Add placeholder iris and face policy for vold data directory This is PS1 of aosp/828283 which was reverted. Using PS1 shouldn't cause the same issue. Test: vold is able to create directories, ag/5534962 Bug: 116528212 Change-Id: I84aca49a8dae0a087498120780dea0962aca04b3

commit: 91c2580bce945a23c308d257c23fb8c7ef0795ab [log] [tgz]
author: Kevin Chyn <kchyn@google.com> Thu Nov 15 15:28:07 2018 -0800
committer: Kevin Chyn <kchyn@google.com> Fri Nov 30 11:37:19 2018 -0800
tree: 4ba679ffa256c50e00e5a363cda3ebc660150839
parent: 2725edc6586f5ddedd5aaa913ef69c560f36c001 [diff]
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index cf72e37..fa7cd58 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil

@@ -23,6 +23,7 @@
     device_config_reset_performed_prop
     device_config_flags_health_check_prop
     face_service
+    face_vendor_data_file
     fastbootd
     flags_health_check
     flags_health_check_exec
@@ -41,6 +42,7 @@
     idmap_service
     intelligence_service
     iris_service
+    iris_vendor_data_file
     llkd
     llkd_exec
     llkd_prop

diff --git a/private/file_contexts b/private/file_contexts
index acd5df9..493d782 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -484,6 +484,12 @@
 # Fingerprint vendor data file
 /data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0
 
+# Face vendor data file
+/data/vendor_de/[0-9]+/facedata(/.*)? u:object_r:face_vendor_data_file:s0
+
+# Iris vendor data file
+/data/vendor_de/[0-9]+/irisdata(/.*)? u:object_r:iris_vendor_data_file:s0
+
 # Bootchart data
 /data/bootchart(/.*)?		u:object_r:bootchart_data_file:s0
 

diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 0d062e9..e93e1e5 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te

@@ -14,12 +14,16 @@
   vendor_data_file
 }:dir { open read write add_name remove_name rmdir relabelfrom };
 allow vold_prepare_subdirs {
+    face_vendor_data_file
     fingerprint_vendor_data_file
+    iris_vendor_data_file
     storaged_data_file
     vold_data_file
 }:dir { create_dir_perms relabelto };
 allow vold_prepare_subdirs {
+    face_vendor_data_file
     fingerprint_vendor_data_file
+    iris_vendor_data_file
     storaged_data_file
     system_data_file
     vold_data_file

diff --git a/public/file.te b/public/file.te
index 3d09537..cb0c543 100644
--- a/public/file.te
+++ b/public/file.te

@@ -358,6 +358,10 @@
 type fingerprint_vendor_data_file, file_type, data_file_type;
 # Type for appfuse file.
 type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# Type for face template file
+type face_vendor_data_file, file_type, data_file_type;
+# Type for iris template file
+type iris_vendor_data_file, file_type, data_file_type;
 
 # Socket types
 type adbd_socket, file_type, coredomain_socket;
commit	91c2580bce945a23c308d257c23fb8c7ef0795ab	[log] [tgz]
author	Kevin Chyn <kchyn@google.com>	Thu Nov 15 15:28:07 2018 -0800
committer	Kevin Chyn <kchyn@google.com>	Fri Nov 30 11:37:19 2018 -0800
tree	4ba679ffa256c50e00e5a363cda3ebc660150839
parent	2725edc6586f5ddedd5aaa913ef69c560f36c001 [diff]