| |
| binder_call(hal_fingerprint_default, system_app); |
| binder_call(system_app, fingerprintd); |
| binder_call(fingerprintd, system_app); |
| |
| file_type_auto_trans(fingerprintd, system_data_file, fingerprintd_data_file); |
| |
| allow fingerprintd goodixfingerprintd_service:service_manager { add find }; |
| allow fingerprintd fingerprint_service:service_manager { find }; |
| allow fingerprintd power_service:service_manager { find }; |
| |
| # Access file |
| allow fingerprintd fingerprintd_data_file:file rw_file_perms; |
| |
| # Access fingerprint devices at all. |
| allow fingerprintd fingerprintd_device:chr_file rw_file_perms; |
| |
| # allow TEE - CtsSecurityHostTestCases android.cts.security.SELinuxNeverallowRulesTest#testNeverallowRules663 |
| # allow fingerprintd tee_device:chr_file rw_file_perms; |
| |
| # allow access /dev/ion |
| allow fingerprintd ion_device:chr_file rw_file_perms; |
| |
| #for netlink use |
| allow fingerprintd self:netlink_socket create_socket_perms_no_ioctl; |
| |
| # allow sdcard access right |
| allow fingerprintd media_rw_data_file:dir create_dir_perms; |
| allow fingerprintd media_rw_data_file:file create_file_perms; |
| |
| #allow for uinput |
| allow fingerprintd uhid_device:chr_file rw_file_perms; |