Added placeholder SELinux policy for the biometric face HAL.
Notes:
- Added face hal domain, context and file types for the default
SELinux policy.
- Please see aosp/q/topic:"Face+Authentication"
Bug: 80155388
Test: Built successfully.
Change-Id: I2e02cf6df009c5ca476dfd842b493c6b76b7712a
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 9df4f12..8247614 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -35,6 +35,7 @@
fwk_stats_hwservice
color_display_service
hal_atrace_hwservice
+ hal_face_hwservice
hal_health_storage_hwservice
hal_power_stats_hwservice
hal_system_suspend_default
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index f64eccd..1fead40 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -10,6 +10,7 @@
android.hardware.automotive.audiocontrol::IAudioControl u:object_r:hal_audiocontrol_hwservice:s0
android.hardware.automotive.evs::IEvsEnumerator u:object_r:hal_evs_hwservice:s0
android.hardware.automotive.vehicle::IVehicle u:object_r:hal_vehicle_hwservice:s0
+android.hardware.biometrics.face::IBiometricsFace u:object_r:hal_face_hwservice:s0
android.hardware.biometrics.fingerprint::IBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0
android.hardware.bluetooth::IBluetoothHci u:object_r:hal_bluetooth_hwservice:s0
android.hardware.bluetooth.a2dp::IBluetoothAudioOffload u:object_r:hal_audio_hwservice:s0
diff --git a/private/system_server.te b/private/system_server.te
index ed864f5..b8e0511 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -205,6 +205,7 @@
hal_client_domain(system_server, hal_broadcastradio)
hal_client_domain(system_server, hal_configstore)
hal_client_domain(system_server, hal_contexthub)
+hal_client_domain(system_server, hal_face)
hal_client_domain(system_server, hal_fingerprint)
hal_client_domain(system_server, hal_gnss)
hal_client_domain(system_server, hal_graphics_allocator)