427fabf934
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/20546072 Change-Id: I76fb4e52ef76a6d268043243f57f688eadcd4e00 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
22 lines
743 B
Text
22 lines
743 B
Text
type sg_device, dev_type;
|
|
type persist_ss_file, file_type, vendor_persist_type;
|
|
|
|
# Handle wake locks
|
|
wakelock_use(tee)
|
|
|
|
allow tee persist_ss_file:file create_file_perms;
|
|
allow tee persist_ss_file:dir create_dir_perms;
|
|
allow tee persist_file:dir r_dir_perms;
|
|
allow tee mnt_vendor_file:dir r_dir_perms;
|
|
allow tee tee_data_file:dir create_dir_perms;
|
|
allow tee tee_data_file:lnk_file r_file_perms;
|
|
allow tee sg_device:chr_file rw_file_perms;
|
|
|
|
# Allow storageproxyd access to gsi_public_metadata_file
|
|
read_fstab(tee)
|
|
|
|
# storageproxyd starts before /data is mounted. It handles /data not being there
|
|
# gracefully. However, attempts to access /data trigger a denial.
|
|
dontaudit tee unlabeled:dir { search };
|
|
|
|
set_prop(tee, vendor_trusty_storage_prop)
|