Skip to content
Snippets Groups Projects
  • Alex Klyubin's avatar
    f98650e4
    Switch Fingerprint HAL policy to _client/_server · f98650e4
    Alex Klyubin authored
    This switches Fingerprint HAL policy to the design which enables us to
    conditionally remove unnecessary rules from domains which are clients
    of Bluetooth HAL.
    
    Domains which are clients of Fingerprint HAL, such as system_server
    domain, are granted rules targeting hal_fingerprint only when the
    Fingerprint HAL runs in passthrough mode (i.e., inside the client's
    process). When the HAL runs in binderized mode (i.e., in another
    process/domain, with clients talking to the HAL over HwBinder IPC),
    rules targeting hal_fingerprint are not granted to client domains.
    
    Domains which offer a binderized implementation of Fingerprint HAL,
    such as hal_fingerprint_default domain, are always granted rules
    targeting hal_fingerprint.
    
    NOTE: This commit also removes unnecessary allow rules from
    Fingerprint HAL, such access to servicemanager (not hwservicemanager)
    and access to keystore daemon over Binder IPC. Fingerprint HAL does
    not use this functionality anyway and shouldn't use it either.
    
    Test: Enable fingerprint + PIN secure lock screen, confirm it unlocks
          with fingerprint or PIN
    Test: Disable PIN (and thus fingerprint) secure lock screen
    Test: make FingerprintDialog, install, make a fake purchase
    Test: Add fingerprint_hidl_hal_test to device.mk, build & add to device,
          adb shell stop,
          adb shell /data/nativetest64/fingerprint_hidl_hal_test/fingerprint_hidl_hal_test -- all tests pass
    Bug: 34170079
    
    Change-Id: I6951c0f0640194c743ff7049357c77f5f21b71a1
    f98650e4
    History
    Switch Fingerprint HAL policy to _client/_server
    Alex Klyubin authored
    This switches Fingerprint HAL policy to the design which enables us to
    conditionally remove unnecessary rules from domains which are clients
    of Bluetooth HAL.
    
    Domains which are clients of Fingerprint HAL, such as system_server
    domain, are granted rules targeting hal_fingerprint only when the
    Fingerprint HAL runs in passthrough mode (i.e., inside the client's
    process). When the HAL runs in binderized mode (i.e., in another
    process/domain, with clients talking to the HAL over HwBinder IPC),
    rules targeting hal_fingerprint are not granted to client domains.
    
    Domains which offer a binderized implementation of Fingerprint HAL,
    such as hal_fingerprint_default domain, are always granted rules
    targeting hal_fingerprint.
    
    NOTE: This commit also removes unnecessary allow rules from
    Fingerprint HAL, such access to servicemanager (not hwservicemanager)
    and access to keystore daemon over Binder IPC. Fingerprint HAL does
    not use this functionality anyway and shouldn't use it either.
    
    Test: Enable fingerprint + PIN secure lock screen, confirm it unlocks
          with fingerprint or PIN
    Test: Disable PIN (and thus fingerprint) secure lock screen
    Test: make FingerprintDialog, install, make a fake purchase
    Test: Add fingerprint_hidl_hal_test to device.mk, build & add to device,
          adb shell stop,
          adb shell /data/nativetest64/fingerprint_hidl_hal_test/fingerprint_hidl_hal_test -- all tests pass
    Bug: 34170079
    
    Change-Id: I6951c0f0640194c743ff7049357c77f5f21b71a1