From 75ec1c947070e1e016b389103718e8a7760da271 Mon Sep 17 00:00:00 2001
From: Armelle Laine <armellel@google.com>
Date: Mon, 13 Feb 2023 22:30:19 +0000
Subject: [PATCH] Define selinux properties for
 /dev/block/by-name/trusty_persist

Bug: 247013568
Test: - Verify that this change is a NOP for devices with TDP already
        created on top of the legacy f2fs partition /mnt/vendor/persist/ss
      - Verify that this change creates a valid symlink on a manually
        migrated block device
Change-Id: I226f365c6afbb5fa91ec1c9c1943f8dddac8183a
---
 legacy/whitechapel_pro/file_contexts | 1 -
 vendor/device.te                     | 1 +
 vendor/file_contexts                 | 2 ++
 vendor/tee.te                        | 2 ++
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts
index dfaeeb9e..572028ce 100644
--- a/legacy/whitechapel_pro/file_contexts
+++ b/legacy/whitechapel_pro/file_contexts
@@ -56,7 +56,6 @@
 
 # Persist
 /mnt/vendor/persist/sensors/registry(/.*)?                                  u:object_r:persist_sensor_reg_file:s0
-/mnt/vendor/persist/ss(/.*)?                                                u:object_r:persist_ss_file:s0
 /mnt/vendor/persist/uwb(/.*)?                                               u:object_r:persist_uwb_file:s0
 
 # Raw HID device
diff --git a/vendor/device.te b/vendor/device.te
index 0ad7eb70..8d55496f 100644
--- a/vendor/device.te
+++ b/vendor/device.te
@@ -1,4 +1,5 @@
 type persist_block_device, dev_type;
+type tee_persist_block_device, dev_type;
 type custom_ab_block_device, dev_type;
 type devinfo_block_device, dev_type;
 type mfg_data_block_device, dev_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index da7a215c..7dc3ea08 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -40,6 +40,7 @@
 /mnt/vendor/persist/camera(/.*)?                                            u:object_r:persist_camera_file:s0
 /mnt/vendor/persist/display(/.*)?                                           u:object_r:persist_display_file:s0
 /mnt/vendor/persist/battery(/.*)?                                           u:object_r:persist_battery_file:s0
+/mnt/vendor/persist/ss(/.*)?                                                u:object_r:persist_ss_file:s0
 
 # Devices
 /dev/bbd_pwrstat                                                            u:object_r:power_stats_device:s0
@@ -71,6 +72,7 @@
 /dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab]                        u:object_r:custom_ab_block_device:s0
 /dev/block/platform/13200000\.ufs/by-name/super                             u:object_r:super_block_device:s0
 /dev/block/platform/13200000\.ufs/by-name/tzsw_[ab]                         u:object_r:custom_ab_block_device:s0
+/dev/block/platform/13200000\.ufs/by-name/trusty_persist                    u:object_r:tee_persist_block_device:s0
 /dev/block/platform/13200000\.ufs/by-name/userdata                          u:object_r:userdata_block_device:s0
 /dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab]                       u:object_r:custom_ab_block_device:s0
 /dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab]                u:object_r:custom_ab_block_device:s0
diff --git a/vendor/tee.te b/vendor/tee.te
index 256fb384..67509b80 100644
--- a/vendor/tee.te
+++ b/vendor/tee.te
@@ -8,6 +8,8 @@ allow tee mnt_vendor_file:dir r_dir_perms;
 allow tee tee_data_file:dir rw_dir_perms;
 allow tee tee_data_file:lnk_file r_file_perms;
 allow tee sg_device:chr_file rw_file_perms;
+allow tee tee_persist_block_device:blk_file rw_file_perms;
+allow tee block_device:dir search;
 
 # Allow storageproxyd access to gsi_public_metadata_file
 read_fstab(tee)