From 9ac870aa22fa5b774072212f7a0fd8bafd9a25a3 Mon Sep 17 00:00:00 2001
From: Jeffrey Carlyle <jcarlyle@google.com>
Date: Fri, 21 May 2021 07:54:41 -0700
Subject: [PATCH] allow recovery and fastboot to access secure elment

This is to enable clearing of secure element during a master reset.

Bug: 182508814
Test: master reset on device with keys; verified no keys after reset
Signed-off-by: Jeffrey Carlyle <jcarlyle@google.com>
Change-Id: I15c7fbd7f2c4fb34dcad0ae4f5cee3238f526fa5
---
 whitechapel/vendor/google/fastbootd.te | 1 +
 whitechapel/vendor/google/recovery.te  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/whitechapel/vendor/google/fastbootd.te b/whitechapel/vendor/google/fastbootd.te
index c1c4de7b..6b663dfb 100644
--- a/whitechapel/vendor/google/fastbootd.te
+++ b/whitechapel/vendor/google/fastbootd.te
@@ -1,5 +1,6 @@
 # Required by the bootcontrol HAL for the 'set_active' command.
 recovery_only(`
+allow fastbootd secure_element_device:chr_file rw_file_perms;
 allow fastbootd devinfo_block_device:blk_file rw_file_perms;
 allow fastbootd sda_block_device:blk_file rw_file_perms;
 allow fastbootd sysfs_ota:file rw_file_perms;
diff --git a/whitechapel/vendor/google/recovery.te b/whitechapel/vendor/google/recovery.te
index 6eb97aa3..4687a43c 100644
--- a/whitechapel/vendor/google/recovery.te
+++ b/whitechapel/vendor/google/recovery.te
@@ -1,3 +1,4 @@
 recovery_only(`
   allow recovery sysfs_ota:file rw_file_perms;
+  allow recovery secure_element_device:chr_file rw_file_perms;
 ')