Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fingerprint: fix SELinux denials

Browse source 
Fix following AVC denials:
1. Could not enable service: File /vendor/bin/hw/android.hardware.biometrics.fingerprint-service.goodix(labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined
2. Could not start service 'vendor.fps_hal' as part of class 'late_start': File /vendor/bin/hw/android.hardware.biometrics.fingerprint@2.1-service.goodix(labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined.
3. avc:  denied  { ioctl } for  path="/dev/goodix_fp" dev="tmpfs" ino=1499 ioctlcmd=0x6701 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1

Bug: 315737323
Test: boot with no relevant error
Change-Id: Ideeac108b8470232a258254437086451550fcc8d
This commit is contained in:
chenkris 2023-12-11 03:45:16 +00:00 committed by KRIS CHEN
parent b179da365f
commit a7c90de740
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
vendor/file_contexts vendored
View file

@ -25,6 +25,8 @@
/vendor/bin/hw/android\.hardware\.security\.secretkeeper\.trusty u:object_r:hal_secretkeeper_default_exec:s0
/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0
/vendor/bin/hw/qfp-daemon u:object_r:hal_fingerprint_default_exec:s0
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
# Vendor libraries
/vendor/lib64/libdrm\.so u:object_r:same_process_hal_file:s0
@ -153,6 +155,7 @@
/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0
/dev/qbt_ipc u:object_r:fingerprint_device:s0
/dev/qbt_fd u:object_r:fingerprint_device:s0
/dev/goodix_fp u:object_r:fingerprint_device:s0
# Data
/data/vendor/ss(/.*)? u:object_r:tee_data_file:s0