a85558ea52
This makes sure that the remaining binder services for radio end up in plat_service_contexts. That in turn allows us to enforce that servicemanager will only serve services from plat_service_contexts on FULL_TREBLE devices. Bug: 36866029 Test: boot, verify radio services still work Change-Id: Ib67b3a03e5599484c5c4fb27a0f323a37dd51636 Signed-off-by: Isaac Chen <isaacchen@isaacchen.cn>
50 lines
1.5 KiB
Text
50 lines
1.5 KiB
Text
type gx_fpd, domain, binder_in_vendor_violators;
|
|
type gx_fpd_exec, exec_type, vendor_file_type, file_type;
|
|
|
|
# gx_fpd
|
|
init_daemon_domain(gx_fpd)
|
|
binder_use(gx_fpd)
|
|
|
|
# need to find KeyStore and add self
|
|
add_service(hal_fingerprint_default, gx_fpd)
|
|
|
|
# allow HAL module to read dir contents
|
|
allow gx_fpd gx_fpd_data_file:file create_file_perms;
|
|
|
|
# allow HAL module to read/write/unlink contents of this dir
|
|
allow gx_fpd gx_fpd_data_file:dir create_dir_perms;
|
|
|
|
# Need to add auth tokens to KeyStore
|
|
use_keystore(gx_fpd)
|
|
allow gx_fpd keystore:keystore_key { add_auth };
|
|
|
|
# For permissions checking
|
|
binder_call(gx_fpd, system_server);
|
|
allow gx_fpd permission_service:service_manager find;
|
|
|
|
#Allow access to goodix device
|
|
allow gx_fpd gx_fpd_device:chr_file rw_file_perms;
|
|
|
|
#Allow access to tee device
|
|
allow gx_fpd tee_device:chr_file rw_file_perms;
|
|
|
|
# Allow access to ion device
|
|
allow gx_fpd ion_device:chr_file rw_file_perms;
|
|
|
|
#allow create socket
|
|
allow gx_fpd self:socket create_socket_perms_no_ioctl;
|
|
allow gx_fpd self:{ netlink_socket netlink_generic_socket } create_socket_perms_no_ioctl;
|
|
|
|
#allow read/write property
|
|
set_prop(gx_fpd, system_prop)
|
|
|
|
allow gx_fpd gx_fpd_service:service_manager { add find };
|
|
|
|
allow gx_fpd fingerprintd:binder { transfer call };
|
|
allow gx_fpd fuse:dir search;
|
|
allow gx_fpd fuse:file { getattr open append };
|
|
allow gx_fpd self:capability dac_override;
|
|
allow gx_fpd storage_file:dir search;
|
|
allow gx_fpd storage_file:lnk_file read;
|
|
r_dir_file(gx_fpd, firmware_file)
|
|
allow gx_fpd tmpfs:dir search;
|