sm6375-common: sepolicy: Add rules for focaltech fp

Change-Id: I9bf360696c6362b42e532228bf3ec9c1e684f163
2025-04-24 19:10:52 +05:30 · 2025-04-24 19:10:52 +05:30 · dddd2bc8c5
commit dddd2bc8c5
parent 484f46a605
5 changed files with 10 additions and 0 deletions
--- a/sepolicy/vendor/device.te
+++ b/sepolicy/vendor/device.te
@ -1,6 +1,7 @@
 # Fingerprint
 type egis_device, dev_type;
 type etsd_device, dev_type;
+type focaltech_fp_device, dev_type;
 type goodix_device, dev_type;

 # Moto partitions
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@ -62,8 +62,10 @@
 /data/vendor/egis(/.*)?                                 u:object_r:fingerprint_vendor_data_file:s0
 /data/vendor/fpc(/.*)?                                  u:object_r:fingerprint_vendor_data_file:s0
 /data/vendor/focal(/.*)?                                u:object_r:fingerprint_vendor_data_file:s0
+/data/vendor/focaltech(/.*)?                            u:object_r:fingerprint_vendor_data_file:s0
 /data/vendor/gf_data(/.*)?                              u:object_r:fingerprint_vendor_data_file:s0
 /dev/esfp0                                              u:object_r:egis_device:s0
+/dev/focaltech_fp                                       u:object_r:focaltech_fp_device:s0
 /dev/goodix_fp                                          u:object_r:goodix_device:s0
 /sys/devices/soc/0.et320(/.*)?                          u:object_r:vendor_sysfs_fingerprint:s0

--- a/sepolicy/vendor/hal_fingerprint_default.te
+++ b/sepolicy/vendor/hal_fingerprint_default.te
@ -1,12 +1,14 @@
 allow hal_fingerprint_default {
  etsd_device
  egis_device
+  focaltech_fp_device
  goodix_device
  tee_device
  graphics_device
 }: chr_file rw_file_perms;

 allow hal_fingerprint_default self:binder { call transfer };
+allow hal_fingerprint_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
 allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
 r_dir_file(hal_fingerprint_default, firmware_file)
 get_prop(hal_fingerprint_default, build_bootimage_prop)
@ -19,6 +21,9 @@ allow hal_fingerprint_default uhid_device:chr_file rw_file_perms;
 allow hal_fingerprint_default vendor_sysfs_fingerprint:{ file lnk_file } read;
 allow hal_fingerprint_default vendor_data_tzstorage_file:dir rw_dir_perms;
 allow hal_fingerprint_default vendor_data_tzstorage_file:file create_file_perms;
+allow hal_fingerprint_default vndbinder_device:chr_file rw_file_perms;
+binder_call(hal_fingerprint_default, vndservicemanager);
+allow hal_fingerprint_default hal_fingerprint_vndservice:service_manager add;

 binder_call(hal_fingerprint_default, hal_fingerprint_default)
 binder_call(hal_fingerprint_default, hal_health_default)
--- a/sepolicy/vendor/vndservice.te
+++ b/sepolicy/vendor/vndservice.te
@ -0,0 +1 @@
+type hal_fingerprint_vndservice, vndservice_manager_type;
--- a/sepolicy/vendor/vndservice_contexts
+++ b/sepolicy/vendor/vndservice_contexts
@ -0,0 +1 @@
+FocalFingerprintService                     u:object_r:hal_fingerprint_vndservice:s0
				`@ -0,0 +1 @@`
				`type hal_fingerprint_vndservice, vndservice_manager_type;`
				`@ -0,0 +1 @@`
				`FocalFingerprintService u:object_r:hal_fingerprint_vndservice:s0`