diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil index d590939d667906e51d7dd19b0a3bd33d8b86e2c4..2f5f1f5cda4a996785f981f0d48ce21b3de2745c 100644 --- a/private/compat/26.0/26.0.ignore.cil +++ b/private/compat/26.0/26.0.ignore.cil @@ -34,6 +34,7 @@ exported2_vold_prop exported3_default_prop exported3_system_prop + fingerprint_vendor_data_file fs_bpf hal_authsecret_hwservice hal_broadcastradio_hwservice diff --git a/private/file_contexts b/private/file_contexts index be644438f6f9187533e919ef0d80557a4c9bcfa1..f530c7b8ed4422ac71094eb42e149b9e23b7b8f1 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -417,6 +417,9 @@ # Fingerprint data /data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0 +# Fingerprint vendor data file +/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0 + # Bootchart data /data/bootchart(/.*)? u:object_r:bootchart_data_file:s0 diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te index 58e510ed8bfcc08ade800b78a50f4ffebaeac714..6acb2ced556b82c65d433ceaaae6c46654373968 100644 --- a/private/vold_prepare_subdirs.te +++ b/private/vold_prepare_subdirs.te @@ -13,3 +13,4 @@ allow vold_prepare_subdirs system_data_file:dir { open read write add_name remov allow vold_prepare_subdirs vold_data_file:dir { create open read write search getattr setattr remove_name rmdir }; allow vold_prepare_subdirs vold_data_file:file { getattr unlink }; allow vold_prepare_subdirs storaged_data_file:dir create_dir_perms; +allow vold_prepare_subdirs fingerprint_vendor_data_file:dir create_dir_perms; diff --git a/public/domain.te b/public/domain.te index 5879e26bb8118eb424ceb454c3a8595a7e023475..06ee37e7d1b633491b0eca50d596389147f0b084 100644 --- a/public/domain.te +++ b/public/domain.te @@ -768,6 +768,7 @@ full_treble_only(` -data_between_core_and_vendor_violators -init -vendor_init + -vold_prepare_subdirs } { data_file_type -core_data_file_type @@ -778,6 +779,7 @@ full_treble_only(` -data_between_core_and_vendor_violators -init -vendor_init + -vold_prepare_subdirs } { data_file_type -core_data_file_type diff --git a/public/file.te b/public/file.te index 6b64e023f799e098891a3489e8621a1640b2a28b..7ec4a463fe8e9079700f5a042d954b5cdf65d14d 100644 --- a/public/file.te +++ b/public/file.te @@ -295,6 +295,8 @@ type backup_data_file, file_type, data_file_type, core_data_file_type, mlstruste type bluetooth_efs_file, file_type; # Type for fingerprint template file type fingerprintd_data_file, file_type, data_file_type, core_data_file_type; +# Type for _new_ fingerprint template file +type fingerprint_vendor_data_file, file_type, data_file_type; # Type for appfuse file. type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te index 36de76191c0a38118a576784af64e9aaf5cb4424..ebe0b0c82a77f1a5a0c0b131f76b9a4ec20ffc47 100644 --- a/public/hal_fingerprint.te +++ b/public/hal_fingerprint.te @@ -8,5 +8,10 @@ allow hal_fingerprint_client hal_fingerprint_hwservice:hwservice_manager find; # For memory allocation allow hal_fingerprint ion_device:chr_file r_file_perms; +allow hal_fingerprint fingerprint_vendor_data_file:file { create_file_perms }; +allow hal_fingerprint fingerprint_vendor_data_file:dir rw_dir_perms; + r_dir_file(hal_fingerprint, cgroup) r_dir_file(hal_fingerprint, sysfs) + + diff --git a/public/tee.te b/public/tee.te index f023d5c239350e9fea693a0057f497a7b7f502ee..0f9b32dc9d4cb095f4ea361e39a52b09d0c01b29 100644 --- a/public/tee.te +++ b/public/tee.te @@ -5,3 +5,7 @@ type tee, domain; # Device(s) for communicating with the TEE type tee_device, dev_type; + +allow tee fingerprint_vendor_data_file:dir rw_dir_perms; +allow tee fingerprint_vendor_data_file:file create_file_perms; +