Add sepolicy for biometric fingerprint virtual hal
Bug: 326227403
Test: atest BiometricsE2eTests:BiometricPromptAuthSuccessTest -c
Change-Id: Ibdd05e770e17e9fec53358f0334e90d6b58141f2
diff --git a/apex/Android.bp b/apex/Android.bp
index 5b2a75e..01085f1 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -293,3 +293,10 @@
"com.android.configinfrastructure-file_contexts",
],
}
+
+filegroup {
+ name: "com.android.biometrics.virtual.fingerprint-file_contexts",
+ srcs: [
+ "com.android.biometrics.virtual.fingerprint-file_contexts",
+ ],
+}
diff --git a/apex/com.android.biometrics.virtual.fingerprint-file_contexts b/apex/com.android.biometrics.virtual.fingerprint-file_contexts
new file mode 100644
index 0000000..940934b
--- /dev/null
+++ b/apex/com.android.biometrics.virtual.fingerprint-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.example u:object_r:virtual_fingerprint_exec:s0
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 9891388..0a6d270 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -47,6 +47,7 @@
"android.hardware.biometrics.face.IFace/virtual": EXCEPTION_NO_FUZZER,
"android.hardware.biometrics.fingerprint.IFingerprint/default": EXCEPTION_NO_FUZZER,
"android.hardware.biometrics.fingerprint.IFingerprint/virtual": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.fingerprint.virtualhal.IVirtualHal/virtual": EXCEPTION_NO_FUZZER,
"android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/default": EXCEPTION_NO_FUZZER,
"android.hardware.broadcastradio.IBroadcastRadio/amfm": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
"android.hardware.broadcastradio.IBroadcastRadio/dab": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 2b3adc0..9824324 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -16,4 +16,6 @@
supervision_service
sysfs_udc
app_function_service
+ virtual_fingerprint
+ virtual_fingerprint_exec
))
diff --git a/private/hal_fingerprint.te b/private/hal_fingerprint.te
index a1d68be..3295cc7 100644
--- a/private/hal_fingerprint.te
+++ b/private/hal_fingerprint.te
@@ -15,6 +15,6 @@
r_dir_file(hal_fingerprint, cgroup)
r_dir_file(hal_fingerprint, cgroup_v2)
-r_dir_file(hal_fingerprint, sysfs)
+r_dir_file({hal_fingerprint -coredomain}, sysfs)
diff --git a/private/service_contexts b/private/service_contexts
index 78d2c5a..28b9299 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -28,6 +28,7 @@
android.hardware.biometrics.face.IFace/virtual u:object_r:hal_face_service:s0
android.hardware.biometrics.fingerprint.IFingerprint/default u:object_r:hal_fingerprint_service:s0
android.hardware.biometrics.fingerprint.IFingerprint/virtual u:object_r:hal_fingerprint_service:s0
+android.hardware.biometrics.fingerprint.virtualhal.IVirtualHal/virtual u:object_r:hal_fingerprint_service:s0
android.hardware.bluetooth.IBluetoothHci/default u:object_r:hal_bluetooth_service:s0
android.hardware.bluetooth.finder.IBluetoothFinder/default u:object_r:hal_bluetooth_service:s0
is_flag_enabled(RELEASE_HARDWARE_BLUETOOTH_RANGING_SERVICE, `
diff --git a/private/virtual_fingerprint.te b/private/virtual_fingerprint.te
new file mode 100644
index 0000000..61bff28
--- /dev/null
+++ b/private/virtual_fingerprint.te
@@ -0,0 +1,7 @@
+# biometric virtual fingerprint sensor
+type virtual_fingerprint, domain;
+type virtual_fingerprint_exec, system_file_type, exec_type, file_type;
+hal_server_domain(virtual_fingerprint, hal_fingerprint)
+typeattribute virtual_fingerprint coredomain;
+init_daemon_domain(virtual_fingerprint)
+set_prop(virtual_fingerprint, virtual_fingerprint_hal_prop)
diff --git a/public/property.te b/public/property.te
index 47a1bde..4f1b369 100644
--- a/public/property.te
+++ b/public/property.te
@@ -276,7 +276,7 @@
vendor_internal_prop(virtual_face_hal_prop)
# Properties used in the default Fingerprint HAL implementations
-vendor_internal_prop(virtual_fingerprint_hal_prop)
+system_public_prop(virtual_fingerprint_hal_prop)
vendor_public_prop(persist_vendor_debug_wifi_prop)
diff --git a/vendor/file_contexts b/vendor/file_contexts
index edd1c71..cd03ae1 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -26,7 +26,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face-service\.example u:object_r:hal_face_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.2-service\.example u:object_r:hal_fingerprint_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.example u:object_r:hal_fingerprint_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.default u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-9]+-service u:object_r:hal_bootctl_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot-service.default u:object_r:hal_bootctl_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@\d+\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0