commit | ab07ab083b05bacc1f617bea87bfe064d8d0302f | [log] [tgz] |
---|---|---|
author | ThiƩbaud Weksteen <tweek@google.com> | Wed Nov 10 05:30:59 2021 +0000 |
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | Wed Nov 10 05:30:59 2021 +0000 |
tree | 9340b26e1ea5412617ab9514a1907edf3da592a2 | |
parent | 7e113d8961ecc24130125e0e62ceb3dff7eea924 [diff] | |
parent | 435c1e8e7d8acfc2c5cb4b9dc1f898b2fd00f21c [diff] |
Merge "Allow tee to access mnt_vendor_file" am: 435c1e8e7d Original change: https://android-review.googlesource.com/c/device/google/redbull-sepolicy/+/1884509 Change-Id: Id6c02d06d3f2e1e12e19a23c9dd4f99086caba7c
diff --git a/vendor/qcom/common/tee.te b/vendor/qcom/common/tee.te index 05a9c29..1aac029 100644 --- a/vendor/qcom/common/tee.te +++ b/vendor/qcom/common/tee.te
@@ -11,12 +11,15 @@ allow tee ssd_block_device:blk_file rw_file_perms; allow tee sg_device:chr_file { rw_file_perms setattr }; -allow tee mnt_vendor_file:dir search; -allow tee persist_file:dir search; +allow tee mnt_vendor_file:dir r_dir_perms; +allow tee persist_file:dir r_dir_perms; allow tee persist_file:lnk_file read; allow tee persist_drm_file:dir create_dir_perms; allow tee persist_drm_file:file create_file_perms; +# b/198130336 +dontaudit tee tmpfs:dir read; + wakelock_use(tee); hwbinder_use(tee)