5797d151b5
* I HwBinder:1502_1: type=1400 audit(0.0:862): avc: denied { read write } for name="card0" dev="tmpfs" ino=26702 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file permissive=1
* I HwBinder:1502_1: type=1400 audit(0.0:863): avc: denied { open } for path="/dev/dri/card0" dev="tmpfs" ino=26702 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file permissive=1
* I HwBinder:1502_1: type=1400 audit(0.0:864): avc: denied { ioctl } for path="/dev/dri/card0" dev="tmpfs" ino=26702 ioctlcmd=0x649f scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file permissive=1
Change-Id: Iccfda81d6ab92f43c988ab2ff85577dffbcd5699
32 lines
1.6 KiB
Text
32 lines
1.6 KiB
Text
allow hal_fingerprint_default {
|
|
etsd_device
|
|
egis_device
|
|
goodix_device
|
|
tee_device
|
|
graphics_device
|
|
}: chr_file rw_file_perms;
|
|
|
|
allow hal_fingerprint_default self:binder { call transfer };
|
|
allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
|
|
r_dir_file(hal_fingerprint_default, firmware_file)
|
|
get_prop(hal_fingerprint_default, build_bootimage_prop)
|
|
set_prop(hal_fingerprint_default, vendor_mot_fingerprint_prop)
|
|
allow hal_fingerprint_default vendor_sysfs_battery_supply:dir r_dir_perms;
|
|
allow hal_fingerprint_default vendor_sysfs_battery_supply:file r_file_perms;
|
|
allow hal_fingerprint_default vendor_sysfs_fingerprint:dir r_dir_perms;
|
|
allow hal_fingerprint_default vendor_sysfs_fingerprint:file rw_file_perms;
|
|
allow hal_fingerprint_default uhid_device:chr_file rw_file_perms;
|
|
allow hal_fingerprint_default vendor_sysfs_fingerprint:{ file lnk_file } read;
|
|
allow hal_fingerprint_default vendor_data_tzstorage_file:dir rw_dir_perms;
|
|
allow hal_fingerprint_default vendor_data_tzstorage_file:file create_file_perms;
|
|
|
|
binder_call(hal_fingerprint_default, hal_fingerprint_default)
|
|
binder_call(hal_fingerprint_default, hal_health_default)
|
|
binder_call(hal_fingerprint_default, vendor_hal_perf_default)
|
|
|
|
allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find;
|
|
|
|
# access to /data/system/users/[0-9]+/fpdata
|
|
typeattribute hal_fingerprint_default data_between_core_and_vendor_violators;
|
|
allow hal_fingerprint_default fingerprintd_data_file:dir { rw_dir_perms };
|
|
allow hal_fingerprint_default fingerprintd_data_file:file { create_file_perms };
|