universal7870: update sepolicy (wip)

2025-09-06 16:28:06 -04:00 · 2020-03-26 11:38:15 +01:00 · 2020-03-26 11:38:15 +01:00 · 4cd64b76bd
commit 4cd64b76bd
parent 841f56ecbf
46 changed files with 515 additions and 184 deletions
--- a/sepolicy/hal_fingerprint_default.te
+++ b/sepolicy/hal_fingerprint_default.te
@ -0,0 +1,20 @@
+# allow hal_fingerprint_default to communicate with various devices
+binder_call(system_app, hal_fingerprint_default);
+
+# kernel fp device
+allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
+
+# secure memory device
+allow hal_fingerprint_default secmem_device:chr_file rw_file_perms;
+
+# trust zone device
+allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
+allow hal_fingerprint_default tee:unix_stream_socket connectto;
+
+# /data/biometrics/*
+allow hal_fingerprint_default fingerprintd_data_file:dir create_dir_perms;
+allow hal_fingerprint_default fingerprintd_data_file:file create_file_perms;
+
+# sysfs_virtual
+allow hal_fingerprint_default sysfs_virtual:dir { read open search };
+allow hal_fingerprint_default sysfs_virtual:file { read open };