| author | Mingyen Hung <mingyen.hung@amlogic.com> | 2019-10-02 07:15:57 (GMT) |
|---|---|---|
| committer | Liang Ji <liang.ji@amlogic.com> | 2019-10-14 07:23:24 (GMT) |
| commit | 9fe66bdfef602d9cb42639386a1f0b9f8773c15b (patch) | |
| tree | 38fca5ab94ba24daca7ce6fc3cea9e478363007d | |
| parent | 5524715587def6047a20cf8554477be374d799fd (diff) | |
| download | common-9fe66bdfef602d9cb42639386a1f0b9f8773c15b.zip common-9fe66bdfef602d9cb42639386a1f0b9f8773c15b.tar.gz common-9fe66bdfef602d9cb42639386a1f0b9f8773c15b.tar.bz2 | |
keymaster3: Port verified boot to P [2/2]
PD#SWPL-14654
Bug=141483018
Problem:
Permission denied when reading some
properties in keymaster HAL.
Solution:
1. Add some selinux rules to allow properties
read in keymaster HAL.
Verify:
1. Android P + Franklin
2. run modified
VtsHalKeymasterV3_0TargetTest attached in SWPL-14654
Change-Id: Iff3e1fa321ea93ceea2fc2c4cc95ca4af948c1e7
Signed-off-by: Mingyen Hung <mingyen.hung@amlogic.com>
| -rwxr-xr-x | sepolicy/hal_keymaster_default.te | 1 | ||||
| -rwxr-xr-x | sepolicy/property_contexts | 4 |
2 files changed, 5 insertions, 0 deletions
diff --git a/sepolicy/hal_keymaster_default.te b/sepolicy/hal_keymaster_default.te index 2428584..be067a4 100755 --- a/sepolicy/hal_keymaster_default.te +++ b/sepolicy/hal_keymaster_default.te @@ -1 +1,2 @@ allow hal_keymaster_default drm_device:chr_file { read open write ioctl }; +allow hal_keymaster_default exported2_default_prop:file { read getattr }; diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts index 90d4f83..197004d 100755 --- a/sepolicy/property_contexts +++ b/sepolicy/property_contexts @@ -28,3 +28,7 @@ ro.vendor.app u:object_r:vendor_app_prop:s0 atv. u:object_r:atv_prop:s0 ro.net.pppoe u:object_r:net_pppoe_prop:s0 persist.miracast.hdcp2 u:object_r:miracast_prop:s0 + +ro.boot.vbmeta.bootkey_hash u:object_r:exported2_default_prop:s0 +ro.boot.vbmeta.device_state u:object_r:exported2_default_prop:s0 +ro.boot.vbmeta.digest u:object_r:exported2_default_prop:s0 |