seandroid: allow QFP dameon access to Android services
Allow the QFP daemon to connect to a service exposed by the
Fingerprint Android service for access to Android functions
CRs-fixed: 1012634
Change-Id: I648a37e5c95564d522a9059f2fefa6a94bba162e
diff --git a/common/qfp-daemon.te b/common/qfp-daemon.te
index b154c54..d09c24c 100644
--- a/common/qfp-daemon.te
+++ b/common/qfp-daemon.te
@@ -43,6 +43,9 @@
# Access to tee_device
allow qfp-daemon tee_device:chr_file rw_file_perms;
+# Access QFP Android Proxy
+allow qfp-daemon qfp_proxy_service:service_manager find;
+
# Add IQfpService service
allow qfp-daemon iqfp_service:service_manager add;
diff --git a/common/service.te b/common/service.te
index 65b6222..9e5c96a 100644
--- a/common/service.te
+++ b/common/service.te
@@ -1,4 +1,5 @@
type iqfp_service, service_manager_type;
+type qfp_proxy_service, service_manager_type;
type atfwd_service, service_manager_type;
type per_mgr_service, service_manager_type;
type dpmservice, service_manager_type;
diff --git a/common/service_contexts b/common/service_contexts
index bce0192..86e1381 100644
--- a/common/service_contexts
+++ b/common/service_contexts
@@ -1,4 +1,5 @@
android.apps.IQfpService u:object_r:iqfp_service:s0
+android.apps.IQfpAndroidService u:object_r:qfp_proxy_service:s0
AtCmdFwd u:object_r:atfwd_service:s0
dpmservice u:object_r:dpmservice:s0
listen.service u:object_r:mediaserver_service:s0
diff --git a/common/system_app.te b/common/system_app.te
index f88097f..2de3fe8 100644
--- a/common/system_app.te
+++ b/common/system_app.te
@@ -16,6 +16,7 @@
# access to color service SDK
color_service
STAProxyService
+ qfp_proxy_service
}:service_manager add;
# access to perflock