Fingerprint data is now stored in one of two ways depending on the
shipping API version:
For devices shipped on O-MR1 nothing changes, data is stored
under /data/system/users/<user-id>/fpdata/...
Devices shipped from now on will instead store fingerprint data under
/data/vendor_de/<user-id>/fpdata.
Support for /data/vendor_de and /data/vendor_ce has been added to vold.
Bug: 36997597
Change-Id: Ibc7cc33b756f64abe68a749c0ada0ca4f6d92514
Merged-In: Ibc7cc33b756f64abe68a749c0ada0ca4f6d92514
Test: manually
(cherry picked from commit 6116daa71a
)
This commit is contained in:
parent
fdec2530ef
commit
4d6a5e8700
7 changed files with 19 additions and 0 deletions
|
@ -43,6 +43,7 @@
|
||||||
exported3_default_prop
|
exported3_default_prop
|
||||||
exported3_radio_prop
|
exported3_radio_prop
|
||||||
exported3_system_prop
|
exported3_system_prop
|
||||||
|
fingerprint_vendor_data_file
|
||||||
fs_bpf
|
fs_bpf
|
||||||
hal_audiocontrol_hwservice
|
hal_audiocontrol_hwservice
|
||||||
hal_authsecret_hwservice
|
hal_authsecret_hwservice
|
||||||
|
|
|
@ -455,6 +455,9 @@
|
||||||
# Fingerprint data
|
# Fingerprint data
|
||||||
/data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
|
/data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
|
||||||
|
|
||||||
|
# Fingerprint vendor data file
|
||||||
|
/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0
|
||||||
|
|
||||||
# Bootchart data
|
# Bootchart data
|
||||||
/data/bootchart(/.*)? u:object_r:bootchart_data_file:s0
|
/data/bootchart(/.*)? u:object_r:bootchart_data_file:s0
|
||||||
|
|
||||||
|
|
|
@ -14,10 +14,12 @@ allow vold_prepare_subdirs {
|
||||||
vendor_data_file
|
vendor_data_file
|
||||||
}:dir { open read write add_name remove_name rmdir relabelfrom };
|
}:dir { open read write add_name remove_name rmdir relabelfrom };
|
||||||
allow vold_prepare_subdirs {
|
allow vold_prepare_subdirs {
|
||||||
|
fingerprint_vendor_data_file
|
||||||
storaged_data_file
|
storaged_data_file
|
||||||
vold_data_file
|
vold_data_file
|
||||||
}:dir { create_dir_perms relabelto };
|
}:dir { create_dir_perms relabelto };
|
||||||
allow vold_prepare_subdirs {
|
allow vold_prepare_subdirs {
|
||||||
|
fingerprint_vendor_data_file
|
||||||
storaged_data_file
|
storaged_data_file
|
||||||
system_data_file
|
system_data_file
|
||||||
vold_data_file
|
vold_data_file
|
||||||
|
|
|
@ -814,6 +814,7 @@ full_treble_only(`
|
||||||
-appdomain # TODO(b/34980020) remove exemption for appdomain
|
-appdomain # TODO(b/34980020) remove exemption for appdomain
|
||||||
-data_between_core_and_vendor_violators
|
-data_between_core_and_vendor_violators
|
||||||
-init
|
-init
|
||||||
|
-vold_prepare_subdirs
|
||||||
} {
|
} {
|
||||||
data_file_type
|
data_file_type
|
||||||
-core_data_file_type
|
-core_data_file_type
|
||||||
|
@ -825,6 +826,7 @@ full_treble_only(`
|
||||||
-appdomain # TODO(b/34980020) remove exemption for appdomain
|
-appdomain # TODO(b/34980020) remove exemption for appdomain
|
||||||
-data_between_core_and_vendor_violators
|
-data_between_core_and_vendor_violators
|
||||||
-init
|
-init
|
||||||
|
-vold_prepare_subdirs
|
||||||
} {
|
} {
|
||||||
data_file_type
|
data_file_type
|
||||||
-core_data_file_type
|
-core_data_file_type
|
||||||
|
|
|
@ -312,6 +312,8 @@ type backup_data_file, file_type, data_file_type, core_data_file_type, mlstruste
|
||||||
type bluetooth_efs_file, file_type;
|
type bluetooth_efs_file, file_type;
|
||||||
# Type for fingerprint template file
|
# Type for fingerprint template file
|
||||||
type fingerprintd_data_file, file_type, data_file_type, core_data_file_type;
|
type fingerprintd_data_file, file_type, data_file_type, core_data_file_type;
|
||||||
|
# Type for _new_ fingerprint template file
|
||||||
|
type fingerprint_vendor_data_file, file_type, data_file_type;
|
||||||
# Type for appfuse file.
|
# Type for appfuse file.
|
||||||
type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
||||||
|
|
||||||
|
|
|
@ -8,5 +8,10 @@ allow hal_fingerprint_client hal_fingerprint_hwservice:hwservice_manager find;
|
||||||
# For memory allocation
|
# For memory allocation
|
||||||
allow hal_fingerprint ion_device:chr_file r_file_perms;
|
allow hal_fingerprint ion_device:chr_file r_file_perms;
|
||||||
|
|
||||||
|
allow hal_fingerprint fingerprint_vendor_data_file:file { create_file_perms };
|
||||||
|
allow hal_fingerprint fingerprint_vendor_data_file:dir rw_dir_perms;
|
||||||
|
|
||||||
r_dir_file(hal_fingerprint, cgroup)
|
r_dir_file(hal_fingerprint, cgroup)
|
||||||
r_dir_file(hal_fingerprint, sysfs)
|
r_dir_file(hal_fingerprint, sysfs)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -5,3 +5,7 @@ type tee, domain;
|
||||||
|
|
||||||
# Device(s) for communicating with the TEE
|
# Device(s) for communicating with the TEE
|
||||||
type tee_device, dev_type;
|
type tee_device, dev_type;
|
||||||
|
|
||||||
|
allow tee fingerprint_vendor_data_file:dir rw_dir_perms;
|
||||||
|
allow tee fingerprint_vendor_data_file:file create_file_perms;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue