diff options
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/app.te | 4 | ||||
-rw-r--r-- | sepolicy/file_contexts | 3 | ||||
-rw-r--r-- | sepolicy/hal_mlipay_default.te | 16 | ||||
-rw-r--r-- | sepolicy/hwservice.te | 2 | ||||
-rw-r--r-- | sepolicy/hwservice_contexts | 1 | ||||
-rw-r--r-- | sepolicy/property.te | 2 | ||||
-rw-r--r-- | sepolicy/property_contexts | 1 |
7 files changed, 28 insertions, 1 deletions
diff --git a/sepolicy/app.te b/sepolicy/app.te new file mode 100644 index 0000000..3858674 --- /dev/null +++ b/sepolicy/app.te @@ -0,0 +1,4 @@ +allow { appdomain -isolated_app } hal_mlipay_hwservice:hwservice_manager find; +binder_call({ appdomain -isolated_app }, hal_mlipay_default) +get_prop({ appdomain -isolated_app }, ifaa_prop) +get_prop({ appdomain -isolated_app }, hal_fingerprint_prop) diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 6959397..2d50c7b 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -20,5 +20,8 @@ # Light HAL /(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.xiaomi_wayne u:object_r:hal_light_default_exec:s0 +# Mlipay +/(vendor|system/vendor)/bin/mlipayd u:object_r:hal_mlipay_default_exec:s0 + # Shell Script /(vendor|system/vendor)/bin/init\.goodix\.sh u:object_r:init_fingerprint_exec:s0 diff --git a/sepolicy/hal_mlipay_default.te b/sepolicy/hal_mlipay_default.te new file mode 100644 index 0000000..eb48621 --- /dev/null +++ b/sepolicy/hal_mlipay_default.te @@ -0,0 +1,16 @@ +type hal_mlipay_default, domain; + +type hal_mlipay_default_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_mlipay_default) + +hwbinder_use(hal_mlipay_default) +get_prop(hal_mlipay_default, hwservicemanager_prop) +add_hwservice(hal_mlipay_default, hal_mlipay_hwservice) + +allow hal_mlipay_default tee_device:chr_file rw_file_perms; +allow hal_mlipay_default ion_device:chr_file r_file_perms; + +r_dir_file(hal_mlipay_default, firmware_file) +set_prop(hal_mlipay_default, ifaa_prop); + +get_prop(hal_mlipay_default, hal_fingerprint_prop); diff --git a/sepolicy/hwservice.te b/sepolicy/hwservice.te index 8f19cf3..32adecb 100644 --- a/sepolicy/hwservice.te +++ b/sepolicy/hwservice.te @@ -1,2 +1,2 @@ - type goodixhw_service, hwservice_manager_type; +type hal_mlipay_hwservice, hwservice_manager_type, untrusted_app_visible_hwservice; diff --git a/sepolicy/hwservice_contexts b/sepolicy/hwservice_contexts index 6fdbcd8..8ff7ae7 100644 --- a/sepolicy/hwservice_contexts +++ b/sepolicy/hwservice_contexts @@ -1 +1,2 @@ vendor.goodix.hardware.fingerprint::IGoodixBiometricsFingerprint u:object_r:goodixhw_service:s0 +vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0 diff --git a/sepolicy/property.te b/sepolicy/property.te index 0d82962..20dd7a4 100644 --- a/sepolicy/property.te +++ b/sepolicy/property.te @@ -1 +1,3 @@ type hal_fingerprint_prop, property_type; +type ifaa_prop, property_type; + diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts index 6ac6236..57f8ba8 100644 --- a/sepolicy/property_contexts +++ b/sepolicy/property_contexts @@ -2,3 +2,4 @@ sys.fp.goodix u:object_r:hal_fingerprint_prop:s0 sys.fp.vendor u:object_r:hal_fingerprint_prop:s0 persist.sys.fp.info u:object_r:hal_fingerprint_prop:s0 persist.sys.fp.vendor u:object_r:hal_fingerprint_prop:s0 +persist.sys.ifaa u:object_r:ifaa_prop:s0 |