author | Pengguang Zhu <pengguang.zhu@amlogic.com> | 2019-08-08 05:41:59 (GMT) |
---|---|---|
committer | Pengguang Zhu <pengguang.zhu@amlogic.com> | 2019-08-08 06:28:45 (GMT) |
commit | c430a2bbffeac3d8df9347f8bf5c877704906f26 (patch) | |
tree | 04bd38d93a28e1ad87090cc2d62e9536d3085763 | |
parent | 740c3c5a10d231b8a3fbf04e36c97f01ba707f2e (diff) | |
download | common-c430a2bbffeac3d8df9347f8bf5c877704906f26.zip common-c430a2bbffeac3d8df9347f8bf5c877704906f26.tar.gz common-c430a2bbffeac3d8df9347f8bf5c877704906f26.tar.bz2 |
provision: add tee_key_inject service [2/2]
BUG=138175872
Problem:
DRM key survive after reflash
Solution:
add tee_key_inject service, inject DRM keys
every time system boot up
sepolicy for tee_key_inject
Change-Id: If91afef1797ffc87b3d90f5f76add2a313e0c16d
Signed-off-by: Pengguang Zhu <pengguang.zhu@amlogic.com>
-rw-r--r-- | sepolicy/file_contexts | 1 | ||||
-rwxr-xr-x | sepolicy/tee.te | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index d3c34c6..b8c589d 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -266,6 +266,7 @@ /vendor/bin/tee-supplicant u:object_r:tee_exec:s0 /vendor/bin/tee_hdcp u:object_r:tee_exec:s0 /vendor/bin/tee_preload_fw u:object_r:firmload_exec:s0 +/vendor/bin/tee_key_inject u:object_r:tee_exec:s0 /vendor/bin/tvserver u:object_r:tvserver_exec:s0 #/vendor/bin/wlan_fwloader u:object_r:wlan_fwloader_exec:s0 diff --git a/sepolicy/tee.te b/sepolicy/tee.te index 8dfa6fa..70c5d51 100755 --- a/sepolicy/tee.te +++ b/sepolicy/tee.te @@ -11,7 +11,7 @@ allow tee tee_data_file:file { write create open unlink link read }; allow tee system_data_file:file read; allow tee mnt_vendor_file:dir { add_name create remove_name write }; -allow tee mnt_vendor_file:file { create open read rename write unlink link }; +allow tee mnt_vendor_file:file { create open read rename write unlink link getattr }; allow tee mnt_vendor_file:dir { search ioctl open read rmdir getattr }; allow tee unlabeled:dir { add_name write remove_name }; |