From dc0cdc36f371d9e938d2c2b59f4bb9cd5004b8ef Mon Sep 17 00:00:00 2001 From: Wenhao Wang Date: Tue, 15 Jun 2021 17:24:01 -0700 Subject: [PATCH] Use label persist_ss_file The label "persist_ss_file" was created for "/mnt/vendor/persist/ss(/.*)?". But we erroneously didn't assign the label to the path. This patch fixes the error. Bug: 173971240 Bug: 173032298 Test: Trusty storage tests Change-Id: I8e891ebd90ae47ab8a4aad1c2b0a3bbb734174d8 --- whitechapel/vendor/google/file_contexts | 2 +- whitechapel/vendor/google/storageproxyd.te | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts index 1f06bee4..ec4e5de6 100644 --- a/whitechapel/vendor/google/file_contexts +++ b/whitechapel/vendor/google/file_contexts @@ -335,7 +335,7 @@ /vendor/bin/hw/android\.hardware\.confirmationui@1\.0-service\.trusty\.vendor u:object_r:hal_confirmationui_default_exec:s0 /dev/trusty-ipc-dev0 u:object_r:tee_device:s0 /data/vendor/ss(/.*)? u:object_r:tee_data_file:s0 -/mnt/vendor/persist/ss(/.*)? u:object_r:tee_data_file:s0 +/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 /dev/sg1 u:object_r:sg_device:s0 /dev/trusty-log0 u:object_r:logbuffer_device:s0 diff --git a/whitechapel/vendor/google/storageproxyd.te b/whitechapel/vendor/google/storageproxyd.te index 315300c2..d5d4dca9 100644 --- a/whitechapel/vendor/google/storageproxyd.te +++ b/whitechapel/vendor/google/storageproxyd.te @@ -1,6 +1,7 @@ type sg_device, dev_type; type persist_ss_file, file_type, vendor_persist_type; +allow tee persist_ss_file:file rw_file_perms; allow tee persist_ss_file:dir r_dir_perms; allow tee persist_file:dir r_dir_perms; allow tee mnt_vendor_file:dir r_dir_perms;