| author | TreeHugger Robot <treehugger-gerrit@google.com> | 2019-10-09 07:38:45 (GMT) |
|---|---|---|
| committer | Android Partner Code Review <android-gerrit-partner@google.com> | 2019-10-09 07:38:45 (GMT) |
| commit | af6a2a8d194ac5aac899103ffb64344c5e6f76d4 (patch) | |
| tree | aa94d11bae6b8e4db80a2205f3d52badb67c73a6 | |
| parent | a3740f11fdd91056f269c040a1280c410e0d724f (diff) | |
| parent | 8a9ac29d7e931f83db8b40b37a7b943df99fb188 (diff) | |
| download | common-af6a2a8d194ac5aac899103ffb64344c5e6f76d4.zip common-af6a2a8d194ac5aac899103ffb64344c5e6f76d4.tar.gz common-af6a2a8d194ac5aac899103ffb64344c5e6f76d4.tar.bz2 | |
Merge "atom sepolicy: add sepolicy for gsi [2/2]" into p-tv-dr-dev
| -rw-r--r-- | sepolicy/ioctl_defines | 1 | ||||
| -rw-r--r-- | sepolicy/tee.te | 5 |
2 files changed, 5 insertions, 1 deletions
diff --git a/sepolicy/ioctl_defines b/sepolicy/ioctl_defines new file mode 100644 index 0000000..94009a3 --- a/dev/null +++ b/sepolicy/ioctl_defines @@ -0,0 +1 @@ +define(`MMC_IOC_MULTI_CMD', `0xc048b301')
diff --git a/sepolicy/tee.te b/sepolicy/tee.te index 1a6775e..7e2082e 100644 --- a/sepolicy/tee.te +++ b/sepolicy/tee.te @@ -3,8 +3,11 @@ allow tee sysfs_xbmc:file { read open }; allow tee block_device:dir { open read search}; allow tee sda_block_device:blk_file { read open write ioctl }; allow tee drm_device:chr_file { read open write ioctl }; + +allowxperm tee sda_block_device:blk_file ioctl { MMC_IOC_CMD MMC_IOC_MULTI_CMD }; + allow tee tee_data_file:dir { add_name write create ioctl remove_name open read rmdir getattr search }; -allow tee tee_data_file:file { write create open unlink link read }; +allow tee tee_data_file:file { write create open unlink link read rename }; #allow tee system_data_file:dir { write search add_name create }; allow tee system_data_file:file read; |