From b58a74ac4f908ceb96066dbeaf08d0c1e947334d Mon Sep 17 00:00:00 2001 From: Michael Bestas Date: Fri, 17 Jun 2022 22:57:27 +0300 Subject: [PATCH] sm6375-common: sepolicy: Fix fingerprint labels Also incorporate fix from https://github.com/PixelExperience-Devices/device_xiaomi_veux/commit/839b9cd5a201f3cac6f3e70a638420ef944fce2f#commitcomment-99088748 Change-Id: I66188247ce9268929763236c0ac2fa483273f1cc Signed-off-by: Ahmad Rulim --- sepolicy/vendor/device.te | 2 +- sepolicy/vendor/file.te | 2 +- sepolicy/vendor/file_contexts | 24 ++++++------- sepolicy/vendor/hal_fingerprint_default.te | 42 +++++++++++----------- sepolicy/vendor/tee.te | 11 ++++-- 5 files changed, 45 insertions(+), 36 deletions(-) diff --git a/sepolicy/vendor/device.te b/sepolicy/vendor/device.te index 99f0186..35b6afb 100644 --- a/sepolicy/vendor/device.te +++ b/sepolicy/vendor/device.te @@ -2,7 +2,7 @@ type sound_device, dev_type; # Fingerprint device -type vendor_fingerprint_device, dev_type; +type fingerprint_device, dev_type; # IR device type ir_spi_device, dev_type; diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te index 8faaa33..25528eb 100644 --- a/sepolicy/vendor/file.te +++ b/sepolicy/vendor/file.te @@ -8,7 +8,7 @@ type persist_subsys_file, vendor_persist_type, file_type; type camera_persist_file, vendor_persist_type, file_type; # Fingerprint -type vendor_fingerprint_data_file, data_file_type, file_type; +type fingerprint_data_file, data_file_type, core_data_file_type, file_type; # Thermal type thermal_data_file, data_file_type, file_type; diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index 5bd3fe2..a0491e6 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -21,18 +21,18 @@ /mnt/vendor/dsp/fastrpc_shell_3 u:object_r:public_adsprpcd_file:s0 # Fingerprint -/dev/goodix_fp u:object_r:vendor_fingerprint_device:s0 -/dev/silead_fp u:object_r:vendor_fingerprint_device:s0 -/dev/silead_s.* u:object_r:vendor_fingerprint_device:s0 -/dev/silead_stub u:object_r:vendor_fingerprint_device:s0 -/dev/spidev.* u:object_r:vendor_fingerprint_device:s0 -/data/vendor/fpc(/.*)? u:object_r:vendor_fingerprint_data_file:s0 -/data/vendor/fpdump(/.*)? u:object_r:vendor_fingerprint_data_file:s0 -/data/vendor/goodix(/.*)? u:object_r:vendor_fingerprint_data_file:s0 -/data/vendor/goodix/gf_data(/.*)? u:object_r:vendor_fingerprint_data_file:s0 -/data/vendor/silead(/.*)? u:object_r:vendor_fingerprint_data_file:s0 -/mnt/vendor/persist/silead(/.*)? u:object_r:vendor_fingerprint_data_file:s0 -/mnt/vendor/persist/goodix(/.*)? u:object_r:vendor_fingerprint_data_file:s0 +/dev/goodix_fp u:object_r:fingerprint_device:s0 +/dev/silead_fp u:object_r:fingerprint_device:s0 +/dev/silead_s.* u:object_r:fingerprint_device:s0 +/dev/silead_stub u:object_r:fingerprint_device:s0 +/dev/spidev.* u:object_r:fingerprint_device:s0 +/data/gf_data(/.*)? u:object_r:fingerprint_data_file:s0 +/data/vendor/fpc(/.*)? u:object_r:fingerprint_vendor_data_file:s0 +/data/vendor/fpdump(/.*)? u:object_r:fingerprint_vendor_data_file:s0 +/data/vendor/goodix(/.*)? u:object_r:fingerprint_vendor_data_file:s0 +/data/vendor_de/[0-9]+/goodix(/.*)? u:object_r:fingerprint_vendor_data_file:s0 +/data/vendor/goodix/gf_data(/.*)? u:object_r:fingerprint_vendor_data_file:s0 +/data/vendor/silead(/.*)? u:object_r:fingerprint_vendor_data_file:s0 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2.3-service\.xiaomi u:object_r:hal_fingerprint_default_exec:s0 /vendor/bin/hw/vendor\.silead\.hardware\.fingerprintext@1\.0-service u:object_r:hal_fingerprint_default_exec:s0 diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te index c1ee1c9..d9e1532 100644 --- a/sepolicy/vendor/hal_fingerprint_default.te +++ b/sepolicy/vendor/hal_fingerprint_default.te @@ -1,17 +1,24 @@ +typeattribute hal_fingerprint_default data_between_core_and_vendor_violators; + # Binder allow hal_fingerprint_default vendor_hal_perf_default:binder call; allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find; -# Props -set_prop(hal_fingerprint_default, vendor_fingerprint_prop) +# Data +allow hal_fingerprint_default fingerprint_data_file:dir rw_dir_perms; +allow hal_fingerprint_default fingerprint_data_file:file create_file_perms; + +# Dev nodes +allow hal_fingerprint_default { + fingerprint_device + input_device + tee_device + uhid_device +}: chr_file rw_file_perms; + +allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl; # Sysfs -allow hal_fingerprint_default { - sysfs_rtc - vendor_sysfs_fingerprint - vendor_sysfs_spss -}: file rw_file_perms; - allow hal_fingerprint_default { input_device sysfs_rtc @@ -19,18 +26,13 @@ allow hal_fingerprint_default { vendor_sysfs_spss }: dir r_dir_perms; -# Dev nodes allow hal_fingerprint_default { - input_device - tee_device - uhid_device - vendor_fingerprint_device -}: chr_file rw_file_perms; - -# Data -allow hal_fingerprint_default vendor_fingerprint_data_file:dir rw_dir_perms; -allow hal_fingerprint_default vendor_fingerprint_data_file:file create_file_perms; - -allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl; + sysfs_rtc + vendor_sysfs_fingerprint + vendor_sysfs_spss +}: file rw_file_perms; r_dir_file(hal_fingerprint_default, firmware_file) + +# Props +set_prop(hal_fingerprint_default, vendor_fingerprint_prop) diff --git a/sepolicy/vendor/tee.te b/sepolicy/vendor/tee.te index d2556fb..fcb5b52 100644 --- a/sepolicy/vendor/tee.te +++ b/sepolicy/vendor/tee.te @@ -1,2 +1,9 @@ -allow tee vendor_fingerprint_data_file:dir create_dir_perms; -allow tee vendor_fingerprint_data_file:file create_file_perms; +typeattribute tee data_between_core_and_vendor_violators; + +allow tee fingerprint_data_file:dir create_dir_perms; +allow tee { + fingerprint_data_file + mnt_vendor_file +}:file create_file_perms; + +allow tee mnt_vendor_file:dir rw_dir_perms;