android_device_xiaomi_sdm66.../sepolicy/vendor/hal_fingerprint_sdm660.te
OdSazib 478a2b33b6
sdm660-common: sepolicy: Rework sepolicy (No more neverallow)
- Thanks to LineageOS and our sdm660 community

Change-Id: I54c7d76260041b7c383428449e149aa35d51de9b3c
2021-05-18 05:03:51 +06:00

30 lines
1.3 KiB
Text

type hal_fingerprint_sdm660, domain;
type hal_fingerprint_sdm660_exec, exec_type, vendor_file_type, file_type;
hal_server_domain(hal_fingerprint_sdm660, hal_fingerprint)
init_daemon_domain(hal_fingerprint_sdm660)
allow hal_fingerprint_sdm660 {
fingerprint_device
tee_device
uhid_device
}:chr_file rw_file_perms;
# TODO(b/36644492): Remove data_between_core_and_vendor_violators once
# hal_fingerprint no longer directly accesses fingerprintd_data_file.
typeattribute hal_fingerprint_sdm660 data_between_core_and_vendor_violators;
# access to /data/system/users/[0-9]+/fpdata
allow hal_fingerprint_sdm660 fingerprintd_data_file:dir rw_dir_perms;
allow hal_fingerprint_sdm660 fingerprintd_data_file:file create_file_perms;
allow hal_fingerprint_sdm660 hal_perf_hwservice:hwservice_manager find;
allow hal_fingerprint_sdm660 self:netlink_socket create_socket_perms_no_ioctl;
allow hal_fingerprint_sdm660 sysfs_fingerprint:file rw_file_perms;
allow hal_fingerprint_sdm660 sysfs_devfreq:dir search;
allow hal_fingerprint_sdm660 sysfs_devfreq:file r_file_perms;
binder_call(hal_fingerprint_sdm660, hal_perf_default)
r_dir_file(hal_fingerprint_sdm660, firmware_file)
r_dir_file(hal_fingerprint_sdm660, sysfs_devfreq)
set_prop(hal_fingerprint_sdm660, hal_fingerprint_prop)
dontaudit hal_fingerprint_default storage_file:dir search;