summaryrefslogtreecommitdiff
path: root/sepolicy
diff options
context:
space:
mode:
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/app.te4
-rw-r--r--sepolicy/file_contexts3
-rw-r--r--sepolicy/hal_mlipay_default.te16
-rw-r--r--sepolicy/hwservice.te2
-rw-r--r--sepolicy/hwservice_contexts1
-rw-r--r--sepolicy/property.te2
-rw-r--r--sepolicy/property_contexts1
7 files changed, 28 insertions, 1 deletions
diff --git a/sepolicy/app.te b/sepolicy/app.te
new file mode 100644
index 0000000..3858674
--- /dev/null
+++ b/sepolicy/app.te
@@ -0,0 +1,4 @@
+allow { appdomain -isolated_app } hal_mlipay_hwservice:hwservice_manager find;
+binder_call({ appdomain -isolated_app }, hal_mlipay_default)
+get_prop({ appdomain -isolated_app }, ifaa_prop)
+get_prop({ appdomain -isolated_app }, hal_fingerprint_prop)
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 6959397..2d50c7b 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -20,5 +20,8 @@
# Light HAL
/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.xiaomi_wayne u:object_r:hal_light_default_exec:s0
+# Mlipay
+/(vendor|system/vendor)/bin/mlipayd u:object_r:hal_mlipay_default_exec:s0
+
# Shell Script
/(vendor|system/vendor)/bin/init\.goodix\.sh u:object_r:init_fingerprint_exec:s0
diff --git a/sepolicy/hal_mlipay_default.te b/sepolicy/hal_mlipay_default.te
new file mode 100644
index 0000000..eb48621
--- /dev/null
+++ b/sepolicy/hal_mlipay_default.te
@@ -0,0 +1,16 @@
+type hal_mlipay_default, domain;
+
+type hal_mlipay_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_mlipay_default)
+
+hwbinder_use(hal_mlipay_default)
+get_prop(hal_mlipay_default, hwservicemanager_prop)
+add_hwservice(hal_mlipay_default, hal_mlipay_hwservice)
+
+allow hal_mlipay_default tee_device:chr_file rw_file_perms;
+allow hal_mlipay_default ion_device:chr_file r_file_perms;
+
+r_dir_file(hal_mlipay_default, firmware_file)
+set_prop(hal_mlipay_default, ifaa_prop);
+
+get_prop(hal_mlipay_default, hal_fingerprint_prop);
diff --git a/sepolicy/hwservice.te b/sepolicy/hwservice.te
index 8f19cf3..32adecb 100644
--- a/sepolicy/hwservice.te
+++ b/sepolicy/hwservice.te
@@ -1,2 +1,2 @@
-
type goodixhw_service, hwservice_manager_type;
+type hal_mlipay_hwservice, hwservice_manager_type, untrusted_app_visible_hwservice;
diff --git a/sepolicy/hwservice_contexts b/sepolicy/hwservice_contexts
index 6fdbcd8..8ff7ae7 100644
--- a/sepolicy/hwservice_contexts
+++ b/sepolicy/hwservice_contexts
@@ -1 +1,2 @@
vendor.goodix.hardware.fingerprint::IGoodixBiometricsFingerprint u:object_r:goodixhw_service:s0
+vendor.xiaomi.hardware.mlipay::IMlipayService u:object_r:hal_mlipay_hwservice:s0
diff --git a/sepolicy/property.te b/sepolicy/property.te
index 0d82962..20dd7a4 100644
--- a/sepolicy/property.te
+++ b/sepolicy/property.te
@@ -1 +1,3 @@
type hal_fingerprint_prop, property_type;
+type ifaa_prop, property_type;
+
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
index 6ac6236..57f8ba8 100644
--- a/sepolicy/property_contexts
+++ b/sepolicy/property_contexts
@@ -2,3 +2,4 @@ sys.fp.goodix u:object_r:hal_fingerprint_prop:s0
sys.fp.vendor u:object_r:hal_fingerprint_prop:s0
persist.sys.fp.info u:object_r:hal_fingerprint_prop:s0
persist.sys.fp.vendor u:object_r:hal_fingerprint_prop:s0
+persist.sys.ifaa u:object_r:ifaa_prop:s0