Add placeholder iris and face policy for vold data directory

Test: vold is able to create directories, ag/5534962

Bug: 116528212

Change-Id: I61dd8802c13b1c42d334a80b678ca6a877848fc2

private/compat/28.0/28.0.cil

@@ -2,6 +2,7 @@
 (type audio_seq_device)
 (type audio_timer_device)
 (type commontime_management_service)
+(type fingerprint_vendor_data_file)
 (type full_device)
 (type i2c_device)
 (type kmem_device)
@@ -1073,7 +1074,7 @@
 (typeattributeset fingerprintd_service_28_0 (fingerprintd_service))
 (typeattributeset fingerprint_prop_28_0 (fingerprint_prop))
 (typeattributeset fingerprint_service_28_0 (fingerprint_service))
-(typeattributeset fingerprint_vendor_data_file_28_0 (fingerprint_vendor_data_file))
+(typeattributeset fingerprint_vendor_data_file_28_0 (biometric_vendor_data_file))
 (typeattributeset firstboot_prop_28_0 (firstboot_prop))
 (typeattributeset font_service_28_0 (font_service))
 (typeattributeset frp_block_device_28_0 (frp_block_device))

private/compat/28.0/28.0.ignore.cil

@@ -17,6 +17,7 @@
     apexd_prop
     apexd_tmpfs
     biometric_service
+    biometric_vendor_data_file
     device_config_boot_count_prop
     device_config_reset_performed_prop
     face_service

private/file_contexts

@@ -484,7 +484,13 @@
 /data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
 
 # Fingerprint vendor data file
-/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0
+/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:biometric_vendor_data_file:s0
+
+# Face vendor data file
+/data/vendor_de/[0-9]+/facedata(/.*)? u:object_r:biometric_vendor_data_file:s0
+
+# Iris vendor data file
+/data/vendor_de/[0-9]+/irisdata(/.*)? u:object_r:biometric_vendor_data_file:s0
 
 # Bootchart data
 /data/bootchart(/.*)?		u:object_r:bootchart_data_file:s0

private/vold_prepare_subdirs.te

@@ -14,12 +14,12 @@ allow vold_prepare_subdirs {
   vendor_data_file
 }:dir { open read write add_name remove_name rmdir relabelfrom };
 allow vold_prepare_subdirs {
-    fingerprint_vendor_data_file
+    biometric_vendor_data_file
     storaged_data_file
     vold_data_file
 }:dir { create_dir_perms relabelto };
 allow vold_prepare_subdirs {
-    fingerprint_vendor_data_file
+    biometric_vendor_data_file
     storaged_data_file
     system_data_file
     vold_data_file

public/file.te

@@ -352,8 +352,8 @@ type backup_data_file, file_type, data_file_type, core_data_file_type, mlstruste
 type bluetooth_efs_file, file_type;
 # Type for fingerprint template file
 type fingerprintd_data_file, file_type, data_file_type, core_data_file_type;
-# Type for _new_ fingerprint template file
-type fingerprint_vendor_data_file, file_type, data_file_type;
+# Type for biometric template file
+type biometric_vendor_data_file, file_type, data_file_type;
 # Type for appfuse file.
 type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 

public/hal_fingerprint.te

@@ -7,8 +7,8 @@ hal_attribute_hwservice(hal_fingerprint, hal_fingerprint_hwservice)
 # For memory allocation
 allow hal_fingerprint ion_device:chr_file r_file_perms;
 
-allow hal_fingerprint fingerprint_vendor_data_file:file { create_file_perms };
-allow hal_fingerprint fingerprint_vendor_data_file:dir rw_dir_perms;
+allow hal_fingerprint biometric_vendor_data_file:file { create_file_perms };
+allow hal_fingerprint biometric_vendor_data_file:dir rw_dir_perms;
 
 r_dir_file(hal_fingerprint, cgroup)
 r_dir_file(hal_fingerprint, sysfs)

public/tee.te

@@ -6,6 +6,6 @@ type tee, domain;
 # Device(s) for communicating with the TEE
 type tee_device, dev_type;
 
-allow tee fingerprint_vendor_data_file:dir rw_dir_perms;
-allow tee fingerprint_vendor_data_file:file create_file_perms;
+allow tee biometric_vendor_data_file:dir rw_dir_perms;
+allow tee biometric_vendor_data_file:file create_file_perms;