davinci: sepolicy: Add fingerprint rules

Change-Id: Id8b275e2d8666799eb1529cc66bc1d386710d3a4

sepolicy/vendor/file_contexts

@@ -4,8 +4,17 @@
 # Camera
 /mnt/vendor/persist/camera(/.*)?                                     u:object_r:camera_persist_file:s0
 
+# Fingerprint
+/dev/goodix_fp                                                       u:object_r:fingerprint_device:s0
+/data/vendor/goodix(/.*)?                                            u:object_r:fingerprint_data_file:s0
+
+# FOD
+/sys/devices/platform/soc/soc:qcom,dsi-display/fod_hbm               u:object_r:sysfs_fod:s0
+/sys/devices/virtual/touch/tp_dev/fod_status                         u:object_r:sysfs_fod:s0
+
 # HALs
 /vendor/bin/hw/android\.hardware\.light@2\.0-service\.davinci        u:object_r:hal_light_default_exec:s0
+/vendor/bin/hw/vendor\.lineage\.biometrics\.fingerprint\.inscreen@1\.0-service\.davinci u:object_r:hal_lineage_fod_default_exec:s0
 
 # Remosaic
 /vendor/bin/remosaic_daemon                                          u:object_r:remosaic_daemon_exec:s0

sepolicy/vendor/hal_fingerprint_default.te

@@ -0,0 +1,23 @@
+type hal_fingerprint_hwservice_xiaomi, hwservice_manager_type;
+type fingerprint_device, dev_type;
+type fingerprint_data_file, data_file_type, file_type;
+type vendor_fp_prop, property_type;
+
+allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
+allow hal_fingerprint_default fingerprint_data_file:dir create_dir_perms;
+allow hal_fingerprint_default fingerprint_data_file:file create_file_perms;
+allow hal_fingerprint_default input_device:dir r_dir_perms;
+allow hal_fingerprint_default input_device:chr_file rw_file_perms;
+allow hal_fingerprint_default qdsp_device:chr_file r_file_perms;
+allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
+allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
+allow hal_fingerprint_default uhid_device:chr_file rw_file_perms;
+allow hal_fingerprint_default xdsp_device:chr_file r_file_perms;
+
+r_dir_file(hal_fingerprint_default, firmware_file)
+
+get_prop(hal_fingerprint_default, vendor_adsprpc_prop)
+set_prop(hal_fingerprint_default, vendor_fp_prop)
+hal_client_domain(hal_fingerprint_default, hal_perf)
+
+add_hwservice(hal_fingerprint_default, hal_fingerprint_hwservice_xiaomi)

sepolicy/vendor/hal_lineage_fod_default.te

@@ -0,0 +1,9 @@
+type sysfs_fod, sysfs_type, fs_type;
+
+allow hal_lineage_fod_default sysfs_fod:file rw_file_perms;
+allow hal_lineage_fod_default sysfs_graphics:dir r_dir_perms;
+allow hal_lineage_fod_default sysfs_graphics:file rw_file_perms;
+
+allow hal_lineage_fod_default hal_fingerprint_hwservice_xiaomi:hwservice_manager find;
+
+binder_call(hal_lineage_fod_default, hal_fingerprint_default)

sepolicy/vendor/hwservice_contexts

@@ -0,0 +1,2 @@
+vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_hwservice_xiaomi:s0
+vendor.xiaomi.hardware.fingerprintextension::IXiaomiFingerprint u:object_r:hal_fingerprint_hwservice_xiaomi:s0

sepolicy/vendor/property_contexts

@@ -6,3 +6,11 @@ camera.sensor.frontMain.fuseID     u:object_r:vendor_camera_prop:s0
 camera.sensor.rearUltra.fuseID     u:object_r:vendor_camera_prop:s0
 camera.sensor.rearTele.fuseID      u:object_r:vendor_camera_prop:s0
 persist.camera.                    u:object_r:vendor_camera_prop:s0
+
+# Fingerprint
+gf.debug.                          u:object_r:vendor_fp_prop:s0
+persist.vendor.sys.fp.             u:object_r:vendor_fp_prop:s0
+ro.boot.fpsensor                   u:object_r:vendor_fp_prop:s0
+ro.hardware.fp                     u:object_r:vendor_fp_prop:s0
+sys.panel.display                  u:object_r:vendor_fp_prop:s0
+vendor.fps_hal.                    u:object_r:vendor_fp_prop:s0

sepolicy/vendor/tee.te

@@ -0,0 +1,4 @@
+allow tee fingerprint_data_file:dir create_dir_perms;
+allow tee fingerprint_data_file:file create_file_perms;
+allow tee mnt_vendor_file:dir rw_dir_perms;
+allow tee mnt_vendor_file:file create_file_perms;