Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
device_google_zumapro/vendor/hal_fingerprint_debug.te
Albert Chen a7bb762dc5 Add IFingerprintDebug service context and Overlay permissions. 
avc:  denied  { add } for pid=2023 uid=1000 name=com.google.hardware.biometrics.fingerprint.debug.IFingerprintDebug/default scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=1
avc:  denied  { find } for pid=5125 uid=10181 name=com.google.hardware.biometrics.fingerprint.debug.IFingerprintDebug/default scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=1
avc:  denied  { call } for  scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:hal_fingerprint_default:s0 tclass=binder permissive=1 app=com.google.android.apps.overlay
avc:  denied  { transfer } for  scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:hal_fingerprint_default:s0 tclass=binder permissive=1 app=com.google.android.apps.overlay
avc:  denied  { call } for  scontext=u:r:hal_fingerprint_default:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=binder permissive=1

Test: Verify above avc denials no longer seen.
Bug: 332777935
Bug: 388112743
Flag: EXEMPT SEPolicy change.
Change-Id: I5cedc00c3be03f5ee1b6e1168917fccc9538421e
2025-01-27 20:53:27 +00:00

27 lines
1.1 KiB
Text
Raw Blame History

# SE policies for IFingerprintDebug
userdebug_or_eng(`
type hal_fingerprint_debug_service, hal_service_type, protected_service, service_manager_type;
# Declare domains for the debug host HAL server/client.
hal_attribute(fingerprint_debug)
hal_server_domain(hal_fingerprint_default, hal_fingerprint_debug)
# Ensure that the server and client can communicate with each other,
# bi-directionally (in the case of callbacks from server to client, for
# example).
binder_call(hal_fingerprint_debug_client, hal_fingerprint_debug_server)
binder_call(hal_fingerprint_debug_server, hal_fingerprint_debug_client)
binder_call(hal_fingerprint_debug_server, servicemanager)
hal_attribute_service(hal_fingerprint_debug, hal_fingerprint_debug_service)
# Declare a domain for the debug application (Overlay).
type fingerprint_debug_app, domain;
# Allow all priv-apps to communicate with the fingerprint debug HAL on
# userdebug or eng builds.
hal_client_domain(priv_app, hal_fingerprint_debug)
binder_call(priv_app, hal_fingerprint_default)
')
Reference in a new issue View git blame Copy permalink