hidl: biometrics: fingerprint: Make fingerprint HIDL fully treble compliant

This is more like a hack, also observed in the stock HAL, for pre-P shipped devices because those have fpdata store path set to /data/system/users/ by the FingerprintService. Force treble compliant path and thus avoid using data_between_core_and_vendor_violators attribute: > typeattribute hal_fingerprint_default data_between_core_and_vendor_violators; > # access to /data/system/users/[0-9]+/fpdata > allow hal_fingerprint_default fingerprintd_data_file:dir rw_dir_perms; > allow hal_fingerprint_default fingerprintd_data_file:file create_file_perms; Change-Id: I388f993de7f95fc68007d945f5a9cc975afde120
2020-05-17 17:23:04 +01:00 · 2020-05-17 17:23:04 +01:00 · 3f1a8dbfe8
commit 3f1a8dbfe8
parent d6951615ae
1 changed files with 10 additions and 2 deletions
--- a/hidl/biometrics/fingerprint/BiometricsFingerprint.cpp
+++ b/hidl/biometrics/fingerprint/BiometricsFingerprint.cpp
@ -9,6 +9,7 @@

 #include <hardware/hw_auth_token.h>

+#include <android-base/strings.h>
 #include <hardware/hardware.h>
 #include "BiometricsFingerprint.h"

@ -43,6 +44,7 @@ static const uint16_t kVersion = HARDWARE_MODULE_API_VERSION(2, 1);
 using RequestStatus = android::hardware::biometrics::fingerprint::V2_1::RequestStatus;

 using ::android::base::SetProperty;
+using ::android::base::StartsWith;

 BiometricsFingerprint* BiometricsFingerprint::sInstance = nullptr;

@ -222,11 +224,17 @@ Return<RequestStatus> BiometricsFingerprint::setActiveGroup(uint32_t gid,
        ALOGE("Bad path length: %zd", storePath.size());
        return RequestStatus::SYS_EINVAL;
    }
-    if (access(storePath.c_str(), W_OK)) {
+    std::string mutableStorePath = storePath;
+    if (StartsWith(mutableStorePath, "/data/system/users/")) {
+        mutableStorePath = "/data/vendor_de/";
+        mutableStorePath +=
+                static_cast<std::string>(storePath).substr(strlen("/data/system/users/"));
+    }
+    if (access(mutableStorePath.c_str(), W_OK)) {
        return RequestStatus::SYS_EINVAL;
    }

-    return ErrorFilter(mDevice->set_active_group(mDevice, gid, storePath.c_str()));
+    return ErrorFilter(mDevice->set_active_group(mDevice, gid, mutableStorePath.c_str()));
 }

 Return<RequestStatus> BiometricsFingerprint::authenticate(uint64_t operationId, uint32_t gid) {