New SeLinux policy for fingerprint HIDL Move from fingerprintd to new fingerprint_hal and update SeLinux policy. Test: Boot with no errors related to fingerprint sepolicy Bug: 33199080 Change-Id: Idfde0cb0530e75e705033042f64f3040f6df22d6

commit: 54e0e5af8f4f0b4fd46cb1a015af079f6859e638 [log] [tgz]
author: Jim Miller <jaggies@google.com> Thu Dec 15 19:46:43 2016 -0800
committer: Sasha Levitskiy <sanek@google.com> Fri Jan 13 13:28:31 2017 -0800
tree: 84f3abe7847a22ef4f86a089ab0946cf58597afe
parent: 953c439643df097b5aa0dfeb75999e3f1e87f2ff [diff] [blame]
diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te
new file mode 100644
index 0000000..426b73a
--- /dev/null
+++ b/public/hal_fingerprint.te

@@ -0,0 +1,23 @@
+hwbinder_use(hal_fingerprint)
+
+# Scan through /system/lib64/hw looking for installed HALs
+allow hal_fingerprint system_file:dir r_dir_perms;
+
+# allow HAL module to read dir contents
+allow hal_fingerprint fingerprintd_data_file:file create_file_perms;
+
+# allow HAL module to read/write/unlink contents of this dir
+allow hal_fingerprint fingerprintd_data_file:dir rw_dir_perms;
+
+# Need to add auth tokens to KeyStore
+use_keystore(hal_fingerprint)
+allow hal_fingerprint keystore:keystore_key add_auth;
+
+# For permissions checking
+binder_call(hal_fingerprint, system_server);
+allow hal_fingerprint permission_service:service_manager find;
+
+# For memory allocation
+allow hal_fingerprint ion_device:chr_file r_file_perms;
+
+r_dir_file(hal_fingerprint, cgroup)
commit	54e0e5af8f4f0b4fd46cb1a015af079f6859e638	[log] [tgz]
author	Jim Miller <jaggies@google.com>	Thu Dec 15 19:46:43 2016 -0800
committer	Sasha Levitskiy <sanek@google.com>	Fri Jan 13 13:28:31 2017 -0800
tree	84f3abe7847a22ef4f86a089ab0946cf58597afe
parent	953c439643df097b5aa0dfeb75999e3f1e87f2ff [diff] [blame]