Merge "Add selinux policy for QFP UDFPS." into udc-qpr-dev
This commit is contained in:
Alec Foster
Android (Google) Code Review
commit
2ceb44240d
6 changed files with 32 additions and 6 deletions
2
vendor/file.te
vendored
2
vendor/file.te
vendored
|
|
@ -3,6 +3,7 @@ type persist_display_file, file_type, vendor_persist_type;
|
|||
type persist_battery_file, file_type, vendor_persist_type;
|
||||
type persist_camera_file, file_type, vendor_persist_type;
|
||||
type persist_sensor_reg_file, file_type, vendor_persist_type;
|
||||
type persist_fingerprint_file, file_type, vendor_persist_type;
|
||||
|
||||
#sysfs
|
||||
type sysfs_power_dump, sysfs_type, fs_type;
|
||||
|
|
@ -36,6 +37,7 @@ type vendor_bt_data_file, file_type, data_file_type;
|
|||
# Data
|
||||
type sensor_reg_data_file, file_type, data_file_type;
|
||||
type chre_data_file, file_type, data_file_type;
|
||||
type vendor_fingerprint_data_file, file_type, data_file_type;
|
||||
|
||||
# Vendor sched files
|
||||
userdebug_or_eng(`
|
||||
|
|
|
|||
12
vendor/file_contexts
vendored
12
vendor/file_contexts
vendored
|
|
@ -3,9 +3,7 @@
|
|||
/vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0
|
||||
|
|
@ -25,9 +23,10 @@
|
|||
/vendor/bin/chre u:object_r:chre_exec:s0
|
||||
/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0
|
||||
/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0
|
||||
/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0
|
||||
/vendor/bin/hw/qfp-daemon u:object_r:hal_fingerprint_default_exec:s0
|
||||
|
||||
# Vendor Firmwares
|
||||
/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0
|
||||
|
|
@ -41,12 +40,14 @@
|
|||
# Vendor
|
||||
/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0
|
||||
/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0
|
||||
/data/vendor/misc/qti_fp(/.*)? u:object_r:vendor_fingerprint_data_file:s0
|
||||
|
||||
# persist
|
||||
/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0
|
||||
/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0
|
||||
/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0
|
||||
/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0
|
||||
/mnt/vendor/persist/qti_fp(/.*)? u:object_r:persist_fingerprint_file:s0
|
||||
|
||||
# Devices
|
||||
/dev/bbd_pwrstat u:object_r:power_stats_device:s0
|
||||
|
|
@ -89,7 +90,6 @@
|
|||
/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0
|
||||
/dev/gxp u:object_r:gxp_device:s0
|
||||
/dev/mali0 u:object_r:gpu_device:s0
|
||||
/dev/goodix_fp u:object_r:fingerprint_device:s0
|
||||
/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0
|
||||
/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0
|
||||
/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0
|
||||
|
|
@ -210,3 +210,5 @@
|
|||
/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0
|
||||
/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0
|
||||
/dev/uci u:object_r:uci_device:s0
|
||||
/dev/qbt_ipc u:object_r:fingerprint_device:s0
|
||||
/dev/qbt_fd u:object_r:fingerprint_device:s0
|
||||
|
|
|
|||
1
vendor/genfs_contexts
vendored
1
vendor/genfs_contexts
vendored
|
|
@ -203,6 +203,7 @@ genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup
|
|||
genfscon sysfs /devices/platform/sound-aoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0
|
||||
genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/wakeup u:object_r:sysfs_wakeup:s0
|
||||
|
||||
# Trusty
|
||||
genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0
|
||||
|
|
|
|||
20
vendor/hal_fingerprint_default.te
vendored
20
vendor/hal_fingerprint_default.te
vendored
|
|
@ -37,3 +37,23 @@ hal_client_domain(hal_fingerprint_default, hal_thermal);
|
|||
# allow fingerprint to read sysfs_leds
|
||||
allow hal_fingerprint_default sysfs_leds:file r_file_perms;
|
||||
allow hal_fingerprint_default sysfs_leds:dir r_dir_perms;
|
||||
|
||||
# allow fingerprint to wakeup to trigger calibration scans and sleep after
|
||||
allow hal_fingerprint_default self:capability2 wake_alarm;
|
||||
allow hal_fingerprint_default self:capability2 block_suspend;
|
||||
|
||||
# allow fingerprint to search for files
|
||||
# TODO: b/297562630 - remove unecessary permissions once not needed
|
||||
allow hal_fingerprint_default mnt_vendor_file:dir search;
|
||||
allow hal_fingerprint_default vendor_misc_data_file:dir search;
|
||||
allow hal_fingerprint_default persist_file:dir search;
|
||||
|
||||
# allow fingerprint to rw config and calibration files in persist
|
||||
# TODO: b/297562630 - remove unecessary permissions once not needed
|
||||
allow hal_fingerprint_default persist_fingerprint_file:dir search;
|
||||
allow hal_fingerprint_default persist_fingerprint_file:file create_file_perms;
|
||||
|
||||
# allow fingerprint to rw data files
|
||||
# TODO: b/297562630 - remove unecessary permissions once not needed
|
||||
allow hal_fingerprint_default vendor_fingerprint_data_file:dir create_dir_perms;
|
||||
allow hal_fingerprint_default vendor_fingerprint_data_file:file create_file_perms;
|
||||
|
|
|
|||
2
vendor/hwservice_contexts
vendored
2
vendor/hwservice_contexts
vendored
|
|
@ -1,2 +1,2 @@
|
|||
# Fingerprint
|
||||
vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_ext_hwservice:s0
|
||||
vendor.qti.hardware.fingerprint::IQtiExtendedFingerprint u:object_r:hal_fingerprint_ext_hwservice:s0
|
||||
|
|
|
|||
1
vendor/property_contexts
vendored
1
vendor/property_contexts
vendored
|
|
@ -6,6 +6,7 @@ vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0
|
|||
# Fingerprint
|
||||
vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0
|
||||
vendor.gf. u:object_r:vendor_fingerprint_prop:s0
|
||||
persist.vendor.qfp. u:object_r:vendor_fingerprint_prop:s0
|
||||
|
||||
# Battery
|
||||
vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue