ec6ba5806d
Bug: 312582937 Test: make selinux_policy Change-Id: I27a86d47777a6d769b93fc1c40ae27dacf83ab10 Signed-off-by: Randall Huang <huangrandall@google.com>
20 lines
673 B
Text
20 lines
673 B
Text
type persist_ss_file, file_type, vendor_persist_type;
|
|
|
|
# Handle wake locks
|
|
wakelock_use(tee)
|
|
|
|
allow tee persist_ss_file:file create_file_perms;
|
|
allow tee persist_ss_file:dir create_dir_perms;
|
|
allow tee persist_file:dir r_dir_perms;
|
|
allow tee mnt_vendor_file:dir r_dir_perms;
|
|
allow tee tee_data_file:dir create_dir_perms;
|
|
allow tee tee_data_file:lnk_file r_file_perms;
|
|
|
|
# Allow storageproxyd access to gsi_public_metadata_file
|
|
read_fstab(tee)
|
|
|
|
# storageproxyd starts before /data is mounted. It handles /data not being there
|
|
# gracefully. However, attempts to access /data trigger a denial.
|
|
dontaudit tee unlabeled:dir { search };
|
|
|
|
set_prop(tee, vendor_trusty_storage_prop)
|