Revert "fingerprintd.te: neverallow fingerprint data file access"
Both angler and bullhead violate these SELinux rules.
Bullhead: tee has access to these files
Angler: system_server has read/write access to these files.
Fixes the following compile time error:
libsepol.report_failure: neverallow on line 32 of external/sepolicy/fingerprintd.te (or line 6704 of policy.conf) violated by allow tee fingerprintd_data_file:file { ioctl read write create setattr lock append rename open };
libsepol.check_assertions: 1 neverallow failures occurred
Error while expanding policy
out/host/linux-x86/bin/checkpolicy: loading policy configuration from out/target/product/bullhead/obj/ETC/sepolicy_intermediates/policy.conf
This reverts commit 604a8cae62
.
Change-Id: Iabb8f2e9de96f9082cd6a790d1af80cbc6a569b1
This commit is contained in:
parent
604a8cae62
commit
cf7ee8a8e5
@ -21,12 +21,3 @@ allow fingerprintd keystore:keystore_key { add_auth };
|
||||
# For permissions checking
|
||||
binder_call(fingerprintd, system_server);
|
||||
allow fingerprintd permission_service:service_manager find;
|
||||
|
||||
###
|
||||
### Neverallow rules
|
||||
###
|
||||
|
||||
# Protect fingerprint data files from access by anything other
|
||||
# than fingerprintd and init
|
||||
neverallow { domain -fingerprintd -init } fingerprintd_data_file:file
|
||||
{ append create link relabelfrom rename setattr write open read ioctl lock };
|
||||
|
Loading…
Reference in New Issue
Block a user