sm7325-common: Address dubai's Egistec UDFPS selinux denials
Change-Id: Ibfd955256d95384bda17ad5404bc269d769ae347
This commit is contained in:
Marc Bourgoin
parent
ff204c5db2
commit
357641de5b
1
sepolicy/vendor/device.te
vendored
1
sepolicy/vendor/device.te
vendored
@ -1,4 +1,5 @@
|
||||
# Fingerprint
|
||||
type egis_device, dev_type;
|
||||
type etsd_device, dev_type;
|
||||
type goodix_device, dev_type;
|
||||
|
||||
|
||||
1
sepolicy/vendor/file.te
vendored
1
sepolicy/vendor/file.te
vendored
@ -10,6 +10,7 @@ type cutback_data_file, file_type, data_file_type;
|
||||
type cutback_socket, file_type;
|
||||
|
||||
# Fingerprint
|
||||
type vendor_persist_egis_file, file_type, vendor_persist_type;
|
||||
type vendor_persist_fps_file, file_type, vendor_persist_type;
|
||||
|
||||
# Input Devices
|
||||
|
||||
6
sepolicy/vendor/file_contexts
vendored
6
sepolicy/vendor/file_contexts
vendored
@ -40,13 +40,17 @@
|
||||
/(vendor|system/vendor)/bin/charge_only_mode u:object_r:charge_only_exec:s0
|
||||
|
||||
# Fingerprint
|
||||
/(mnt/vendor/persist|persist)/egis(/.*)? u:object_r:vendor_persist_egis_file:s0
|
||||
/(mnt/vendor/persist|persist)/fps(/.*)? u:object_r:vendor_persist_fps_file:s0
|
||||
/(vendor|system/vendor)/bin/fpc_ident u:object_r:hal_fingerprint_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.3-service\.dubai u:object_r:hal_fingerprint_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service-ets u:object_r:hal_fingerprint_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.berlin u:object_r:hal_fingerprint_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.dubai u:object_r:hal_fingerprint_default_exec:s0
|
||||
/data/vendor/.fps(/.*)? u:object_r:fingerprint_vendor_data_file:s0
|
||||
/data/vendor/egis(/.*)? u:object_r:fingerprint_vendor_data_file:s0
|
||||
/data/vendor/fpc(/.*)? u:object_r:fingerprint_vendor_data_file:s0
|
||||
/data/vendor/gf_data(/.*)? u:object_r:fingerprint_vendor_data_file:s0
|
||||
/dev/esfp0 u:object_r:egis_device:s0
|
||||
/dev/goodix_fp u:object_r:goodix_device:s0
|
||||
|
||||
# IFAA
|
||||
|
||||
4
sepolicy/vendor/hal_fingerprint_default.te
vendored
4
sepolicy/vendor/hal_fingerprint_default.te
vendored
@ -1,13 +1,17 @@
|
||||
allow hal_fingerprint_default {
|
||||
etsd_device
|
||||
egis_device
|
||||
goodix_device
|
||||
tee_device
|
||||
}: chr_file rw_file_perms;
|
||||
|
||||
allow hal_fingerprint_default self:binder { call transfer };
|
||||
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
|
||||
r_dir_file(hal_fingerprint_default, firmware_file)
|
||||
get_prop(hal_fingerprint_default, build_bootimage_prop)
|
||||
set_prop(hal_fingerprint_default, vendor_mot_fingerprint_prop)
|
||||
allow hal_fingerprint_default vendor_sysfs_battery_supply:dir r_dir_perms;
|
||||
allow hal_fingerprint_default vendor_sysfs_battery_supply:file r_file_perms;
|
||||
allow hal_fingerprint_default vendor_sysfs_fingerprint:dir r_dir_perms;
|
||||
allow hal_fingerprint_default vendor_sysfs_fingerprint:file rw_file_perms;
|
||||
allow hal_fingerprint_default uhid_device:chr_file rw_file_perms;
|
||||
|
||||
1
sepolicy/vendor/hwservice_contexts
vendored
1
sepolicy/vendor/hwservice_contexts
vendored
@ -4,6 +4,7 @@ motorola.hardware.camera.desktop::ICameraDesktop u:object
|
||||
# Fingerprint
|
||||
com.motorola.hardware.biometric.fingerprint::IMotoFingerPrint u:object_r:hal_fingerprint_hwservice:s0
|
||||
com.motorola.hardware.biometric.fingerprint::IMotoFingerPrintSensorTest u:object_r:hal_fingerprint_hwservice:s0
|
||||
vendor.egistec.hardware.fingerprint::IBiometricsFingerprintRbs u:object_r:hal_fingerprint_hwservice:s0
|
||||
|
||||
# IFAA
|
||||
vendor.zui.hardware.ifaa::IIFAADevice u:object_r:hal_ifaa_hwservice:s0
|
||||
|
||||
2
sepolicy/vendor/tee.te
vendored
Normal file
2
sepolicy/vendor/tee.te
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
allow tee vendor_persist_egis_file:dir rw_dir_perms;
|
||||
allow tee vendor_persist_egis_file:file create_file_perms;
|
||||
4
sepolicy/vendor/vendor_init_fingerprint.te
vendored
4
sepolicy/vendor/vendor_init_fingerprint.te
vendored
@ -5,6 +5,8 @@ init_daemon_domain(vendor_init_fingerprint)
|
||||
allow vendor_init_fingerprint self:capability { kill sys_module };
|
||||
allow vendor_init_fingerprint vendor_file:system module_load;
|
||||
allow vendor_init_fingerprint vendor_toolbox_exec:file rx_file_perms;
|
||||
allow vendor_init_fingerprint vendor_persist_egis_file:file create_file_perms;
|
||||
allow vendor_init_fingerprint vendor_persist_egis_file:dir rw_dir_perms;
|
||||
allow vendor_init_fingerprint vendor_persist_fps_file:file create_file_perms;
|
||||
allow vendor_init_fingerprint vendor_persist_fps_file:dir rw_dir_perms;
|
||||
allow vendor_init_fingerprint mnt_vendor_file:dir search;
|
||||
@ -12,4 +14,4 @@ allow vendor_init_fingerprint mnt_vendor_file:dir search;
|
||||
set_prop(vendor_init_fingerprint, ctl_start_prop)
|
||||
set_prop(vendor_init_fingerprint, vendor_mot_fingerprint_prop)
|
||||
|
||||
allow vendor_init_fingerprint vendor_file:file execute_no_trans;
|
||||
allow vendor_init_fingerprint vendor_file:file execute_no_trans;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user