Add sepolicy for IFingerprint Bug: 152416783 Test: run on cuttlefish Change-Id: I58d7c3bc9c81612b03bab3b9da938c091c02e3c1

commit: c71c2993e925165a56cb2fec75a98ea3a4c14e78 [log] [tgz]
author: Ilya Matyukhin <ilyamaty@google.com> Wed Sep 02 13:32:05 2020 -0700
committer: Ilya Matyukhin <ilyamaty@google.com> Thu Sep 10 16:50:19 2020 -0700
tree: 3ad1a2c70f47ba9676492a410f6b0c01b7737d44
parent: 27ba511b4e9124f8a0cf498b9cb01541f7512d3a [diff]
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 4dce1a6..66286d5 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil

@@ -11,6 +11,7 @@
     debugfs_kprobes
     gki_apex_prepostinstall
     gki_apex_prepostinstall_exec
+    hal_fingerprint_service
     gnss_device
     hal_dumpstate_config_prop
     keystore2_key_contexts_file

diff --git a/private/service_contexts b/private/service_contexts
index a78b108..35332ab 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -1,3 +1,4 @@
+android.hardware.biometrics.fingerprint.IFingerprint/default         u:object_r:hal_fingerprint_service:s0
 android.hardware.identity.IIdentityCredentialStore/default           u:object_r:hal_identity_service:s0
 android.hardware.light.ILights/default                               u:object_r:hal_light_service:s0
 android.hardware.power.IPower/default                                u:object_r:hal_power_service:s0

diff --git a/private/system_server.te b/private/system_server.te
index 849676e..bd57ad8 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -777,7 +777,6 @@
 allow system_server gatekeeper_service:service_manager find;
 allow system_server gpu_service:service_manager find;
 allow system_server gsi_service:service_manager find;
-allow system_server hal_fingerprint_service:service_manager find;
 allow system_server idmap_service:service_manager find;
 allow system_server incident_service:service_manager find;
 allow system_server incremental_service:service_manager find;

diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te
index b673e29..929f120 100644
--- a/public/hal_fingerprint.te
+++ b/public/hal_fingerprint.te

@@ -4,6 +4,11 @@
 
 hal_attribute_hwservice(hal_fingerprint, hal_fingerprint_hwservice)
 
+add_service(hal_fingerprint_server, hal_fingerprint_service)
+binder_call(hal_fingerprint_server, servicemanager)
+
+allow hal_fingerprint_client hal_fingerprint_service:service_manager find;
+
 # For memory allocation
 allow hal_fingerprint ion_device:chr_file r_file_perms;
 

diff --git a/public/service.te b/public/service.te
index 07ab90f..d30ba74 100644
--- a/public/service.te
+++ b/public/service.te

@@ -9,7 +9,6 @@
 type drmserver_service,         service_manager_type;
 type dumpstate_service,         service_manager_type;
 type fingerprintd_service,      service_manager_type;
-type hal_fingerprint_service,   service_manager_type;
 type gatekeeper_service,        app_api_service, service_manager_type;
 type gpu_service,               app_api_service, ephemeral_app_api_service, service_manager_type;
 type idmap_service,             service_manager_type;
@@ -212,6 +211,7 @@
 ### HAL Services
 ###
 
+type hal_fingerprint_service, vendor_service, service_manager_type;
 type hal_identity_service, vendor_service, service_manager_type;
 type hal_light_service, vendor_service, service_manager_type;
 type hal_power_service, vendor_service, service_manager_type;

diff --git a/vendor/file_contexts b/vendor/file_contexts
index 09b20d9..11234bc 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts

@@ -10,8 +10,9 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-(service|protocan-service)  u:object_r:hal_vehicle_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service      u:object_r:hal_bluetooth_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service\.btlinux    u:object_r:hal_bluetooth_btlinux_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.[0-9]+-service\.example u:object_r:hal_face_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint-service u:object_r:hal_fingerprint_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-9]+-service      u:object_r:hal_bootctl_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@\d+\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service_64       u:object_r:hal_camera_default_exec:s0
commit	c71c2993e925165a56cb2fec75a98ea3a4c14e78	[log] [tgz]
author	Ilya Matyukhin <ilyamaty@google.com>	Wed Sep 02 13:32:05 2020 -0700
committer	Ilya Matyukhin <ilyamaty@google.com>	Thu Sep 10 16:50:19 2020 -0700
tree	3ad1a2c70f47ba9676492a410f6b0c01b7737d44
parent	27ba511b4e9124f8a0cf498b9cb01541f7512d3a [diff]