fix fingerprint in enforce
This commit is contained in:
parent
6158bb1942
commit
b2e2106d42
6 changed files with 27 additions and 6 deletions
|
@ -8,6 +8,15 @@
|
||||||
<instance>default</instance>
|
<instance>default</instance>
|
||||||
</interface>
|
</interface>
|
||||||
</hal>
|
</hal>
|
||||||
|
<hal format="hidl">
|
||||||
|
<name>vendor.samsung.hardware.biometrics.fingerprint</name>
|
||||||
|
<transport>hwbinder</transport>
|
||||||
|
<version>2.1</version>
|
||||||
|
<interface>
|
||||||
|
<name>ISecBiometricsFingerprint</name>
|
||||||
|
<instance>default</instance>
|
||||||
|
</interface>
|
||||||
|
</hal>
|
||||||
<hal format="hidl">
|
<hal format="hidl">
|
||||||
<name>android.hardware.audio</name>
|
<name>android.hardware.audio</name>
|
||||||
<transport>hwbinder</transport>
|
<transport>hwbinder</transport>
|
||||||
|
@ -123,7 +132,7 @@
|
||||||
<instance>default</instance>
|
<instance>default</instance>
|
||||||
</interface>
|
</interface>
|
||||||
</hal>
|
</hal>
|
||||||
<!-- <hal format="hidl">
|
<hal format="hidl">
|
||||||
<name>android.hardware.keymaster</name>
|
<name>android.hardware.keymaster</name>
|
||||||
<transport>hwbinder</transport>
|
<transport>hwbinder</transport>
|
||||||
<version>3.0</version>
|
<version>3.0</version>
|
||||||
|
@ -131,7 +140,7 @@
|
||||||
<name>IKeymasterDevice</name>
|
<name>IKeymasterDevice</name>
|
||||||
<instance>default</instance>
|
<instance>default</instance>
|
||||||
</interface>
|
</interface>
|
||||||
</hal> -->
|
</hal>
|
||||||
<hal format="hidl">
|
<hal format="hidl">
|
||||||
<name>android.hardware.media.omx</name>
|
<name>android.hardware.media.omx</name>
|
||||||
<transport>hwbinder</transport>
|
<transport>hwbinder</transport>
|
||||||
|
|
|
@ -29,3 +29,6 @@
|
||||||
/sys/devices/virtual/sec/sec_key/hall_irq_ctrl u:object_r:sysfs_sec:s0
|
/sys/devices/virtual/sec/sec_key/hall_irq_ctrl u:object_r:sysfs_sec:s0
|
||||||
|
|
||||||
/system/bin/wifiloader u:object_r:wifiloader_exec:s0
|
/system/bin/wifiloader u:object_r:wifiloader_exec:s0
|
||||||
|
|
||||||
|
/system/vendor/bin/hw/vendor\.samsung\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,10 @@
|
||||||
allow hal_fingerprint_default system_data_file:dir { add_name create open read write remove_name rmdir };
|
allow hal_fingerprint_default system_data_file:dir { add_name create open read write remove_name rmdir };
|
||||||
allow hal_fingerprint_default system_data_file:file { getattr open read };
|
allow hal_fingerprint_default system_data_file:file { getattr open read };
|
||||||
allow hal_fingerprint_default tee_device:chr_file ioctl;
|
allow hal_fingerprint_default tee_device:chr_file { open read write ioctl };
|
||||||
allow hal_fingerprint_default firmware_file:file { getattr open read };
|
allow hal_fingerprint_default firmware_file:file { getattr open read };
|
||||||
allow hal_fingerprint_default tee_device:chr_file { open read write };
|
allow hal_fingerprint_default firmware_file:dir search;
|
||||||
allow hal_fingerprint_default vfsspi_device:chr_file ioctl;
|
allow hal_fingerprint_default vfsspi_device:chr_file { read open write ioctl getattr };
|
||||||
|
|
||||||
|
file_type_auto_trans(hal_fingerprint_default, system_data_file, biometrics_data_file);
|
||||||
|
allow hal_fingerprint_default biometrics_data_file:dir { add_name create open read write remove_name rmdir };
|
||||||
|
allow hal_fingerprint_default biometrics_data_file:file { getattr open read create write };
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
allow hal_keymaster_default firmware_file:dir search;
|
allow hal_keymaster_default firmware_file:dir search;
|
||||||
allow hal_keymaster_default firmware_file:file read;
|
allow hal_keymaster_default firmware_file:file { getattr open read };
|
||||||
|
|
2
sepolicy/hwservice_contexts
Normal file
2
sepolicy/hwservice_contexts
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
vendor.samsung.hardware.biometrics.fingerprint::ISecBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0
|
||||||
|
|
|
@ -8,3 +8,6 @@ allow tee init:unix_stream_socket connectto;
|
||||||
allow tee gatekeeper_data_file:file { open read };
|
allow tee gatekeeper_data_file:file { open read };
|
||||||
|
|
||||||
allow tee efs_file:file { open read };
|
allow tee efs_file:file { open read };
|
||||||
|
allow tee efs_file:dir search;
|
||||||
|
|
||||||
|
allow tee gatekeeper_data_file:dir { read search };
|
||||||
|
|
Loading…
Reference in a new issue