Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

review tee

Browse source 
Bug: 198723116
Test: boot with tee started
Change-Id: Ib50698834d16887fa00bdbbaf81801f1067909ba
This commit is contained in:
Adam Shih 2021-09-03 13:21:08 +08:00
parent b05c0902ad
commit 98ebd6e7f1
5 changed files with 11 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

5
legacy/file_contexts
View file

@ -173,15 +173,10 @@
# Trusty # Trusty
/vendor/bin/securedpud.slider u:object_r:securedpud_slider_exec:s0 /vendor/bin/securedpud.slider u:object_r:securedpud_slider_exec:s0
/vendor/bin/storageproxyd u:object_r:tee_exec:s0
/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 /vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0
/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 /vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0
/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0
/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0
/dev/trusty-ipc-dev0 u:object_r:tee_device:s0
/data/vendor/ss(/.*)? u:object_r:tee_data_file:s0
/mnt/vendor/persist/ss(/.*)? u:object_r:tee_data_file:s0
/dev/sg1 u:object_r:sg_device:s0
/dev/trusty-log0 u:object_r:logbuffer_device:s0 /dev/trusty-log0 u:object_r:logbuffer_device:s0
# Battery # Battery

1
whitechapel_pro/device.te
View file

@ -2,3 +2,4 @@ type sda_block_device, dev_type, bdev_type;
type devinfo_block_device, dev_type, bdev_type; type devinfo_block_device, dev_type, bdev_type;
type modem_block_device, dev_type, bdev_type; type modem_block_device, dev_type, bdev_type;
type custom_ab_block_device, dev_type, bdev_type; type custom_ab_block_device, dev_type, bdev_type;
type sg_device, dev_type;

1
whitechapel_pro/file.te
View file

@ -24,6 +24,7 @@ allow modem_img_file self:filesystem associate;
# persist # persist
type persist_modem_file, file_type, vendor_persist_type; type persist_modem_file, file_type, vendor_persist_type;
type persist_ss_file, file_type, vendor_persist_type;
# CHRE # CHRE
type chre_socket, file_type; type chre_socket, file_type;

5
whitechapel_pro/file_contexts
View file

@ -12,11 +12,14 @@
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_gto_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_gto_exec:s0
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto-ese2 u:object_r:hal_secure_element_gto_ese2_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto-ese2 u:object_r:hal_secure_element_gto_ese2_exec:s0
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0
/vendor/bin/storageproxyd u:object_r:tee_exec:s0
# Vendor Firmwares # Vendor Firmwares
/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0
# Devices # Devices
/dev/trusty-ipc-dev0 u:object_r:tee_device:s0
/dev/sg1 u:object_r:sg_device:s0
/dev/st54spi u:object_r:secure_element_device:s0 /dev/st54spi u:object_r:secure_element_device:s0
/dev/st33spi u:object_r:secure_element_device:s0 /dev/st33spi u:object_r:secure_element_device:s0
/dev/ttyGS[0-3] u:object_r:serial_device:s0 /dev/ttyGS[0-3] u:object_r:serial_device:s0
@ -67,9 +70,11 @@
/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0 /data/vendor/log(/.*)? u:object_r:vendor_log_file:s0
/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0 /data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0
/data/vendor/rild(/.*)? u:object_r:rild_vendor_data_file:s0 /data/vendor/rild(/.*)? u:object_r:rild_vendor_data_file:s0
/data/vendor/ss(/.*)? u:object_r:tee_data_file:s0
# Persist # Persist
/mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0 /mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0
/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0
# Extra mount images # Extra mount images
/mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0 /mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0

8
legacy/storageproxyd.te → whitechapel_pro/tee.te
View file

@ -1,9 +1,9 @@
type sg_device, dev_type; # Handle wake locks
type persist_ss_file, file_type, vendor_persist_type; wakelock_use(tee)
allow tee persist_ss_file:dir r_dir_perms; allow tee persist_ss_file:file create_file_perms;
allow tee persist_ss_file:dir create_dir_perms;
allow tee persist_file:dir r_dir_perms; allow tee persist_file:dir r_dir_perms;
allow tee mnt_vendor_file:dir r_dir_perms; allow tee mnt_vendor_file:dir r_dir_perms;
allow tee tee_data_file:lnk_file r_file_perms; allow tee tee_data_file:lnk_file r_file_perms;
allow tee sg_device:chr_file rw_file_perms; allow tee sg_device:chr_file rw_file_perms;
allow tee self:capability { setgid setuid };