commit 3c79af1f7c8b89e25019f45eed2ab67deee2b98c
author Jeff Pu <jeffpu@google.com> Thu Dec 07 16:27:09 2023 -0500
committer Jeff Pu <jeffpu@google.com> Tue Dec 19 13:28:25 2023 -0500
tree 4330ad64955b640429d5a04a5dd357ac69ce9a2d
parent 0027546b066aa2c737e8636bf879a25091f5fbbc

Face Virtual HAL lockout support

Bug: 294254230
Test: atest android.hardware.biometrics.face.FakeLockoutTrackerTest
Change-Id: If7fb024b2ab5d017f5255edf484c487f5406bb9b

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index 53a3d4b..61a3aed 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1547,6 +1547,12 @@
 persist.vendor.face.virtual.strength u:object_r:virtual_face_hal_prop:s0 exact string
 persist.vendor.face.virtual.enrollments u:object_r:virtual_face_hal_prop:s0 exact string
 persist.vendor.face.virtual.features u:object_r:virtual_face_hal_prop:s0 exact string
+persist.vendor.face.virtual.lockout_enable u:object_r:virtual_face_hal_prop:s0 exact bool
+persist.vendor.face.virtual.lockout_timed_enable u:object_r:virtual_face_hal_prop:s0 exact bool
+persist.vendor.face.virtual.lockout_timed_threshold u:object_r:virtual_face_hal_prop:s0 exact int
+persist.vendor.face.virtual.lockout_timed_duration u:object_r:virtual_face_hal_prop:s0 exact int
+persist.vendor.face.virtual.lockout_permanent_threshold u:object_r:virtual_face_hal_prop:s0 exact int
+vendor.face.virtual.no_human_face_detected u:object_r:virtual_face_hal_prop:s0 exact bool
 vendor.face.virtual.enrollment_hit u:object_r:virtual_face_hal_prop:s0 exact int
 vendor.face.virtual.operation_start_enroll_latency u:object_r:virtual_face_hal_prop:s0 exact int
 vendor.face.virtual.next_enrollment u:object_r:virtual_face_hal_prop:s0 exact string

vendor/hal_face_default.te

diff --git a/vendor/hal_face_default.te b/vendor/hal_face_default.te
index 66ce40c..3d608cd 100644
--- a/vendor/hal_face_default.te
+++ b/vendor/hal_face_default.te
@@ -7,4 +7,9 @@
 # android.frameworks.sensorservice through libsensorndkbridge
 allow hal_face_default fwk_sensor_service:service_manager find;
 
-set_prop(hal_face_default, virtual_face_hal_prop)
+# virtual_face_hal_prop is only for debuggable builds
+userdebug_or_eng(`set_prop(hal_face_default, virtual_face_hal_prop)');
+neverallow { domain -init -dumpstate userdebug_or_eng(`-hal_face_default') not_compatible_property(`-vendor_init') } virtual_face_hal_prop:file no_rw_file_perms;
+neverallow { domain -init userdebug_or_eng(`-hal_face_default') not_compatible_property(`-vendor_init') } virtual_face_hal_prop:property_service set;
+
+