author | Xindong Xu <xindong.xu@amlogic.com> | 2019-09-06 08:37:22 (GMT) |
---|---|---|
committer | Bin Yang <bin.yang@amlogic.com> | 2019-09-06 10:01:17 (GMT) |
commit | aa1b6638ccf799d93d76a00e13697b20e8f6180c (patch) | |
tree | a286b9e7cfee66480b334f3ddcf085b85b103937 | |
parent | 65d737dae4ffac32669a13ac071a181cd2b49d90 (diff) | |
download | common-aa1b6638ccf799d93d76a00e13697b20e8f6180c.zip common-aa1b6638ccf799d93d76a00e13697b20e8f6180c.tar.gz common-aa1b6638ccf799d93d76a00e13697b20e8f6180c.tar.bz2 |
sepolicy: add sepolicy for gsi [4/4]
PD#SWPL-12897
Problem:
P update Q gsi for P has error,
sepolicy denied
Solution:
add sepolicy for gsi
Verify:
ampere franklin
Change-Id: I0d02ec46ad0ed274cd701b59aaad5da3f6fe5a20
-rw-r--r-- | sepolicy/ioctl_defines | 1 | ||||
-rw-r--r--[-rwxr-xr-x] | sepolicy/tee.te | 5 |
2 files changed, 5 insertions, 1 deletions
diff --git a/sepolicy/ioctl_defines b/sepolicy/ioctl_defines new file mode 100644 index 0000000..94009a3 --- a/dev/null +++ b/sepolicy/ioctl_defines @@ -0,0 +1 @@ +define(`MMC_IOC_MULTI_CMD', `0xc048b301')
diff --git a/sepolicy/tee.te b/sepolicy/tee.te index 70c5d51..1ba53db 100755..100644 --- a/sepolicy/tee.te +++ b/sepolicy/tee.te @@ -5,8 +5,11 @@ allow tee sysfs_audio:file { write }; allow tee block_device:dir { open read search}; allow tee sda_block_device:blk_file { read open write ioctl }; allow tee drm_device:chr_file { read open write ioctl }; + +allowxperm tee sda_block_device:blk_file ioctl { MMC_IOC_CMD MMC_IOC_MULTI_CMD }; + allow tee tee_data_file:dir { add_name write create ioctl remove_name open read rmdir getattr search }; -allow tee tee_data_file:file { write create open unlink link read }; +allow tee tee_data_file:file { write create open unlink link read rename }; #allow tee system_data_file:dir { write search add_name create }; allow tee system_data_file:file read; |