author | Mingyen Hung <mingyen.hung@amlogic.com> | 2020-01-20 07:47:30 (GMT) |
---|---|---|
committer | liang ji <liang.ji@amlogic.com> | 2020-02-04 09:43:10 (GMT) |
commit | c30dfa8f69e7cd0677b89ecfeab8cfc88783b8b6 (patch) | |
tree | 8b7d8e3e7b8a27417fbe836017a237dc5d8e6142 | |
parent | 8f1afeccacd57e0c19f7e557e7bfaf765b789546 (diff) | |
download | common-c30dfa8f69e7cd0677b89ecfeab8cfc88783b8b6.zip common-c30dfa8f69e7cd0677b89ecfeab8cfc88783b8b6.tar.gz common-c30dfa8f69e7cd0677b89ecfeab8cfc88783b8b6.tar.bz2 |
sepolicy: allow more policies for fsync [1/1]
PD#SWPL-19942
BUG=147650876
Problem:
We need a way to synchronously write data to
secure storage through optee os
Solution:
1. We need to add rules to allow doing fsync()
in tee-supplicant
Verify:
Android Q + u212(franklin)
Change-Id: Ie75ec8f38596c7b1e6f37f405f9348a2fc513def
Signed-off-by: Mingyen Hung <mingyen.hung@amlogic.com>
-rwxr-xr-x | sepolicy/tee.te | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sepolicy/tee.te b/sepolicy/tee.te index 9fa445d..4560c4c 100755 --- a/sepolicy/tee.te +++ b/sepolicy/tee.te @@ -23,3 +23,7 @@ allow tee unlabeled:file { open read rename write }; allow tee hidraw_device:chr_file { create read open write ioctl }; allow tee vendor_file:file { read open getattr execute }; allow tee param_tv_file:dir { search }; +allow tee tee:tcp_socket { create bind listen accept }; +allow tee tee:capability { net_raw }; +allow tee port:tcp_socket { name_bind }; +allow tee node:tcp_socket { node_bind }; |