60afa5a8fb
We are going to enforce that each property has an explicit owner, such as system, vendor, or product. This attaches vendor_property_type to properties defined under vendor sepolicy directories. Bug: 159097992 Test: m selinux_policy && boot device Change-Id: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
31 lines
1.3 KiB
Plaintext
31 lines
1.3 KiB
Plaintext
type vendor_fingerprint_data_file, data_file_type, file_type;
|
|
type vendor_fingerprint_device, dev_type;
|
|
type vendor_hal_fingerprint_hwservice_xiaomi, hwservice_manager_type;
|
|
vendor_internal_prop(vendor_fp_prop)
|
|
vendor_internal_prop(vendor_fp_info_prop)
|
|
|
|
# Binder
|
|
allow hal_fingerprint_default vendor_hal_fingerprint_hwservice_xiaomi:hwservice_manager find;
|
|
allow hal_fingerprint_default vendor_hal_perf_default:binder call;
|
|
allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find;
|
|
|
|
# Props
|
|
set_prop(hal_fingerprint_default, vendor_fp_prop)
|
|
set_prop(hal_fingerprint_default, vendor_fp_info_prop)
|
|
|
|
# Sysfs
|
|
allow hal_fingerprint_default sysfs_rtc:dir r_dir_perms;
|
|
allow hal_fingerprint_default sysfs_rtc:file rw_file_perms;
|
|
allow hal_fingerprint_default vendor_sysfs_spss:dir r_dir_perms;
|
|
allow hal_fingerprint_default vendor_sysfs_spss:file rw_file_perms;
|
|
allow hal_fingerprint_default vendor_sysfs_fingerprint:dir r_dir_perms;
|
|
allow hal_fingerprint_default vendor_sysfs_fingerprint:file rw_file_perms;
|
|
|
|
# Dev nodes
|
|
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
|
|
allow hal_fingerprint_default uhid_device:chr_file rw_file_perms;
|
|
|
|
# Data
|
|
allow hal_fingerprint_default vendor_fingerprint_data_file:dir rw_dir_perms;
|
|
allow hal_fingerprint_default vendor_fingerprint_data_file:file create_file_perms;
|