From 68178816119a29f6bd172471c9306a2b345b4cf9 Mon Sep 17 00:00:00 2001 From: Joshua Blanchard Date: Fri, 26 Mar 2021 20:11:56 -0400 Subject: [PATCH] berlna: Add services for init.oem.fingerprint*.sh These scripts are how we determine the fingerprint hardware and start the proper hal service. - Import stock services for oem fingerprint scripts - Add needed sepolicy changes Signed-off-by: Andrew Hexen Change-Id: If120fc341cee015a46f38cde93b09b8ba940e933 --- sepolicy/vendor/file_contexts | 6 ++++++ sepolicy/vendor/genfs_contexts | 5 +++++ sepolicy/vendor/hal_fingerprint_default.te | 2 ++ sepolicy/vendor/hwservice_contexts | 2 ++ sepolicy/vendor/vendor_init_fingerprint.te | 5 +++++ 5 files changed, 20 insertions(+) create mode 100644 sepolicy/vendor/hal_fingerprint_default.te create mode 100644 sepolicy/vendor/hwservice_contexts create mode 100644 sepolicy/vendor/vendor_init_fingerprint.te diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index cde83d0..2c185ae 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -1,3 +1,9 @@ # HAL Services /(vendor|system/vendor)/bin/hw/android\.hardware\.lights-service\.berlna u:object_r:hal_light_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.berlna u:object_r:hal_light_default_exec:s0 +/(vendor|system/vendor)/bin/init\.oem\.(fingerprint2|fingerprint\.overlay)\.sh u:object_r:vendor_init_fingerprint_exec:s0 +/(vendor|system/vendor)/bin/hw/egis_ident u:object_r:hal_fingerprint_default_exec:s0 + +# Fingerprint +/(mnt/vendor)/persist/egis(/.*)? u:object_r:fingerprint_vendor_data_file:s0 +/sys/devices/soc/0.et320(/.*)? u:object_r:vendor_sysfs_fingerprint:s0 diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts index 1539482..c478514 100644 --- a/sepolicy/vendor/genfs_contexts +++ b/sepolicy/vendor/genfs_contexts @@ -1,2 +1,7 @@ +# Fingerprint +genfscon sysfs /devices/platform/egis_input u:object_r:vendor_sysfs_fingerprint:s0 +genfscon sysfs /devices/platform/egis_input/navigation_enable u:object_r:vendor_sysfs_fingerprint:s0 +genfscon sysfs /devices/platform/egis_input/navigation_event u:object_r:vendor_sysfs_fingerprint:s0 + # Lights genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/charging u:object_r:sysfs_leds:s0 diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te new file mode 100644 index 0000000..21e38fd --- /dev/null +++ b/sepolicy/vendor/hal_fingerprint_default.te @@ -0,0 +1,2 @@ +allow hal_fingerprint_default vendor_sysfs_fingerprint:dir search; +allow hal_fingerprint_default vendor_sysfs_fingerprint:file { getattr open write }; diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts new file mode 100644 index 0000000..5972c0f --- /dev/null +++ b/sepolicy/vendor/hwservice_contexts @@ -0,0 +1,2 @@ +# Fingerprint +vendor.egistec.hardware.fingerprint::IBiometricsFingerprintEts u:object_r:hal_fingerprint_hwservice:s0 diff --git a/sepolicy/vendor/vendor_init_fingerprint.te b/sepolicy/vendor/vendor_init_fingerprint.te new file mode 100644 index 0000000..3a06b15 --- /dev/null +++ b/sepolicy/vendor/vendor_init_fingerprint.te @@ -0,0 +1,5 @@ +# Write to /dev/kmsg +allow vendor_init_fingerprint kmsg_device:chr_file rw_file_perms; + +allow vendor_init_fingerprint kernel:key search; +allow vendor_init_fingerprint mnt_vendor_file:file { getattr open read };