allow init-fingerprint-extension activity_service:service_manager find; + binder_call(init-fingerprint-extension, servicemanager) + binder_call(init-fingerprint-extension, system_server) + binder_call(system_server, init-fingerprint-extension) + + set_prop(init-fingerprint-extension, pixel_fingerprint_prop) + get_prop(init-fingerprint-extension, pixel_fingerprint_prop) +') diff --git a/fingerprint-extension/system_ext/private/property_contexts b/fingerprint-extension/system_ext/private/property_contexts new file mode 100644 index 0000000..f171122 --- /dev/null +++ b/fingerprint-extension/system_ext/private/property_contexts @@ -0,0 +1,11 @@ +# Latency +ctl.start$fingerprint-extension-bug-latency u:object_r:pixel_fingerprint_prop:s0 +ctl.stop$fingerprint-extension-bug-latency u:object_r:pixel_fingerprint_prop:s0 + +# Lockout +ctl.start$fingerprint-extension-bug-lockout u:object_r:pixel_fingerprint_prop:s0 +ctl.stop$fingerprint-extension-bug-lockout u:object_r:pixel_fingerprint_prop:s0 + +# Authentication +ctl.start$fingerprint-extension-bug-auth u:object_r:pixel_fingerprint_prop:s0 +ctl.stop$fingerprint-extension-bug-auth u:object_r:pixel_fingerprint_prop:s0 diff --git a/fingerprint-extension/system_ext/public/property.te b/fingerprint-extension/system_ext/public/property.te new file mode 100644 index 0000000..f0e2dd9 --- /dev/null +++ b/fingerprint-extension/system_ext/public/property.te @@ -0,0 +1 @@ +system_public_prop(pixel_fingerprint_prop) diff --git a/fingerprint-extension/vendor/hal_fingerprint_default.te b/fingerprint-extension/vendor/hal_fingerprint_default.te new file mode 100644 index 0000000..c1d5e4d --- /dev/null +++ b/fingerprint-extension/vendor/hal_fingerprint_default.te @@ -0,0 +1,4 @@ +userdebug_or_eng(` + set_prop(hal_fingerprint_default, pixel_fingerprint_prop) +') + |