From 124e1c32102b7e7e6cbb71cec3be5ac466a5390e Mon Sep 17 00:00:00 2001 From: Erfan Abdi Date: Fri, 1 Apr 2022 23:51:04 +0200 Subject: [PATCH] sm8350-common: sepolicy: Replace mfp rules with hal_fingerprint_default Change-Id: Ifa560592bcab7bc76155a1addde81c5ff0af147e --- sepolicy/vendor/file_contexts | 2 +- sepolicy/vendor/fingerprint.te | 26 ------------------- sepolicy/vendor/genfs_contexts | 3 +++ sepolicy/vendor/hal_fingerprint_default.te | 30 ++++++++++++++++++++++ sepolicy/vendor/hal_lineage_fod_default.te | 1 - sepolicy/vendor/hal_perf_default.te | 4 +-- sepolicy/vendor/property_contexts | 2 -- 7 files changed, 36 insertions(+), 32 deletions(-) delete mode 100644 sepolicy/vendor/fingerprint.te create mode 100644 sepolicy/vendor/hal_fingerprint_default.te diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index 0f1ba67..53ac6c4 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -25,9 +25,9 @@ # Fingerprint /dev/goodix_fp u:object_r:vendor_fingerprint_device:s0 /mnt/vendor/persist/goodix(/.*)? u:object_r:vendor_fingerprint_data_file:s0 +/data/vendor/fpc(/.*)? u:object_r:vendor_fingerprint_data_file:s0 /data/vendor/fpdump(/.*)? u:object_r:vendor_fingerprint_data_file:s0 /data/vendor/goodix(/.*)? u:object_r:vendor_fingerprint_data_file:s0 -/vendor/bin/hw/mfp-daemon u:object_r:vendor_mfp-daemon_exec:s0 # FOD /vendor/bin/hw/vendor\.lineage\.biometrics\.fingerprint\.inscreen@1.0-service\.xiaomi_sm8350 u:object_r:hal_lineage_fod_default_exec:s0 diff --git a/sepolicy/vendor/fingerprint.te b/sepolicy/vendor/fingerprint.te deleted file mode 100644 index bae8fb3..0000000 --- a/sepolicy/vendor/fingerprint.te +++ /dev/null @@ -1,26 +0,0 @@ -type vendor_mfp-daemon, domain; -type vendor_mfp-daemon_exec, exec_type, vendor_file_type, file_type; -type vendor_fingerprint_data_file, data_file_type, file_type; -type vendor_fingerprint_device, dev_type; -type vendor_fp_prop, vendor_public_property_type, vendor_property_type, property_type; -type vendor_fp_info_prop, vendor_public_property_type, vendor_property_type, property_type; -type vendor_hal_fingerprint_hwservice_xiaomi, hwservice_manager_type; - -hal_server_domain(vendor_mfp-daemon, hal_fingerprint) -init_daemon_domain(vendor_mfp-daemon) -add_hwservice(vendor_mfp-daemon, vendor_hal_fingerprint_hwservice_xiaomi) - -set_prop(vendor_mfp-daemon, vendor_fp_prop) -set_prop(vendor_mfp-daemon, vendor_fp_info_prop) - -allow vendor_mfp-daemon vendor_hal_perf_hwservice:hwservice_manager { find }; - -allow vendor_mfp-daemon vendor_fingerprint_data_file:dir create_dir_perms; -allow vendor_mfp-daemon vendor_fingerprint_data_file:file create_file_perms; -allow vendor_mfp-daemon tee_device:chr_file rw_file_perms; -allow vendor_mfp-daemon vendor_fingerprint_device:chr_file rwx_file_perms; -allow vendor_mfp-daemon fingerprint_vendor_data_file:dir create_dir_perms; -allow vendor_mfp-daemon fingerprint_vendor_data_file:file create_file_perms; -allow vendor_mfp-daemon input_device:dir r_dir_perms; -allow vendor_mfp-daemon input_device:chr_file rw_file_perms; -allow vendor_mfp-daemon self:netlink_socket create_socket_perms_no_ioctl; diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts index 91c5ce2..9671a43 100644 --- a/sepolicy/vendor/genfs_contexts +++ b/sepolicy/vendor/genfs_contexts @@ -1,6 +1,9 @@ # Battery genfscon sysfs /class/qcom-battery u:object_r:vendor_sysfs_battery_supply:s0 +# Fingerprint +genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc u:object_r:vendor_sysfs_fingerprint:s0 + # Wakeup nodes genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pmk8350@0:rtc@6100/rtc/rtc0/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/soc/a8c000.spi/spi_master/spi1/spi1.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te new file mode 100644 index 0000000..f5a4684 --- /dev/null +++ b/sepolicy/vendor/hal_fingerprint_default.te @@ -0,0 +1,30 @@ +type vendor_fingerprint_data_file, data_file_type, file_type; +type vendor_fingerprint_device, dev_type; +type vendor_fp_prop, vendor_public_property_type, vendor_property_type, property_type; +type vendor_fp_info_prop, vendor_public_property_type, vendor_property_type, property_type; +type vendor_hal_fingerprint_hwservice_xiaomi, hwservice_manager_type; + +# Binder +allow hal_fingerprint_default vendor_hal_fingerprint_hwservice_xiaomi:hwservice_manager find; +allow hal_fingerprint_default vendor_hal_perf_default:binder call; +allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find; + +# Props +set_prop(hal_fingerprint_default, vendor_fp_prop) +set_prop(hal_fingerprint_default, vendor_fp_info_prop) + +# Sysfs +allow hal_fingerprint_default sysfs_rtc:dir r_dir_perms; +allow hal_fingerprint_default sysfs_rtc:file rw_file_perms; +allow hal_fingerprint_default vendor_sysfs_spss:dir r_dir_perms; +allow hal_fingerprint_default vendor_sysfs_spss:file rw_file_perms; +allow hal_fingerprint_default vendor_sysfs_fingerprint:dir r_dir_perms; +allow hal_fingerprint_default vendor_sysfs_fingerprint:file rw_file_perms; + +# Dev nodes +allow hal_fingerprint_default tee_device:chr_file rw_file_perms; +allow hal_fingerprint_default uhid_device:chr_file rw_file_perms; + +# Data +allow hal_fingerprint_default vendor_fingerprint_data_file:dir rw_dir_perms; +allow hal_fingerprint_default vendor_fingerprint_data_file:file create_file_perms; diff --git a/sepolicy/vendor/hal_lineage_fod_default.te b/sepolicy/vendor/hal_lineage_fod_default.te index b4017f4..60ce291 100644 --- a/sepolicy/vendor/hal_lineage_fod_default.te +++ b/sepolicy/vendor/hal_lineage_fod_default.te @@ -7,6 +7,5 @@ allow hal_lineage_fod_default vendor_sysfs_graphics:file rw_file_perms; allow hal_lineage_fod_default vendor_hal_fingerprint_hwservice_xiaomi:hwservice_manager { find }; binder_call(hal_lineage_fod_default, hal_fingerprint_default) -binder_call(hal_lineage_fod_default, vendor_mfp-daemon) hal_client_domain(hal_lineage_fod_default, hal_fingerprint) diff --git a/sepolicy/vendor/hal_perf_default.te b/sepolicy/vendor/hal_perf_default.te index f88f142..e732df0 100644 --- a/sepolicy/vendor/hal_perf_default.te +++ b/sepolicy/vendor/hal_perf_default.te @@ -1,4 +1,4 @@ allow vendor_hal_perf_default hal_audio_default:dir r_dir_perms; allow vendor_hal_perf_default hal_audio_default:file r_file_perms; -allow vendor_hal_perf_default vendor_mfp-daemon:dir r_dir_perms; -allow vendor_hal_perf_default vendor_mfp-daemon:file r_file_perms; +allow vendor_hal_perf_default hal_fingerprint_default:dir r_dir_perms; +allow vendor_hal_perf_default hal_fingerprint_default:file r_file_perms; diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts index 0a466cb..641b5fd 100644 --- a/sepolicy/vendor/property_contexts +++ b/sepolicy/vendor/property_contexts @@ -6,8 +6,6 @@ ro.boot.camera.config u:object_r:vendor_camera_sensor_prop:s0 persist.vendor.sys.fp. u:object_r:vendor_fp_prop:s0 persist.vendor.sys.fp.info u:object_r:vendor_fp_info_prop:s0 persist.vendor.sys.fp.uid u:object_r:vendor_fp_info_prop:s0 -vendor.fps_hal. u:object_r:vendor_fp_prop:s0 -vendor.panel.display. u:object_r:vendor_fp_prop:s0 # SPU persist.vendor.security.spuari. u:object_r:vendor_security_spuari_prop:s0