From 14fcd5ffaff966d91b872144484fb81c60c9625d Mon Sep 17 00:00:00 2001
From: Jeffrey Carlyle <jcarlyle@google.com>
Date: Fri, 21 May 2021 07:54:41 -0700
Subject: [PATCH] allow recovery and fastboot to access secure elment

This is to enable clearing of secure element during a master reset.

Bug: 182508814
Test: master reset on device with keys; verified no keys after reset
Signed-off-by: Jeffrey Carlyle <jcarlyle@google.com>
Change-Id: I9bb569e09f8cd6f5640757bd0d10a14ef32946ff
---
 whitechapel/vendor/google/fastbootd.te | 1 +
 whitechapel/vendor/google/recovery.te  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/whitechapel/vendor/google/fastbootd.te b/whitechapel/vendor/google/fastbootd.te
index 32944aa1..f9d09d95 100644
--- a/whitechapel/vendor/google/fastbootd.te
+++ b/whitechapel/vendor/google/fastbootd.te
@@ -1,5 +1,6 @@
 # Required by the bootcontrol HAL for the 'set_active' command.
 recovery_only(`
+allow fastbootd secure_element_device:chr_file rw_file_perms;
 allow fastbootd devinfo_block_device:blk_file rw_file_perms;
 allow fastbootd sda_block_device:blk_file rw_file_perms;
 allow fastbootd sysfs_ota:file rw_file_perms;
diff --git a/whitechapel/vendor/google/recovery.te b/whitechapel/vendor/google/recovery.te
index 6eb97aa3..4687a43c 100644
--- a/whitechapel/vendor/google/recovery.te
+++ b/whitechapel/vendor/google/recovery.te
@@ -1,3 +1,4 @@
 recovery_only(`
   allow recovery sysfs_ota:file rw_file_perms;
+  allow recovery secure_element_device:chr_file rw_file_perms;
 ')