NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../non_plat/hal_fingerprint_default.te
Aayush Gupta a15f249346 non_plat: Label /dev/teei_fp and allow required perms to hal_fingerprint_default 
/dev/teei_fp is used by fingerprint to communicate with Microtrust TEE drivers to
store fingerprint data on the device. Label it and allow relevant source required
permissions.

Denial observed without this change:
[   17.672144] .(4)[397:logd.auditd]type=1400 audit(1608975801.860:326): avc: denied { ioctl } for comm="fingerprint@2.1" path="/dev/teei_fp" dev="tmpfs" ino=15742 ioctlcmd=0x5402 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1

Test: Boot and notice denials have disappeared

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I8a7445400be241e81f8bf21347967b85381ed3ec
2020-12-30 16:14:31 +05:30

2 lines
81 B
Plaintext
Raw Blame History

allow hal_fingerprint_default teei_fp_device:chr_file { read write open ioctl };
Reference in New Issue View Git Blame Copy Permalink