Merge "Add sepolicy rules for fingerprint hal" into sc-dev
This commit is contained in:
TreeHugger Robot
Android (Google) Code Review
commit
fc6b81d188
4 changed files with 11 additions and 53 deletions
|
|
@ -1,52 +0,0 @@
|
|||
# b/174438167
|
||||
dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { read };
|
||||
dontaudit hal_fingerprint_default tee_device:chr_file { ioctl };
|
||||
dontaudit hal_fingerprint_default system_data_root_file:file { read };
|
||||
dontaudit hal_fingerprint_default system_data_root_file:file { open };
|
||||
dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { create };
|
||||
dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { bind };
|
||||
dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { write };
|
||||
dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { read };
|
||||
dontaudit hal_fingerprint_default tee_device:chr_file { open };
|
||||
dontaudit hal_fingerprint_default tee_device:chr_file { ioctl };
|
||||
dontaudit hal_fingerprint_default tee_device:chr_file { open };
|
||||
dontaudit hal_fingerprint_default tee_device:chr_file { read write };
|
||||
dontaudit hal_fingerprint_default device:chr_file { open };
|
||||
dontaudit hal_fingerprint_default device:chr_file { read write };
|
||||
dontaudit hal_fingerprint_default tee_device:chr_file { read write };
|
||||
dontaudit hal_fingerprint_default device:chr_file { ioctl };
|
||||
dontaudit hal_fingerprint_default device:chr_file { open };
|
||||
dontaudit hal_fingerprint_default system_data_root_file:file { read };
|
||||
dontaudit hal_fingerprint_default system_data_root_file:file { open };
|
||||
dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { create };
|
||||
dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { bind };
|
||||
dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { write };
|
||||
dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { read };
|
||||
dontaudit hal_fingerprint_default device:chr_file { ioctl };
|
||||
dontaudit hal_fingerprint_default device:chr_file { read write };
|
||||
# b/174714991
|
||||
dontaudit hal_fingerprint_default system_data_file:file { read };
|
||||
dontaudit hal_fingerprint_default system_data_file:file { open };
|
||||
dontaudit hal_fingerprint_default system_data_file:file { read };
|
||||
dontaudit hal_fingerprint_default system_data_file:file { open };
|
||||
# b/177966377
|
||||
dontaudit hal_fingerprint_default default_prop:file { getattr };
|
||||
dontaudit hal_fingerprint_default default_prop:file { map };
|
||||
dontaudit hal_fingerprint_default default_prop:file { open };
|
||||
dontaudit hal_fingerprint_default default_prop:file { read };
|
||||
dontaudit hal_fingerprint_default default_prop:file { map };
|
||||
dontaudit hal_fingerprint_default default_prop:file { getattr };
|
||||
dontaudit hal_fingerprint_default default_android_hwservice:hwservice_manager { add };
|
||||
dontaudit hal_fingerprint_default default_prop:file { open };
|
||||
dontaudit hal_fingerprint_default default_prop:file { read };
|
||||
# b/180655836
|
||||
dontaudit hal_fingerprint_default system_data_root_file:dir { write };
|
||||
dontaudit hal_fingerprint_default system_data_root_file:file { write };
|
||||
dontaudit hal_fingerprint_default system_data_root_file:file { create };
|
||||
dontaudit hal_fingerprint_default system_data_root_file:dir { create };
|
||||
dontaudit hal_fingerprint_default system_data_root_file:dir { write };
|
||||
dontaudit hal_fingerprint_default system_data_root_file:file { write };
|
||||
dontaudit hal_fingerprint_default system_data_root_file:file { create };
|
||||
dontaudit hal_fingerprint_default system_data_root_file:dir { create };
|
||||
dontaudit hal_fingerprint_default system_data_root_file:dir { add_name };
|
||||
dontaudit hal_fingerprint_default system_data_root_file:dir { add_name };
|
||||
|
|
@ -1,2 +1,6 @@
|
|||
allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
|
||||
|
||||
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default sysfs_batteryinfo:file r_file_perms;
|
||||
allow hal_fingerprint_default sysfs_batteryinfo:dir search;
|
||||
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
|
||||
add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice)
|
||||
|
|
|
|||
3
whitechapel/vendor/google/hwservice.te
vendored
3
whitechapel/vendor/google/hwservice.te
vendored
|
|
@ -18,3 +18,6 @@ type hal_wlc_hwservice, hwservice_manager_type;
|
|||
|
||||
# Bluetooth HAL extension
|
||||
type hal_bluetooth_coexistence_hwservice, hwservice_manager_type, vendor_hwservice_type;
|
||||
|
||||
# Fingerprint
|
||||
type hal_fingerprint_ext_hwservice, hwservice_manager_type;
|
||||
|
|
|
|||
3
whitechapel/vendor/google/hwservice_contexts
vendored
3
whitechapel/vendor/google/hwservice_contexts
vendored
|
|
@ -26,3 +26,6 @@ vendor.google.wireless_charger::IWirelessCharger u:object_r:hal_w
|
|||
# Bluetooth HAL extension
|
||||
hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance u:object_r:hal_bluetooth_coexistence_hwservice:s0
|
||||
hardware.google.bluetooth.sar::IBluetoothSar u:object_r:hal_bluetooth_coexistence_hwservice:s0
|
||||
|
||||
# Fingerprint
|
||||
vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_ext_hwservice:s0
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue