diff options
| author | Sebastiano Barezzi <barezzisebastiano@gmail.com> | 2022-06-26 22:21:46 +0200 |
|---|---|---|
| committer | drishal <drishalballaney@gmail.com> | 2022-06-27 11:00:33 +0530 |
| commit | 13147a4ec8378ce20f526885dbb787b265b8178c (patch) | |
| tree | e6d2534e66334a97669d278fa0c16604d4df3125 | |
| parent | 4ce2aafcc926ec9c81cfb0e98cece1ee0b7598ba (diff) | |
sm8250-common: sepolicy: Label fingerprint props as restricted vendor
* System only reads them, but never sets them
* Rename to vendor_fingerprint_prop while at it
Change-Id: Id980731ec53338c5c5a07b81f10a283c428d17aa
| -rw-r--r-- | sepolicy/public/property.te | 1 | ||||
| -rw-r--r-- | sepolicy/vendor/app.te | 2 | ||||
| -rw-r--r-- | sepolicy/vendor/hal_fingerprint_default.te | 4 | ||||
| -rw-r--r-- | sepolicy/vendor/hal_mlipay_default.te | 2 | ||||
| -rw-r--r-- | sepolicy/vendor/property.te | 2 | ||||
| -rw-r--r-- | sepolicy/vendor/property_contexts | 14 |
6 files changed, 13 insertions, 12 deletions
diff --git a/sepolicy/public/property.te b/sepolicy/public/property.te deleted file mode 100644 index 972ecde..0000000 --- a/sepolicy/public/property.te +++ /dev/null @@ -1 +0,0 @@ -vendor_public_prop(vendor_fp_prop); diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te index 8f27966..7cf5cde 100644 --- a/sepolicy/vendor/app.te +++ b/sepolicy/vendor/app.te @@ -2,5 +2,5 @@ allow { appdomain -isolated_app } adsprpcd_file:dir r_dir_perms; allow { appdomain -isolated_app } public_adsprpcd_file:file r_file_perms; allow { appdomain -isolated_app } vendor_xdsp_device:chr_file r_file_perms; -get_prop({ appdomain -isolated_app }, vendor_fp_prop) +get_prop({ appdomain -isolated_app }, vendor_fingerprint_prop) get_prop({ appdomain -isolated_app }, vendor_tee_listener_prop) diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te index c60842a..b700fd8 100644 --- a/sepolicy/vendor/hal_fingerprint_default.te +++ b/sepolicy/vendor/hal_fingerprint_default.te @@ -24,9 +24,9 @@ allow hal_fingerprint_default { r_dir_file(hal_fingerprint_default, firmware_file) -get_prop(system_server, vendor_fp_prop); +get_prop(system_server, vendor_fingerprint_prop); -set_prop(hal_fingerprint_default, vendor_fp_prop) +set_prop(hal_fingerprint_default, vendor_fingerprint_prop) allow hal_fingerprint_default vendor_sysfs_spss:dir { search }; allow hal_fingerprint_default vendor_sysfs_spss:file { open read }; diff --git a/sepolicy/vendor/hal_mlipay_default.te b/sepolicy/vendor/hal_mlipay_default.te index 95a92d4..c5894e6 100644 --- a/sepolicy/vendor/hal_mlipay_default.te +++ b/sepolicy/vendor/hal_mlipay_default.te @@ -12,5 +12,5 @@ allow hal_mlipay_default { r_dir_file(hal_mlipay_default, firmware_file) -get_prop(hal_mlipay_default, vendor_fp_prop) +get_prop(hal_mlipay_default, vendor_fingerprint_prop) set_prop(hal_mlipay_default, vendor_tee_listener_prop) diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te index 798f767..40f7617 100644 --- a/sepolicy/vendor/property.te +++ b/sepolicy/vendor/property.te @@ -6,6 +6,8 @@ vendor_internal_prop(vendor_device_prop); vendor_internal_prop(vendor_deviceid_prop); +vendor_restricted_prop(vendor_fingerprint_prop); + vendor_internal_prop(vendor_fod_prop); vendor_internal_prop(vendor_motor_prop); diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts index 1b2c70e..1652657 100644 --- a/sepolicy/vendor/property_contexts +++ b/sepolicy/vendor/property_contexts @@ -20,13 +20,13 @@ persist.vendor.video.dfps.level u:object_r:vendor_display_prop:s persist.vendor.power.dfps.level u:object_r:vendor_display_prop:s0 # Fingerprint -gf.debug. u:object_r:vendor_fp_prop:s0 -persist.vendor.fpc. u:object_r:vendor_fp_prop:s0 -persist.vendor.sys.fp. u:object_r:vendor_fp_prop:s0 -persist.sys.fp. u:object_r:vendor_fp_prop:s0 -ro.hardware.fp u:object_r:vendor_fp_prop:s0 -vendor.fps_hal. u:object_r:vendor_fp_prop:s0 -ro.boot.fpsensor u:object_r:vendor_fp_prop:s0 +gf.debug. u:object_r:vendor_fingerprint_prop:s0 +persist.vendor.fpc. u:object_r:vendor_fingerprint_prop:s0 +persist.vendor.sys.fp. u:object_r:vendor_fingerprint_prop:s0 +persist.sys.fp. u:object_r:vendor_fingerprint_prop:s0 +ro.hardware.fp u:object_r:vendor_fingerprint_prop:s0 +vendor.fps_hal. u:object_r:vendor_fingerprint_prop:s0 +ro.boot.fpsensor u:object_r:vendor_fingerprint_prop:s0 # FOD vendor.lineage.fod. u:object_r:vendor_fod_prop:s0 |