sm7325-common: Commonize sepolicy

Change-Id: Idbc4e5f655fd19cc4754aab99d8bb236a73f9a12
2023-04-28 08:44:32 -06:00 · 2023-04-28 08:44:32 -06:00 · c233285c22
commit c233285c22
parent fcbf39be75
5 changed files with 25 additions and 2 deletions
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@ -57,10 +57,15 @@
 /data/vendor/gf_data(/.*)?                              u:object_r:fingerprint_vendor_data_file:s0
 /dev/esfp0                                              u:object_r:egis_device:s0
 /dev/goodix_fp                                          u:object_r:goodix_device:s0
+/sys/devices/soc/0.et320(/.*)?                          u:object_r:vendor_sysfs_fingerprint:s0

 # IFAA
 /(vendor|system/vendor)/bin/hw/vendor\.zui\.hardware\.ifaa@1\.0-service                 u:object_r:hal_ifaa_default_exec:s0

+# Lights
+/(vendor|system/vendor)/bin/hw/android\.hardware\.lights-service\.berlna                                         u:object_r:hal_light_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.lights-service\.xpeng                                          u:object_r:hal_light_default_exec:s0
+
 # LiveDisplay
 /(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.1-service\.motorola_lahaina    u:object_r:hal_lineage_livedisplay_qti_exec:s0

@ -89,9 +94,10 @@
 /dev/mmi_sys_temp                                       u:object_r:vendor_thermal_device:s0

 # Vendor init scripts
+/(vendor|system/vendor)/bin/load_touch\.sh                      u:object_r:vendor_qti_init_shell_exec:s0
 /(vendor|system/vendor)/bin/init\.mmi\.laser\.sh                u:object_r:vendor_mmi_laser_exec:s0
 /(vendor|system/vendor)/bin/init\.mmi\.touch\.sh                u:object_r:vendor_init_touch_exec:s0
-/(vendor|system/vendor)/bin/init\.oem\.fingerprint2\.sh         u:object_r:vendor_init_fingerprint_exec:s0
+/(vendor|system/vendor)/bin/init\.oem\.(fingerprint2|fingerprint\.overlay)\.sh                    u:object_r:vendor_init_fingerprint_exec:s0
 /(vendor|system/vendor)/bin/init\.oem\.hw\.sh                   u:object_r:vendor_init_hw_exec:s0

 # V4L2 Name
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@ -1,3 +1,8 @@
+# Fingerprint
+genfscon sysfs /devices/platform/egis_input                         u:object_r:vendor_sysfs_fingerprint:s0
+genfscon sysfs /devices/platform/egis_input/navigation_enable       u:object_r:vendor_sysfs_fingerprint:s0
+genfscon sysfs /devices/platform/egis_input/navigation_event        u:object_r:vendor_sysfs_fingerprint:s0
+
 # Health
 genfscon sysfs /devices/platform/soc/soc:mmi,charger/power_supply/mmi_battery      u:object_r:vendor_sysfs_battery_supply:s0

@ -6,6 +11,7 @@ genfscon sysfs /devices/virtual/input

 # Lights
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8350c@2:qcom,leds@ef00/leds/charging u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/charging u:object_r:sysfs_leds:s0

 # LiveDisplay
 genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display-primary/dsi_display_hbm             u:object_r:sysfs_livedisplay_tuneable:s0
--- a/sepolicy/vendor/hal_light_default.te
+++ b/sepolicy/vendor/hal_light_default.te
@ -0,0 +1,5 @@
+allow hal_light_default {
+  sysfs_leds
+}:file rw_file_perms;
+
+r_dir_file(hal_light_default, sysfs_leds)
--- a/sepolicy/vendor/hwservice_contexts
+++ b/sepolicy/vendor/hwservice_contexts
@ -4,6 +4,7 @@ motorola.hardware.camera.desktop::ICameraDesktop                        u:object
 # Fingerprint
 com.motorola.hardware.biometric.fingerprint::IMotoFingerPrint           u:object_r:hal_fingerprint_hwservice:s0
 com.motorola.hardware.biometric.fingerprint::IMotoFingerPrintSensorTest u:object_r:hal_fingerprint_hwservice:s0
+vendor.egistec.hardware.fingerprint::IBiometricsFingerprintEts          u:object_r:hal_fingerprint_hwservice:s0
 vendor.egistec.hardware.fingerprint::IBiometricsFingerprintRbs          u:object_r:hal_fingerprint_hwservice:s0

 # IFAA
--- a/sepolicy/vendor/vendor_init_fingerprint.te
+++ b/sepolicy/vendor/vendor_init_fingerprint.te
@ -2,6 +2,7 @@ type vendor_init_fingerprint, domain;
 type vendor_init_fingerprint_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(vendor_init_fingerprint)

+allow vendor_init_fingerprint kernel:key search;
 allow vendor_init_fingerprint self:capability { kill sys_module };
 allow vendor_init_fingerprint vendor_file:system module_load;
 allow vendor_init_fingerprint vendor_toolbox_exec:file rx_file_perms;
@ -9,7 +10,11 @@ allow vendor_init_fingerprint vendor_persist_egis_file:file create_file_perms;
 allow vendor_init_fingerprint vendor_persist_egis_file:dir rw_dir_perms;
 allow vendor_init_fingerprint vendor_persist_fps_file:file create_file_perms;
 allow vendor_init_fingerprint vendor_persist_fps_file:dir rw_dir_perms;
-allow vendor_init_fingerprint mnt_vendor_file:dir search;
+allow vendor_init_fingerprint mnt_vendor_file:dir r_dir_perms;
+allow vendor_init_fingerprint mnt_vendor_file:file r_file_perms;
+
+# Write to /dev/kmsg
+allow vendor_init_fingerprint kmsg_device:chr_file rw_file_perms;

 set_prop(vendor_init_fingerprint, ctl_start_prop)
 set_prop(vendor_init_fingerprint, vendor_mot_fingerprint_prop)