platform_system_sepolicy/private/hal_face.te
Inseob Kim 75806ef3c5 Minimize public policy
Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.

Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
           <(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
      to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
2024-03-28 00:33:46 +00:00

15 lines
577 B
Text

# Allow HwBinder IPC from client to server, and vice versa for callbacks.
binder_call(hal_face_client, hal_face_server)
binder_call(hal_face_server, hal_face_client)
hal_attribute_hwservice(hal_face, hal_face_hwservice)
hal_attribute_service(hal_face, hal_face_service)
binder_use(hal_face_server)
# Allow access to the ion memory allocation device.
allow hal_face ion_device:chr_file r_file_perms;
# Allow read/write access to the face template directory.
allow hal_face face_vendor_data_file:file create_file_perms;
allow hal_face face_vendor_data_file:dir rw_dir_perms;