vendor:sepolicy: Add hal_omni_fod domain
Change-Id: I76b76bda2c819faba1a95c92744bf3261f7bc9a0
diff --git a/sepolicy/private/hal_omni_fod.te b/sepolicy/private/hal_omni_fod.te
new file mode 100644
index 0000000..344f57e
--- /dev/null
+++ b/sepolicy/private/hal_omni_fod.te
@@ -0,0 +1,8 @@
+# HwBinder IPC from client to server
+binder_call(hal_omni_fod_client, hal_omni_fod_server)
+
+add_hwservice(hal_omni_fod_server, hal_omni_fod_hwservice)
+allow hal_omni_fod_client hal_omni_fod_hwservice:hwservice_manager find;
+
+# Allow binder communication with platform_app
+binder_call(hal_omni_fod, platform_app)
diff --git a/sepolicy/private/hwservice.te b/sepolicy/private/hwservice.te
new file mode 100644
index 0000000..056d58b
--- /dev/null
+++ b/sepolicy/private/hwservice.te
@@ -0,0 +1 @@
+type hal_omni_fod_hwservice, hwservice_manager_type;
diff --git a/sepolicy/private/hwservice_contexts b/sepolicy/private/hwservice_contexts
new file mode 100644
index 0000000..43192b7
--- /dev/null
+++ b/sepolicy/private/hwservice_contexts
@@ -0,0 +1,2 @@
+vendor.omni.biometrics.fingerprint.inscreen::IFingerprintInscreen u:object_r:hal_omni_fod_hwservice:s0
+
diff --git a/sepolicy/private/platform_app.te b/sepolicy/private/platform_app.te
index 7652ae9..4a18654 100644
--- a/sepolicy/private/platform_app.te
+++ b/sepolicy/private/platform_app.te
@@ -1 +1,4 @@
allow platform_app kernel:system syslog_read;
+
+# Allow FOD HAL service to be found
+hal_client_domain(platform_app, hal_omni_fod)
diff --git a/sepolicy/private/system_server.te b/sepolicy/private/system_server.te
new file mode 100644
index 0000000..51326e7
--- /dev/null
+++ b/sepolicy/private/system_server.te
@@ -0,0 +1 @@
+hal_client_domain(system_server, hal_omni_fod)
diff --git a/sepolicy/public/attributes b/sepolicy/public/attributes
new file mode 100644
index 0000000..3c736eb
--- /dev/null
+++ b/sepolicy/public/attributes
@@ -0,0 +1 @@
+hal_attribute(omni_fod)