atom sepolicy: add sepolicy for gsi [2/2]

PD#SWPL-12897

Problem:
P update Q gsi for P has error,
sepolicy denied

Solution:
add sepolicy for gsi

Verify:
ampere

Change-Id: I0d02ec46ad0ed274cd701b59aaad5da3f6fe5a20

2 files changed, 5 insertions, 1 deletions

diff --git a/sepolicy/ioctl_defines b/sepolicy/ioctl_defines
new file mode 100644
index 0000000..94009a3
--- a/dev/null
+++ b/sepolicy/ioctl_defines
@@ -0,0 +1 @@
+define(`MMC_IOC_MULTI_CMD', `0xc048b301')

diff --git a/sepolicy/tee.te b/sepolicy/tee.te
index 1a6775e..7e2082e 100644
--- a/sepolicy/tee.te
+++ b/sepolicy/tee.te
@@ -3,8 +3,11 @@ allow tee sysfs_xbmc:file { read open };
 allow tee block_device:dir { open read search};
 allow tee sda_block_device:blk_file { read open write ioctl };
 allow tee drm_device:chr_file { read open write ioctl };
+
+allowxperm tee sda_block_device:blk_file ioctl { MMC_IOC_CMD MMC_IOC_MULTI_CMD };
+
 allow tee tee_data_file:dir { add_name write create ioctl remove_name open read rmdir getattr search };
-allow tee tee_data_file:file { write create open unlink link read };
+allow tee tee_data_file:file { write create open unlink link read rename };
 #allow tee system_data_file:dir { write search add_name create };
 allow tee system_data_file:file read;