From 91c2580bce945a23c308d257c23fb8c7ef0795ab Mon Sep 17 00:00:00 2001
From: Kevin Chyn <kchyn@google.com>
Date: Thu, 15 Nov 2018 15:28:07 -0800
Subject: [PATCH] Add placeholder iris and face policy for vold data directory

This is PS1 of aosp/828283 which was reverted. Using PS1 shouldn't cause
the same issue.

Test: vold is able to create directories, ag/5534962

Bug: 116528212
Change-Id: I84aca49a8dae0a087498120780dea0962aca04b3
---
 private/compat/28.0/28.0.ignore.cil | 2 ++
 private/file_contexts               | 6 ++++++
 private/vold_prepare_subdirs.te     | 4 ++++
 public/file.te                      | 4 ++++
 4 files changed, 16 insertions(+)

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index cf72e3795..fa7cd5874 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -23,6 +23,7 @@
     device_config_reset_performed_prop
     device_config_flags_health_check_prop
     face_service
+    face_vendor_data_file
     fastbootd
     flags_health_check
     flags_health_check_exec
@@ -41,6 +42,7 @@
     idmap_service
     intelligence_service
     iris_service
+    iris_vendor_data_file
     llkd
     llkd_exec
     llkd_prop
diff --git a/private/file_contexts b/private/file_contexts
index acd5df984..493d782fb 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -484,6 +484,12 @@
 # Fingerprint vendor data file
 /data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0
 
+# Face vendor data file
+/data/vendor_de/[0-9]+/facedata(/.*)? u:object_r:face_vendor_data_file:s0
+
+# Iris vendor data file
+/data/vendor_de/[0-9]+/irisdata(/.*)? u:object_r:iris_vendor_data_file:s0
+
 # Bootchart data
 /data/bootchart(/.*)?		u:object_r:bootchart_data_file:s0
 
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 0d062e991..e93e1e5cc 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -14,12 +14,16 @@ allow vold_prepare_subdirs {
   vendor_data_file
 }:dir { open read write add_name remove_name rmdir relabelfrom };
 allow vold_prepare_subdirs {
+    face_vendor_data_file
     fingerprint_vendor_data_file
+    iris_vendor_data_file
     storaged_data_file
     vold_data_file
 }:dir { create_dir_perms relabelto };
 allow vold_prepare_subdirs {
+    face_vendor_data_file
     fingerprint_vendor_data_file
+    iris_vendor_data_file
     storaged_data_file
     system_data_file
     vold_data_file
diff --git a/public/file.te b/public/file.te
index 3d0953732..cb0c5434a 100644
--- a/public/file.te
+++ b/public/file.te
@@ -358,6 +358,10 @@ type fingerprintd_data_file, file_type, data_file_type, core_data_file_type;
 type fingerprint_vendor_data_file, file_type, data_file_type;
 # Type for appfuse file.
 type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# Type for face template file
+type face_vendor_data_file, file_type, data_file_type;
+# Type for iris template file
+type iris_vendor_data_file, file_type, data_file_type;
 
 # Socket types
 type adbd_socket, file_type, coredomain_socket;
-- 
GitLab