zuma: fingerprint: fix SELinux denails
Bug: 261105164 Test: boot with no relevant error on p23 device Change-Id: I8d897693685591a042c5febfeca0121375749b8e
This commit is contained in:
Kris Chen
parent
a6fd3e2122
commit
4963317cad
18 changed files with 59 additions and 49 deletions
|
|
@ -3,7 +3,6 @@ type sg_device, dev_type;
|
|||
type vendor_toe_device, dev_type;
|
||||
type lwis_device, dev_type;
|
||||
type rls_device, dev_type;
|
||||
type fingerprint_device, dev_type;
|
||||
type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type;
|
||||
type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
|
||||
type vframe_heap_device, dmabuf_heap_device_type, dev_type;
|
||||
|
|
|
|||
|
|
@ -3,8 +3,6 @@
|
|||
/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0
|
||||
|
||||
# Vendor Firmwares
|
||||
|
|
@ -41,7 +39,6 @@
|
|||
/dev/dma_heap/vscaler-secure u:object_r:vscaler_heap_device:s0
|
||||
/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0
|
||||
/dev/bigwave u:object_r:video_device:s0
|
||||
/dev/goodix_fp u:object_r:fingerprint_device:s0
|
||||
/dev/stmvl53l1_ranging u:object_r:rls_device:s0
|
||||
/dev/watchdog0 u:object_r:watchdog_device:s0
|
||||
/dev/dri/card0 u:object_r:graphics_device:s0
|
||||
|
|
|
|||
|
|
@ -1,6 +1,2 @@
|
|||
# WLC
|
||||
type hal_wlc_hwservice, hwservice_manager_type;
|
||||
|
||||
# Fingerprint
|
||||
type hal_fingerprint_ext_hwservice, hwservice_manager_type;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,3 @@
|
|||
# Fingerprint
|
||||
vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_ext_hwservice:s0
|
||||
|
||||
# Wireless charger hal
|
||||
vendor.google.wireless_charger::IWirelessCharger u:object_r:hal_wlc_hwservice:s0
|
||||
|
||||
|
|
|
|||
|
|
@ -13,9 +13,6 @@ vendor_internal_prop(vendor_persist_sys_default_prop)
|
|||
vendor_internal_prop(vendor_logger_prop)
|
||||
vendor_internal_prop(vendor_display_prop)
|
||||
|
||||
# Fingerprint
|
||||
vendor_internal_prop(vendor_fingerprint_prop)
|
||||
|
||||
# UWB calibration
|
||||
system_vendor_config_prop(vendor_uwb_calibration_prop)
|
||||
|
||||
|
|
|
|||
|
|
@ -35,10 +35,6 @@ persist.vendor.sys. u:object_r:vendor_persist_sys_default
|
|||
vendor.gps. u:object_r:vendor_gps_prop:s0
|
||||
persist.vendor.gps. u:object_r:vendor_gps_prop:s0
|
||||
|
||||
# Fingerprint
|
||||
vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0
|
||||
vendor.gf. u:object_r:vendor_fingerprint_prop:s0
|
||||
|
||||
#uwb
|
||||
ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_prop:s0 exact string
|
||||
|
||||
|
|
|
|||
2
system_ext/private/platform_app.te
Normal file
2
system_ext/private/platform_app.te
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
# allow systemui access to fingerprint
|
||||
hal_client_domain(platform_app, hal_fingerprint)
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
# b/261105164
|
||||
dontaudit hal_fingerprint_default block_device:dir { search };
|
||||
dontaudit hal_fingerprint_default dmabuf_system_heap_device:chr_file { ioctl };
|
||||
dontaudit hal_fingerprint_default dmabuf_system_heap_device:chr_file { open };
|
||||
dontaudit hal_fingerprint_default dmabuf_system_heap_device:chr_file { read };
|
||||
dontaudit hal_fingerprint_default fingerprint_device:chr_file { ioctl };
|
||||
dontaudit hal_fingerprint_default fingerprint_device:chr_file { open };
|
||||
dontaudit hal_fingerprint_default fingerprint_device:chr_file { read write };
|
||||
dontaudit hal_fingerprint_default fwk_stats_service:service_manager { find };
|
||||
dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { bind };
|
||||
dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { create };
|
||||
dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { read };
|
||||
dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { write };
|
||||
dontaudit hal_fingerprint_default hal_power_default:binder { call };
|
||||
dontaudit hal_fingerprint_default hal_power_service:service_manager { find };
|
||||
dontaudit hal_fingerprint_default mfg_data_block_device:blk_file { open };
|
||||
dontaudit hal_fingerprint_default mfg_data_block_device:blk_file { read write };
|
||||
dontaudit hal_fingerprint_default sysfs_chosen:dir { search };
|
||||
dontaudit hal_fingerprint_default sysfs_chosen:file { open };
|
||||
dontaudit hal_fingerprint_default sysfs_chosen:file { read };
|
||||
dontaudit hal_fingerprint_default sysfs_display:file { getattr };
|
||||
dontaudit hal_fingerprint_default sysfs_display:file { open };
|
||||
dontaudit hal_fingerprint_default sysfs_display:file { read };
|
||||
dontaudit hal_fingerprint_default tee_device:chr_file { ioctl };
|
||||
dontaudit hal_fingerprint_default tee_device:chr_file { open };
|
||||
dontaudit hal_fingerprint_default tee_device:chr_file { read write };
|
||||
dontaudit hal_fingerprint_default vendor_fingerprint_prop:file { getattr };
|
||||
dontaudit hal_fingerprint_default vendor_fingerprint_prop:file { map };
|
||||
dontaudit hal_fingerprint_default vendor_fingerprint_prop:file { open };
|
||||
dontaudit hal_fingerprint_default vendor_fingerprint_prop:file { read };
|
||||
dontaudit hal_fingerprint_default vendor_fingerprint_prop:property_service { set };
|
||||
1
vendor/device.te
vendored
1
vendor/device.te
vendored
|
|
@ -4,6 +4,7 @@ type devinfo_block_device, dev_type;
|
|||
type mfg_data_block_device, dev_type;
|
||||
type logbuffer_device, dev_type;
|
||||
type gxp_device, dev_type;
|
||||
type fingerprint_device, dev_type;
|
||||
|
||||
# SecureElement SPI device
|
||||
type st54spi_device, dev_type;
|
||||
|
|
|
|||
3
vendor/file.te
vendored
3
vendor/file.te
vendored
|
|
@ -3,3 +3,6 @@ type persist_display_file, file_type, vendor_persist_type;
|
|||
|
||||
#sysfs
|
||||
type sysfs_mfc, sysfs_type, fs_type;
|
||||
|
||||
# Trusty
|
||||
type sysfs_trusty, sysfs_type, fs_type;
|
||||
|
|
|
|||
3
vendor/file_contexts
vendored
3
vendor/file_contexts
vendored
|
|
@ -5,6 +5,8 @@
|
|||
/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_st54spi_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0
|
||||
|
|
@ -65,6 +67,7 @@
|
|||
/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0
|
||||
/dev/gxp u:object_r:gxp_device:s0
|
||||
/dev/mali0 u:object_r:gpu_device:s0
|
||||
/dev/goodix_fp u:object_r:fingerprint_device:s0
|
||||
/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0
|
||||
/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0
|
||||
/dev/logbuffer_wireless u:object_r:logbuffer_device:s0
|
||||
|
|
|
|||
3
vendor/genfs_contexts
vendored
3
vendor/genfs_contexts
vendored
|
|
@ -211,3 +211,6 @@ genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup
|
|||
genfscon sysfs /devices/platform/sound-aoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
||||
# Trusty
|
||||
genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0
|
||||
genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0
|
||||
|
|
|
|||
35
vendor/hal_fingerprint_default.te
vendored
Normal file
35
vendor/hal_fingerprint_default.te
vendored
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
|
||||
allow hal_fingerprint_default dmabuf_system_heap_device:chr_file r_file_perms;
|
||||
|
||||
allow hal_fingerprint_default fwk_stats_service:service_manager find;
|
||||
get_prop(hal_fingerprint_default, fingerprint_ghbm_prop)
|
||||
set_prop(hal_fingerprint_default, vendor_fingerprint_prop)
|
||||
add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice)
|
||||
|
||||
# allow fingerprint to access power hal
|
||||
hal_client_domain(hal_fingerprint_default, hal_power);
|
||||
|
||||
# Allow access to the files of CDT information.
|
||||
r_dir_file(hal_fingerprint_default, sysfs_chosen)
|
||||
|
||||
# Allow fingerprint to access calibration blk device.
|
||||
allow hal_fingerprint_default mfg_data_block_device:blk_file rw_file_perms;
|
||||
allow hal_fingerprint_default block_device:dir search;
|
||||
|
||||
# Allow fingerprint to access fwk_sensor_hwservice
|
||||
allow hal_fingerprint_default fwk_sensor_hwservice:hwservice_manager find;
|
||||
|
||||
# Allow fingerprint to read sysfs_display
|
||||
allow hal_fingerprint_default sysfs_display:file r_file_perms;
|
||||
|
||||
# Allow fingerprint to access trusty sysfs
|
||||
allow hal_fingerprint_default sysfs_trusty:file rw_file_perms;
|
||||
|
||||
# Allow fingerprint to access display hal
|
||||
allow hal_fingerprint_default hal_pixel_display_service:service_manager find;
|
||||
binder_call(hal_fingerprint_default, hal_graphics_composer_default)
|
||||
|
||||
# allow fingerprint to access thermal hal
|
||||
hal_client_domain(hal_fingerprint_default, hal_thermal);
|
||||
2
vendor/hwservice.te
vendored
Normal file
2
vendor/hwservice.te
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
# Fingerprint
|
||||
type hal_fingerprint_ext_hwservice, hwservice_manager_type;
|
||||
2
vendor/hwservice_contexts
vendored
Normal file
2
vendor/hwservice_contexts
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
# Fingerprint
|
||||
vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_ext_hwservice:s0
|
||||
2
vendor/property.te
vendored
Normal file
2
vendor/property.te
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
# Fingerprint
|
||||
vendor_internal_prop(vendor_fingerprint_prop)
|
||||
4
vendor/property_contexts
vendored
4
vendor/property_contexts
vendored
|
|
@ -3,3 +3,7 @@ persist.vendor.camera. u:object_r:vendor_camera_prop:s0
|
|||
vendor.camera. u:object_r:vendor_camera_prop:s0
|
||||
vendor.camera.debug. u:object_r:vendor_camera_debug_prop:s0
|
||||
vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0
|
||||
|
||||
# Fingerprint
|
||||
vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0
|
||||
vendor.gf. u:object_r:vendor_fingerprint_prop:s0
|
||||
|
|
|
|||
2
vendor/vendor_init.te
vendored
Normal file
2
vendor/vendor_init.te
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
# Fingerprint property
|
||||
set_prop(vendor_init, vendor_fingerprint_prop)
|
||||
Loading…
Add table
Add a link
Reference in a new issue