diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te index 6a00d07..2dc5e24 100644 --- a/sepolicy/vendor/file.te +++ b/sepolicy/vendor/file.te @@ -2,7 +2,7 @@ type audio_socket, file_type; type camera_persist_file, file_type, vendor_persist_type; -type fingerprint_data_file, data_file_type, file_type, vendor_persist_type; +type fingerprint_data_file, data_file_type, core_data_file_type, file_type; type persist_subsys_file, vendor_persist_type, file_type; diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index c7b1d08..e382555 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -14,8 +14,8 @@ /dev/goodix_fp u:object_r:fingerprint_device:s0 # Fingerprint - data -/data/vendor/goodix(/.*)? u:object_r:fingerprint_data_file:s0 -/data/vendor/fpc(/.*)? u:object_r:fingerprint_data_file:s0 +/data/vendor/goodix(/.*)? u:object_r:fingerprint_vendor_data_file:s0 +/data/vendor/fpc(/.*)? u:object_r:fingerprint_vendor_data_file:s0 # Hexagon DSP-side executable needed for Halide operation # This is labeled as public_adsprpcd_file as it needs to be read by apps diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te index fe2e71e..5b62226 100644 --- a/sepolicy/vendor/hal_fingerprint_default.te +++ b/sepolicy/vendor/hal_fingerprint_default.te @@ -1,3 +1,5 @@ +typeattribute hal_fingerprint_default data_between_core_and_vendor_violators; + allow hal_fingerprint_default fingerprint_data_file:dir rw_dir_perms; allow hal_fingerprint_default fingerprint_data_file:file create_file_perms; diff --git a/sepolicy/vendor/tee.te b/sepolicy/vendor/tee.te index 0787229..fcb5b52 100644 --- a/sepolicy/vendor/tee.te +++ b/sepolicy/vendor/tee.te @@ -1,3 +1,5 @@ +typeattribute tee data_between_core_and_vendor_violators; + allow tee fingerprint_data_file:dir create_dir_perms; allow tee { fingerprint_data_file