From 16440338de60ce66c879de384b8e1f69aaa16e4b Mon Sep 17 00:00:00 2001 From: Donnie Pollitz Date: Wed, 24 May 2023 16:44:07 +0200 Subject: [PATCH] Allow vendor_init to fix permissions of TEE data file Background: * vendor_init needs to be able to possibly fix ownership of tee_data_file Bug: 280325952 Test: Changed permissions and confirmed user transitions Change-Id: I2363f9ff695209bbf7b6661c8e9eb3b376b84ace Signed-off-by: Donnie Pollitz --- vendor/vendor_init.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index d12fd6e3..24ce7cce 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -11,6 +11,9 @@ allow vendor_init sg_device:chr_file r_file_perms; allow vendor_init bootdevice_sysdev:file create_file_perms; allow vendor_init modem_img_file:filesystem { getattr }; +# Allow for checking NSP permissions +allow vendor_init tee_data_file:lnk_file read; + userdebug_or_eng(` allow vendor_init vendor_init:lockdown { integrity }; ')