Add sepolicy for the UDFPS antispoof property
Fixes the following avc denial:
/system/bin/init: type=1107 audit(0.0:4): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=fingerprint.disable.fake pid=364 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service permissive=0'
android.hardwar: type=1400 audit(0.0:7): avc: denied { read } for name="u:object_r:vendor_fingerprint_fake_prop:s0" dev="tmpfs" ino=307 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:vendor_fingerprint_fake_prop:s0 tclass=file permissive=0
Bug: 187394838
Bug: 187562932
Test: Antispoof is disabled by default.
Test: Use the following adb command to manully turn on antispoof.
"setprop persist.vendor.fingerprint.disable.fake.override 0"
Change-Id: I90d6ea70d5e0e1a125efb902f1fd61ff4b51baa2
This commit is contained in:
Kris Chen
parent
6978cd7220
commit
00e1b9a704
4 changed files with 14 additions and 0 deletions
|
|
@ -8,4 +8,7 @@ allow hal_fingerprint_default sysfs_fingerprint:dir r_dir_perms;
|
||||||
allow hal_fingerprint_default sysfs_fingerprint:file rw_file_perms;
|
allow hal_fingerprint_default sysfs_fingerprint:file rw_file_perms;
|
||||||
allow hal_fingerprint_default fwk_stats_service:service_manager find;
|
allow hal_fingerprint_default fwk_stats_service:service_manager find;
|
||||||
get_prop(hal_fingerprint_default, fingerprint_ghbm_prop)
|
get_prop(hal_fingerprint_default, fingerprint_ghbm_prop)
|
||||||
|
userdebug_or_eng(`
|
||||||
|
get_prop(hal_fingerprint_default, vendor_fingerprint_fake_prop)
|
||||||
|
')
|
||||||
add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice)
|
add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice)
|
||||||
|
|
|
||||||
3
whitechapel/vendor/google/property.te
vendored
3
whitechapel/vendor/google/property.te
vendored
|
|
@ -53,3 +53,6 @@ vendor_internal_prop(vendor_touchpanel_prop)
|
||||||
|
|
||||||
# TCP logging
|
# TCP logging
|
||||||
vendor_internal_prop(vendor_tcpdump_log_prop)
|
vendor_internal_prop(vendor_tcpdump_log_prop)
|
||||||
|
|
||||||
|
# Fingerprint
|
||||||
|
vendor_internal_prop(vendor_fingerprint_fake_prop)
|
||||||
|
|
|
||||||
3
whitechapel/vendor/google/property_contexts
vendored
3
whitechapel/vendor/google/property_contexts
vendored
|
|
@ -120,3 +120,6 @@ persist.vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_pr
|
||||||
vendor.tcpdump.log.ondemand u:object_r:vendor_tcpdump_log_prop:s0
|
vendor.tcpdump.log.ondemand u:object_r:vendor_tcpdump_log_prop:s0
|
||||||
vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0
|
vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0
|
||||||
vendor.tcpdump.output.dir u:object_r:vendor_tcpdump_log_prop:s0
|
vendor.tcpdump.output.dir u:object_r:vendor_tcpdump_log_prop:s0
|
||||||
|
|
||||||
|
# Fingerprint
|
||||||
|
vendor.fingerprint.disable.fake u:object_r:vendor_fingerprint_fake_prop:s0
|
||||||
|
|
|
||||||
5
whitechapel/vendor/google/vendor_init.te
vendored
5
whitechapel/vendor/google/vendor_init.te
vendored
|
|
@ -29,3 +29,8 @@ set_prop(vendor_init, vendor_secure_element_prop)
|
||||||
get_prop(vendor_init, test_harness_prop)
|
get_prop(vendor_init, test_harness_prop)
|
||||||
get_prop(vendor_init, vendor_battery_profile_prop)
|
get_prop(vendor_init, vendor_battery_profile_prop)
|
||||||
set_prop(vendor_init, vendor_battery_defender_prop)
|
set_prop(vendor_init, vendor_battery_defender_prop)
|
||||||
|
|
||||||
|
# Fingerprint property
|
||||||
|
userdebug_or_eng(`
|
||||||
|
set_prop(vendor_init, vendor_fingerprint_fake_prop)
|
||||||
|
')
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue