Merge "Add sepolicy for IFingerprint"

This commit is contained in:
Treehugger Robot 2020-09-11 01:11:03 +00:00 committed by Gerrit Code Review
commit fd735237e4
6 changed files with 10 additions and 3 deletions

View file

@ -11,6 +11,7 @@
debugfs_kprobes debugfs_kprobes
gki_apex_prepostinstall gki_apex_prepostinstall
gki_apex_prepostinstall_exec gki_apex_prepostinstall_exec
hal_fingerprint_service
gnss_device gnss_device
hal_dumpstate_config_prop hal_dumpstate_config_prop
keystore2_key_contexts_file keystore2_key_contexts_file

View file

@ -1,3 +1,4 @@
android.hardware.biometrics.fingerprint.IFingerprint/default u:object_r:hal_fingerprint_service:s0
android.hardware.identity.IIdentityCredentialStore/default u:object_r:hal_identity_service:s0 android.hardware.identity.IIdentityCredentialStore/default u:object_r:hal_identity_service:s0
android.hardware.light.ILights/default u:object_r:hal_light_service:s0 android.hardware.light.ILights/default u:object_r:hal_light_service:s0
android.hardware.power.IPower/default u:object_r:hal_power_service:s0 android.hardware.power.IPower/default u:object_r:hal_power_service:s0

View file

@ -777,7 +777,6 @@ allow system_server fingerprintd_service:service_manager find;
allow system_server gatekeeper_service:service_manager find; allow system_server gatekeeper_service:service_manager find;
allow system_server gpu_service:service_manager find; allow system_server gpu_service:service_manager find;
allow system_server gsi_service:service_manager find; allow system_server gsi_service:service_manager find;
allow system_server hal_fingerprint_service:service_manager find;
allow system_server idmap_service:service_manager find; allow system_server idmap_service:service_manager find;
allow system_server incident_service:service_manager find; allow system_server incident_service:service_manager find;
allow system_server incremental_service:service_manager find; allow system_server incremental_service:service_manager find;

View file

@ -4,6 +4,11 @@ binder_call(hal_fingerprint_server, hal_fingerprint_client)
hal_attribute_hwservice(hal_fingerprint, hal_fingerprint_hwservice) hal_attribute_hwservice(hal_fingerprint, hal_fingerprint_hwservice)
add_service(hal_fingerprint_server, hal_fingerprint_service)
binder_call(hal_fingerprint_server, servicemanager)
allow hal_fingerprint_client hal_fingerprint_service:service_manager find;
# For memory allocation # For memory allocation
allow hal_fingerprint ion_device:chr_file r_file_perms; allow hal_fingerprint ion_device:chr_file r_file_perms;

View file

@ -9,7 +9,6 @@ type dnsresolver_service, service_manager_type;
type drmserver_service, service_manager_type; type drmserver_service, service_manager_type;
type dumpstate_service, service_manager_type; type dumpstate_service, service_manager_type;
type fingerprintd_service, service_manager_type; type fingerprintd_service, service_manager_type;
type hal_fingerprint_service, service_manager_type;
type gatekeeper_service, app_api_service, service_manager_type; type gatekeeper_service, app_api_service, service_manager_type;
type gpu_service, app_api_service, ephemeral_app_api_service, service_manager_type; type gpu_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type idmap_service, service_manager_type; type idmap_service, service_manager_type;
@ -212,6 +211,7 @@ type emergency_affordance_service, system_server_service, service_manager_type;
### HAL Services ### HAL Services
### ###
type hal_fingerprint_service, vendor_service, service_manager_type;
type hal_identity_service, vendor_service, service_manager_type; type hal_identity_service, vendor_service, service_manager_type;
type hal_light_service, vendor_service, service_manager_type; type hal_light_service, vendor_service, service_manager_type;
type hal_power_service, vendor_service, service_manager_type; type hal_power_service, vendor_service, service_manager_type;

View file

@ -10,8 +10,9 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-(service|protocan-service) u:object_r:hal_vehicle_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-(service|protocan-service) u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service u:object_r:hal_bluetooth_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service u:object_r:hal_bluetooth_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service\.btlinux u:object_r:hal_bluetooth_btlinux_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service\.btlinux u:object_r:hal_bluetooth_btlinux_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.[0-9]+-service\.example u:object_r:hal_face_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.[0-9]+-service\.example u:object_r:hal_face_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint-service u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-9]+-service u:object_r:hal_bootctl_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-9]+-service u:object_r:hal_bootctl_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@\d+\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@\d+\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service_64 u:object_r:hal_camera_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service_64 u:object_r:hal_camera_default_exec:s0