| author | TreeHugger Robot <treehugger-gerrit@google.com> | 2019-10-09 07:38:45 (GMT) |
|---|---|---|
| committer | Android Partner Code Review <android-gerrit-partner@google.com> | 2019-10-09 07:38:45 (GMT) |
| commit | 5524715587def6047a20cf8554477be374d799fd (patch) | |
| tree | 9cab04eec6ae8ad933e2974b3e121553e4d17c57 | |
| parent | 1cd336c25fafc09b6d3900d0a804a97b68d8e862 (diff) | |
| parent | aa1b6638ccf799d93d76a00e13697b20e8f6180c (diff) | |
| download | common-5524715587def6047a20cf8554477be374d799fd.zip common-5524715587def6047a20cf8554477be374d799fd.tar.gz common-5524715587def6047a20cf8554477be374d799fd.tar.bz2 | |
Merge "sepolicy: add sepolicy for gsi [4/4]" into p-tv-dev
| -rw-r--r-- | sepolicy/ioctl_defines | 1 | ||||
| -rw-r--r--[-rwxr-xr-x] | sepolicy/tee.te | 5 |
2 files changed, 5 insertions, 1 deletions
diff --git a/sepolicy/ioctl_defines b/sepolicy/ioctl_defines new file mode 100644 index 0000000..94009a3 --- a/dev/null +++ b/sepolicy/ioctl_defines @@ -0,0 +1 @@ +define(`MMC_IOC_MULTI_CMD', `0xc048b301')
diff --git a/sepolicy/tee.te b/sepolicy/tee.te index 70c5d51..1ba53db 100755..100644 --- a/sepolicy/tee.te +++ b/sepolicy/tee.te @@ -5,8 +5,11 @@ allow tee sysfs_audio:file { write }; allow tee block_device:dir { open read search}; allow tee sda_block_device:blk_file { read open write ioctl }; allow tee drm_device:chr_file { read open write ioctl }; + +allowxperm tee sda_block_device:blk_file ioctl { MMC_IOC_CMD MMC_IOC_MULTI_CMD }; + allow tee tee_data_file:dir { add_name write create ioctl remove_name open read rmdir getattr search }; -allow tee tee_data_file:file { write create open unlink link read }; +allow tee tee_data_file:file { write create open unlink link read rename }; #allow tee system_data_file:dir { write search add_name create }; allow tee system_data_file:file read; |