Add placeholder iris and face policy for vold data directory Test: vold is able to create directories, ag/5534962 Bug: 116528212 Change-Id: I61dd8802c13b1c42d334a80b678ca6a877848fc2

commit: 92bde4b941b7078a5fdf8aec6660ca44d0ffbb49 [log] [tgz]
author: Kevin Chyn <kchyn@google.com> Thu Nov 15 15:28:07 2018 -0800
committer: Kevin Chyn <kchyn@google.com> Thu Nov 15 17:32:03 2018 -0800
tree: bc9799ce8489e07f37562d5f9a17855ab27332e3
parent: cf7f20cfb4b54caf5e12643b0a1e688a7ff26e2f [diff]
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 7906421..4e653b2 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil

@@ -2,6 +2,7 @@
 (type audio_seq_device)
 (type audio_timer_device)
 (type commontime_management_service)
+(type fingerprint_vendor_data_file)
 (type full_device)
 (type i2c_device)
 (type kmem_device)
@@ -1073,7 +1074,7 @@
 (typeattributeset fingerprintd_service_28_0 (fingerprintd_service))
 (typeattributeset fingerprint_prop_28_0 (fingerprint_prop))
 (typeattributeset fingerprint_service_28_0 (fingerprint_service))
-(typeattributeset fingerprint_vendor_data_file_28_0 (fingerprint_vendor_data_file))
+(typeattributeset fingerprint_vendor_data_file_28_0 (biometric_vendor_data_file))
 (typeattributeset firstboot_prop_28_0 (firstboot_prop))
 (typeattributeset font_service_28_0 (font_service))
 (typeattributeset frp_block_device_28_0 (frp_block_device))

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 2caedda..7548786 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil

@@ -17,6 +17,7 @@
     apexd_prop
     apexd_tmpfs
     biometric_service
+    biometric_vendor_data_file
     device_config_boot_count_prop
     device_config_reset_performed_prop
     face_service

diff --git a/private/file_contexts b/private/file_contexts
index 9ef18e2..7127745 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -484,7 +484,13 @@
 /data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
 
 # Fingerprint vendor data file
-/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0
+/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:biometric_vendor_data_file:s0
+
+# Face vendor data file
+/data/vendor_de/[0-9]+/facedata(/.*)? u:object_r:biometric_vendor_data_file:s0
+
+# Iris vendor data file
+/data/vendor_de/[0-9]+/irisdata(/.*)? u:object_r:biometric_vendor_data_file:s0
 
 # Bootchart data
 /data/bootchart(/.*)?		u:object_r:bootchart_data_file:s0

diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 0d062e9..8ed8f56 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te

@@ -14,12 +14,12 @@
   vendor_data_file
 }:dir { open read write add_name remove_name rmdir relabelfrom };
 allow vold_prepare_subdirs {
-    fingerprint_vendor_data_file
+    biometric_vendor_data_file
     storaged_data_file
     vold_data_file
 }:dir { create_dir_perms relabelto };
 allow vold_prepare_subdirs {
-    fingerprint_vendor_data_file
+    biometric_vendor_data_file
     storaged_data_file
     system_data_file
     vold_data_file

diff --git a/public/file.te b/public/file.te
index 87636d3..9cdd5f4 100644
--- a/public/file.te
+++ b/public/file.te

@@ -352,8 +352,8 @@
 type bluetooth_efs_file, file_type;
 # Type for fingerprint template file
 type fingerprintd_data_file, file_type, data_file_type, core_data_file_type;
-# Type for _new_ fingerprint template file
-type fingerprint_vendor_data_file, file_type, data_file_type;
+# Type for biometric template file
+type biometric_vendor_data_file, file_type, data_file_type;
 # Type for appfuse file.
 type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 

diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te
index b673e29..a0222e9 100644
--- a/public/hal_fingerprint.te
+++ b/public/hal_fingerprint.te

@@ -7,8 +7,8 @@
 # For memory allocation
 allow hal_fingerprint ion_device:chr_file r_file_perms;
 
-allow hal_fingerprint fingerprint_vendor_data_file:file { create_file_perms };
-allow hal_fingerprint fingerprint_vendor_data_file:dir rw_dir_perms;
+allow hal_fingerprint biometric_vendor_data_file:file { create_file_perms };
+allow hal_fingerprint biometric_vendor_data_file:dir rw_dir_perms;
 
 r_dir_file(hal_fingerprint, cgroup)
 r_dir_file(hal_fingerprint, sysfs)

diff --git a/public/tee.te b/public/tee.te
index 0f9b32d..dffe06f 100644
--- a/public/tee.te
+++ b/public/tee.te

@@ -6,6 +6,6 @@
 # Device(s) for communicating with the TEE
 type tee_device, dev_type;
 
-allow tee fingerprint_vendor_data_file:dir rw_dir_perms;
-allow tee fingerprint_vendor_data_file:file create_file_perms;
+allow tee biometric_vendor_data_file:dir rw_dir_perms;
+allow tee biometric_vendor_data_file:file create_file_perms;
commit	92bde4b941b7078a5fdf8aec6660ca44d0ffbb49	[log] [tgz]
author	Kevin Chyn <kchyn@google.com>	Thu Nov 15 15:28:07 2018 -0800
committer	Kevin Chyn <kchyn@google.com>	Thu Nov 15 17:32:03 2018 -0800
tree	bc9799ce8489e07f37562d5f9a17855ab27332e3
parent	cf7f20cfb4b54caf5e12643b0a1e688a7ff26e2f [diff]