Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_device_shift_otter / ca043bc9a476fdb5c624a223148d2646cf81d0e0^! / .
commitca043bc9a476fdb5c624a223148d2646cf81d0e0[log] [tgz]
authorAlexander Martinz <amartinz@shiftphones.com>Thu Nov 07 17:25:35 2024 +0100
committerAlexander Martinz <amartinz@shiftphones.com>Thu Nov 14 14:36:13 2024 +0100
tree8f6dc986d0db971f70b145866cf4a53fb5e89ef8
parent02a5ea9dd1c3d65e17fc2c7610dcd6fbf3cd6c22 [diff]
otter: sepolicy: fingerprint: initial policies for enrollment

Change-Id: Id8fc31e7fa7042b2452c00d979f93b74aa77483a
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>

diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index fb5c2bb..61f0205 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts

@@ -1,5 +1,7 @@
 # Fingerprint
 /dev/goodix_fp                                                             u:object_r:fingerprint_device:s0
+/data/vendor/goodix/gf_data(/.*)?                                          u:object_r:fingerprint_data_file:s0
+/mnt/vendor/persist/goodix(/.*)?                                           u:object_r:fingerprint_data_file:s0
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.3-service\.otter u:object_r:hal_fingerprint_default_exec:s0
 
 # NFC

diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te
index 11ea706..346bab7 100644
--- a/sepolicy/vendor/hal_fingerprint_default.te
+++ b/sepolicy/vendor/hal_fingerprint_default.te

@@ -1,8 +1,12 @@
+allow hal_fingerprint_default fingerprint_data_file:dir create_dir_perms;
+allow hal_fingerprint_default fingerprint_data_file:file rw_file_perms;
 allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
-
-allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
-
 allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
+allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
+allow hal_fingerprint_default uhid_device:chr_file rw_file_perms;
+
+allow hal_fingerprint_default vendor_data_file:dir create_dir_perms;
+allow hal_fingerprint_default vendor_data_file:file create_file_perms;
 
 # gf.debug.fp_vendor
 dontaudit hal_fingerprint_default default_prop:property_service set;

diff --git a/sepolicy/vendor/tee.te b/sepolicy/vendor/tee.te
index d33b0b5..5d1aa64 100644
--- a/sepolicy/vendor/tee.te
+++ b/sepolicy/vendor/tee.te

@@ -1 +1,10 @@
-allow tee mnt_vendor_file:file r_file_perms;
+allow tee fingerprint_data_file:dir rw_dir_perms;
+allow tee fingerprint_data_file:file create_file_perms;
+
+allow tee mnt_vendor_file:dir create_dir_perms;
+allow tee mnt_vendor_file:file create_file_perms;
+
+allow tee tmpfs:dir r_dir_perms;
+
+allow tee vendor_data_file:dir rw_dir_perms;
+allow tee vendor_data_file:file create_file_perms;