From 74e0bf60c2ee04638054b65a8f9a2ff6f7429235 Mon Sep 17 00:00:00 2001 From: Donnie Pollitz Date: Tue, 28 Mar 2023 09:58:16 +0200 Subject: [PATCH] Allow bootctl to access trusty device Background: * Boot Control needs to be able to blow AR fuses, which requires access to the OTP port on trusty. Bug: 267714941 Test: AVC denial doesn't show up in log Change-Id: I5635f2358b379ae0ffe882ca9ee162a455f554f0 Signed-off-by: Donnie Pollitz --- vendor/hal_bootctl_default.te | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te index fe017f9d..2db46512 100644 --- a/vendor/hal_bootctl_default.te +++ b/vendor/hal_bootctl_default.te @@ -1,3 +1,4 @@ allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms; allow hal_bootctl_default sda_block_device:blk_file rw_file_perms; allow hal_bootctl_default sysfs_ota:file rw_file_perms; +allow hal_bootctl_default tee_device:chr_file rw_file_perms;