diff options
| author | Davide Garberi <dade.garberi@gmail.com> | 2019-09-19 19:55:48 +0200 |
|---|---|---|
| committer | Michael Bestas <mkbestas@lineageos.org> | 2020-04-30 00:48:53 +0300 |
| commit | 43ec21599445fc7048b300c93ab939eda304808e (patch) | |
| tree | 553e5d3a3ca5b518d35746f0dc9b1132b27b444c | |
| parent | 1aa2263a21d2f4059af70f0b8615ea006024baeb (diff) | |
sdm660-common: sepolicy: Fix some hwservice fingerprint denials
avc: denied { find } for interface=com.fingerprints.extension::IFingerprintNavigation sid=u:r:system_server:s0 pid=1282 scontext=u:r:system_server:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager
avc: denied { find } for interface=vendor.qti.hardware.perf::IPerf sid=u:r:hal_fingerprint_sdm660:s0 pid=845 scontext=u:r:hal_fingerprint_sdm660:s0 tcontext=u:object_r:hal_perf_hwservice:s0 tclass=hwservice_manager
Change-Id: Id8a26ab1134d8ea4e7b0e712f19784180372ee8b
| -rw-r--r-- | sepolicy/vendor/hwservice.te | 1 | ||||
| -rw-r--r-- | sepolicy/vendor/hwservice_contexts | 1 | ||||
| -rw-r--r-- | sepolicy/vendor/init_fingerprint.te | 1 | ||||
| -rw-r--r-- | sepolicy/vendor/system_server.te | 1 |
4 files changed, 3 insertions, 1 deletions
diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te index 32adecb..db29744 100644 --- a/sepolicy/vendor/hwservice.te +++ b/sepolicy/vendor/hwservice.te @@ -1,2 +1,3 @@ type goodixhw_service, hwservice_manager_type; type hal_mlipay_hwservice, hwservice_manager_type, untrusted_app_visible_hwservice; +type fpnav_hwservice, hwservice_manager_type; diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts index 8ff7ae7..14bb48b 100644 --- a/sepolicy/vendor/hwservice_contexts +++ b/sepolicy/vendor/hwservice_contexts @@ -1,2 +1,3 @@ vendor.goodix.hardware.fingerprint::IGoodixBiometricsFingerprint u:object_r:goodixhw_service:s0 +com.fingerprints.extension::IFingerprintNavigation u:object_r:fpnav_hwservice:s0 vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0 diff --git a/sepolicy/vendor/init_fingerprint.te b/sepolicy/vendor/init_fingerprint.te index 9ef78c4..29ea735 100644 --- a/sepolicy/vendor/init_fingerprint.te +++ b/sepolicy/vendor/init_fingerprint.te @@ -12,5 +12,4 @@ allow init_fingerprint vendor_toolbox_exec:file rx_file_perms; allow init_fingerprint persist_file:dir search; allow init_fingerprint persist_drm_file:dir { read search open write remove_name }; allow init_fingerprint persist_drm_file:file { getattr unlink }; - allow init_fingerprint system_data_file:file getattr; diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te index c9135cf..1ab55bd 100644 --- a/sepolicy/vendor/system_server.te +++ b/sepolicy/vendor/system_server.te @@ -2,3 +2,4 @@ allow system_server vendor_keylayout_file:dir search; allow system_server vendor_keylayout_file:file r_file_perms; allow system_server sysfs_vibrator:file rw_file_perms; allow system_server sysfs_rtc:file r_file_perms; +allow system_server fpnav_hwservice:hwservice_manager { add find }; |