provision: add tee_key_inject service [2/2]

BUG=138175872

Problem:
DRM key survive after reflash

Solution:
add tee_key_inject service, inject DRM keys
every time system boot up
sepolicy for tee_key_inject

Change-Id: If91afef1797ffc87b3d90f5f76add2a313e0c16d
Signed-off-by: Pengguang Zhu <pengguang.zhu@amlogic.com>

2 files changed, 2 insertions, 1 deletions

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index d3c34c6..b8c589d 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -266,6 +266,7 @@
 /vendor/bin/tee-supplicant    u:object_r:tee_exec:s0
 /vendor/bin/tee_hdcp          u:object_r:tee_exec:s0
 /vendor/bin/tee_preload_fw    u:object_r:firmload_exec:s0
+/vendor/bin/tee_key_inject    u:object_r:tee_exec:s0
 
 /vendor/bin/tvserver          u:object_r:tvserver_exec:s0
 #/vendor/bin/wlan_fwloader    u:object_r:wlan_fwloader_exec:s0
diff --git a/sepolicy/tee.te b/sepolicy/tee.te
index 8dfa6fa..70c5d51 100755
--- a/sepolicy/tee.te
+++ b/sepolicy/tee.te
@@ -11,7 +11,7 @@ allow tee tee_data_file:file { write create open unlink link read };
 allow tee system_data_file:file read;
 
 allow tee mnt_vendor_file:dir { add_name create remove_name write };
-allow tee mnt_vendor_file:file { create open read rename write unlink link };
+allow tee mnt_vendor_file:file { create open read rename write unlink link getattr };
 allow tee mnt_vendor_file:dir { search ioctl open read rmdir getattr };
 
 allow tee unlabeled:dir { add_name write remove_name };