commit 54e0e5af8f4f0b4fd46cb1a015af079f6859e638
author Jim Miller <jaggies@google.com> Thu Dec 15 19:46:43 2016 -0800
committer Sasha Levitskiy <sanek@google.com> Fri Jan 13 13:28:31 2017 -0800
tree 84f3abe7847a22ef4f86a089ab0946cf58597afe
parent 953c439643df097b5aa0dfeb75999e3f1e87f2ff

New SeLinux policy for fingerprint HIDL

Move from fingerprintd to new fingerprint_hal and update SeLinux policy.

Test: Boot with no errors related to fingerprint sepolicy
Bug: 33199080
Change-Id: Idfde0cb0530e75e705033042f64f3040f6df22d6

private/file_contexts

diff --git a/private/file_contexts b/private/file_contexts
index 8767312..4501016 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -238,6 +238,7 @@
 /system/bin/hw/android\.hardware\.bluetooth@1\.0-service      u:object_r:hal_bluetooth_default_exec:s0
 /system/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
 /system/bin/hw/android\.hardware\.contexthub@1\.0-service     u:object_r:hal_contexthub_default_exec:s0
+/system/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
 /system/bin/hw/android\.hardware\.dumpstate@1\.0-service      u:object_r:hal_dumpstate_default_exec:s0
 /system/bin/hw/android\.hardware\.gatekeeper@1\.0-service     u:object_r:hal_gatekeeper_default_exec:s0
 /system/bin/hw/android\.hardware\.gnss@1\.0-service           u:object_r:hal_gnss_default_exec:s0

private/hal_fingerprint_default.te

diff --git a/private/hal_fingerprint_default.te b/private/hal_fingerprint_default.te
new file mode 100644
index 0000000..3903f85
--- /dev/null
+++ b/private/hal_fingerprint_default.te
@@ -0,0 +1,5 @@
+type hal_fingerprint_default, hal_fingerprint, domain;
+type hal_fingerprint_default_exec, exec_type, file_type;
+# type_transition must be private policy the domain_trans rules could stay
+# public, but conceptually should go with this
+init_daemon_domain(hal_fingerprint_default)