Merge "fingerprint: fix SELinux denials" into main
This commit is contained in:
Treehugger Robot
Android (Google) Code Review
commit
52ef38dcf1
2 changed files with 1 additions and 0 deletions
58
vendor/hal_fingerprint_default.te
vendored
Normal file
58
vendor/hal_fingerprint_default.te
vendored
Normal file
|
|
@ -0,0 +1,58 @@
|
|||
allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
|
||||
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
|
||||
allow hal_fingerprint_default dmabuf_system_heap_device:chr_file r_file_perms;
|
||||
|
||||
allow hal_fingerprint_default fwk_stats_service:service_manager find;
|
||||
set_prop(hal_fingerprint_default, vendor_fingerprint_prop)
|
||||
add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice)
|
||||
|
||||
# allow fingerprint to access power hal
|
||||
hal_client_domain(hal_fingerprint_default, hal_power);
|
||||
|
||||
# Allow access to the files of CDT information.
|
||||
r_dir_file(hal_fingerprint_default, sysfs_chosen)
|
||||
|
||||
# Allow fingerprint to access calibration blk device.
|
||||
allow hal_fingerprint_default mfg_data_block_device:blk_file rw_file_perms;
|
||||
allow hal_fingerprint_default block_device:dir search;
|
||||
|
||||
# Allow fingerprint to access fwk_sensor_hwservice
|
||||
allow hal_fingerprint_default fwk_sensor_hwservice:hwservice_manager find;
|
||||
|
||||
# Allow fingerprint to access sysfs_display
|
||||
allow hal_fingerprint_default sysfs_display:file rw_file_perms;
|
||||
|
||||
# Allow fingerprint to access trusty sysfs
|
||||
allow hal_fingerprint_default sysfs_trusty:file rw_file_perms;
|
||||
|
||||
# Allow fingerprint to access display hal
|
||||
allow hal_fingerprint_default hal_pixel_display_service:service_manager find;
|
||||
binder_call(hal_fingerprint_default, hal_graphics_composer_default)
|
||||
|
||||
# allow fingerprint to access thermal hal
|
||||
hal_client_domain(hal_fingerprint_default, hal_thermal);
|
||||
|
||||
# allow fingerprint to read sysfs_leds
|
||||
allow hal_fingerprint_default sysfs_leds:file r_file_perms;
|
||||
allow hal_fingerprint_default sysfs_leds:dir r_dir_perms;
|
||||
|
||||
# allow fingerprint to wakeup to trigger calibration scans and sleep after
|
||||
allow hal_fingerprint_default self:capability2 wake_alarm;
|
||||
allow hal_fingerprint_default self:capability2 block_suspend;
|
||||
|
||||
# allow fingerprint to search for files
|
||||
# TODO: b/297562630 - remove unecessary permissions once not needed
|
||||
allow hal_fingerprint_default mnt_vendor_file:dir search;
|
||||
allow hal_fingerprint_default vendor_misc_data_file:dir search;
|
||||
allow hal_fingerprint_default persist_file:dir search;
|
||||
|
||||
# allow fingerprint to rw config and calibration files in persist
|
||||
# TODO: b/297562630 - remove unecessary permissions once not needed
|
||||
allow hal_fingerprint_default persist_fingerprint_file:dir search;
|
||||
allow hal_fingerprint_default persist_fingerprint_file:file create_file_perms;
|
||||
|
||||
# allow fingerprint to rw data files
|
||||
# TODO: b/297562630 - remove unecessary permissions once not needed
|
||||
allow hal_fingerprint_default vendor_fingerprint_data_file:dir create_dir_perms;
|
||||
allow hal_fingerprint_default vendor_fingerprint_data_file:file create_file_perms;
|
||||
3
vendor/hwservice_contexts
vendored
Normal file
3
vendor/hwservice_contexts
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
# Fingerprint
|
||||
vendor.qti.hardware.fingerprint::IQtiExtendedFingerprint u:object_r:hal_fingerprint_ext_hwservice:s0
|
||||
vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_ext_hwservice:s0
|
||||
Loading…
Add table
Add a link
Reference in a new issue