fix fingerprint in enforce

2018-07-19 13:53:44 +03:00 · 2018-07-19 13:53:44 +03:00 · b2e2106d42
commit b2e2106d42
parent 6158bb1942
6 changed files with 27 additions and 6 deletions
--- a/configs/manifest.xml
+++ b/configs/manifest.xml
@ -8,6 +8,15 @@
            <instance>default</instance>
        </interface>
    </hal>
    <hal format="hidl">
        <name>vendor.samsung.hardware.biometrics.fingerprint</name>
        <transport>hwbinder</transport>
        <version>2.1</version>
        <interface>
            <name>ISecBiometricsFingerprint</name>
            <instance>default</instance>
        </interface>
    </hal>
    <hal format="hidl">
        <name>android.hardware.audio</name>
        <transport>hwbinder</transport>
@ -123,7 +132,7 @@
            <instance>default</instance>
        </interface>
    </hal>
-<!--    <hal format="hidl">
+    <hal format="hidl">
        <name>android.hardware.keymaster</name>
        <transport>hwbinder</transport>
        <version>3.0</version>
@ -131,7 +140,7 @@
            <name>IKeymasterDevice</name>
            <instance>default</instance>
        </interface>
-    </hal> -->
+    </hal>
    <hal format="hidl">
        <name>android.hardware.media.omx</name>
        <transport>hwbinder</transport>
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@ -29,3 +29,6 @@
 /sys/devices/virtual/sec/sec_key/hall_irq_ctrl                   u:object_r:sysfs_sec:s0
 /system/bin/wifiloader       u:object_r:wifiloader_exec:s0
 /system/vendor/bin/hw/vendor\.samsung\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
--- a/sepolicy/hal_fingerprint_default.te
+++ b/sepolicy/hal_fingerprint_default.te
@ -1,6 +1,10 @@
 allow hal_fingerprint_default system_data_file:dir { add_name create open read write remove_name rmdir };
 allow hal_fingerprint_default system_data_file:file { getattr open read };
-allow hal_fingerprint_default tee_device:chr_file ioctl;
+allow hal_fingerprint_default tee_device:chr_file { open read write ioctl };
 allow hal_fingerprint_default firmware_file:file { getattr open read };
-allow hal_fingerprint_default tee_device:chr_file { open read write };
+allow hal_fingerprint_default firmware_file:dir search;
-allow hal_fingerprint_default vfsspi_device:chr_file ioctl;
+allow hal_fingerprint_default vfsspi_device:chr_file { read open write ioctl getattr };
 file_type_auto_trans(hal_fingerprint_default, system_data_file, biometrics_data_file);
 allow hal_fingerprint_default biometrics_data_file:dir { add_name create open read write remove_name rmdir };
 allow hal_fingerprint_default biometrics_data_file:file { getattr open read create write };
--- a/sepolicy/hal_keymaster_default.te
+++ b/sepolicy/hal_keymaster_default.te
@ -1,2 +1,2 @@
 allow hal_keymaster_default firmware_file:dir search;
-allow hal_keymaster_default firmware_file:file read;
+allow hal_keymaster_default firmware_file:file { getattr open read };
--- a/sepolicy/hwservice_contexts
+++ b/sepolicy/hwservice_contexts
@ -0,0 +1,2 @@
 vendor.samsung.hardware.biometrics.fingerprint::ISecBiometricsFingerprint     u:object_r:hal_fingerprint_hwservice:s0
--- a/sepolicy/tee.te
+++ b/sepolicy/tee.te
@ -8,3 +8,6 @@ allow tee init:unix_stream_socket connectto;
 allow tee gatekeeper_data_file:file { open read };
 allow tee efs_file:file { open read };
 allow tee efs_file:dir search;
 allow tee gatekeeper_data_file:dir { read search };
`@ -1,2 +1,2 @@`
	`allow hal_keymaster_default firmware_file:dir search;`	`allow hal_keymaster_default firmware_file:dir search;`
	`allow hal_keymaster_default firmware_file:file read;`	`allow hal_keymaster_default firmware_file:file { getattr open read };`
		`@ -0,0 +1,2 @@`
							`vendor.samsung.hardware.biometrics.fingerprint::ISecBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0`