Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow TEE storageproxyd permissions needed for DSU handling

Browse source 
Allows the vendor TEE access to GSI metadata files (which are publicly
readable). Storageproxyd needs access to this metadata to determine if a
GSI image is currently booted. Also allows the TEE domain to make new
directories in its data path.

Includes the fixed directory creation permission change from
Ifcc3e5f82b68a506ff99469d2f3df6ab1440b42a.

Test: access /metadata/gsi/dsu/booted from storageproxyd
Bug: 203719297
Merged-In: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
Merged-In: Ifcc3e5f82b68a506ff99469d2f3df6ab1440b42a
Change-Id: I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b
(cherry picked from commit b69ac35ff0)
This commit is contained in:
Stephen Crane 2021-12-14 14:33:56 -08:00
parent ed2c8d78ae
commit b9beafc9fa
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
whitechapel/vendor/google/storageproxyd.te vendored
View file

@ -8,6 +8,10 @@ allow tee persist_ss_file:file create_file_perms;
allow tee persist_ss_file:dir create_dir_perms;
allow tee persist_file:dir r_dir_perms;
allow tee mnt_vendor_file:dir r_dir_perms;
allow tee tee_data_file:dir create_dir_perms;
allow tee tee_data_file:lnk_file r_file_perms;
allow tee sg_device:chr_file rw_file_perms;
allow tee self:capability { setgid setuid };
# Allow storageproxyd access to gsi_public_metadata_file
read_fstab(tee)