summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLior Barenboim <liorb@codeaurora.org>2016-05-06 11:11:52 -0700
committerSteve Kondik <steve@cyngn.com>2016-08-05 00:19:14 -0700
commit7e91768aa09fe0865518fbf342990c6e5acd4792 (patch)
tree739fe781ee9117f7c9798cf8a700866bb3b2f62e
parent6e709b27eea3432044c3e54743ba81321c262409 (diff)
downloadandroid_device_qcom_sepolicy-7e91768aa09fe0865518fbf342990c6e5acd4792.tar.gz
android_device_qcom_sepolicy-7e91768aa09fe0865518fbf342990c6e5acd4792.tar.bz2
android_device_qcom_sepolicy-7e91768aa09fe0865518fbf342990c6e5acd4792.zip
seandroid: allow QFP dameon access to Android services
Allow the QFP daemon to connect to a service exposed by the Fingerprint Android service for access to Android functions CRs-fixed: 1012634 Change-Id: I648a37e5c95564d522a9059f2fefa6a94bba162e
-rw-r--r--common/qfp-daemon.te3
-rw-r--r--common/service.te1
-rw-r--r--common/service_contexts1
-rw-r--r--common/system_app.te1
4 files changed, 6 insertions, 0 deletions
diff --git a/common/qfp-daemon.te b/common/qfp-daemon.te
index b154c54d..d09c24cc 100644
--- a/common/qfp-daemon.te
+++ b/common/qfp-daemon.te
@@ -43,6 +43,9 @@ allow qfp-daemon qfp-daemon_data_file:file create_file_perms;
# Access to tee_device
allow qfp-daemon tee_device:chr_file rw_file_perms;
+# Access QFP Android Proxy
+allow qfp-daemon qfp_proxy_service:service_manager find;
+
# Add IQfpService service
allow qfp-daemon iqfp_service:service_manager add;
diff --git a/common/service.te b/common/service.te
index 4120049b..e58a7bc4 100644
--- a/common/service.te
+++ b/common/service.te
@@ -1,4 +1,5 @@
type iqfp_service, service_manager_type;
+type qfp_proxy_service, service_manager_type;
type atfwd_service, service_manager_type;
type per_mgr_service, service_manager_type;
type dpmservice, service_manager_type;
diff --git a/common/service_contexts b/common/service_contexts
index 3e495ec8..eca822b1 100644
--- a/common/service_contexts
+++ b/common/service_contexts
@@ -1,4 +1,5 @@
android.apps.IQfpService u:object_r:iqfp_service:s0
+android.apps.IQfpAndroidService u:object_r:qfp_proxy_service:s0
AtCmdFwd u:object_r:atfwd_service:s0
dpmservice u:object_r:dpmservice:s0
listen.service u:object_r:mediaserver_service:s0
diff --git a/common/system_app.te b/common/system_app.te
index f8eef956..cc54c3be 100644
--- a/common/system_app.te
+++ b/common/system_app.te
@@ -16,6 +16,7 @@ allow system_app {
# access to color service SDK
color_service
STAProxyService
+ qfp_proxy_service
}:service_manager add;
# access to perflock