From c60e44c29e6375cdfc277842cc3dfe5a9fbf55e2 Mon Sep 17 00:00:00 2001
From: Wenhao Wang <wenhaowang@google.com>
Date: Tue, 13 Jul 2021 16:09:08 -0700
Subject: [PATCH] Add create perm for tee

The storageproxyd needs to create persist/ss from scratch.
So we add the create perm.

Bug: 193489307
Test: Trusty storage tests
Change-Id: Ida1c07acac26494ae6bba0392fb2da0425803608
---
 whitechapel/vendor/google/storageproxyd.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/whitechapel/vendor/google/storageproxyd.te b/whitechapel/vendor/google/storageproxyd.te
index d5d4dca9..f8c2692b 100644
--- a/whitechapel/vendor/google/storageproxyd.te
+++ b/whitechapel/vendor/google/storageproxyd.te
@@ -1,8 +1,8 @@
 type sg_device, dev_type;
 type persist_ss_file, file_type, vendor_persist_type;
 
-allow tee persist_ss_file:file rw_file_perms;
-allow tee persist_ss_file:dir r_dir_perms;
+allow tee persist_ss_file:file create_file_perms;
+allow tee persist_ss_file:dir create_dir_perms;
 allow tee persist_file:dir r_dir_perms;
 allow tee mnt_vendor_file:dir r_dir_perms;
 allow tee tee_data_file:lnk_file r_file_perms;