Define selinux properties for /dev/block/by-name/trusty_persist

Bug: 247013568 Test: - Verify that this change is a NOP for devices with TDP already created on top of the legacy f2fs partition /mnt/vendor/persist/ss - Verify that this change creates a valid symlink on a manually migrated block device Change-Id: I226f365c6afbb5fa91ec1c9c1943f8dddac8183a
2023-02-13 22:30:19 +00:00 · 2023-02-13 22:30:19 +00:00 · d27961dc1b
commit d27961dc1b
parent dc0b4fc9e9
4 changed files with 5 additions and 1 deletions
--- a/legacy/whitechapel_pro/file_contexts
+++ b/legacy/whitechapel_pro/file_contexts
@ -55,7 +55,6 @@

 # Persist
 /mnt/vendor/persist/sensors/registry(/.*)?                                  u:object_r:persist_sensor_reg_file:s0
-/mnt/vendor/persist/ss(/.*)?                                                u:object_r:persist_ss_file:s0
 /mnt/vendor/persist/uwb(/.*)?                                               u:object_r:persist_uwb_file:s0

 # Raw HID device
--- a/vendor/device.te
+++ b/vendor/device.te
@ -1,4 +1,5 @@
 type persist_block_device, dev_type;
+type tee_persist_block_device, dev_type;
 type custom_ab_block_device, dev_type;
 type devinfo_block_device, dev_type;
 type mfg_data_block_device, dev_type;
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@ -41,6 +41,7 @@
 /mnt/vendor/persist/camera(/.*)?                                            u:object_r:persist_camera_file:s0
 /mnt/vendor/persist/display(/.*)?                                           u:object_r:persist_display_file:s0
 /mnt/vendor/persist/battery(/.*)?                                           u:object_r:persist_battery_file:s0
+/mnt/vendor/persist/ss(/.*)?                                                u:object_r:persist_ss_file:s0

 # Devices
 /dev/bbd_pwrstat                                                            u:object_r:power_stats_device:s0
@ -72,6 +73,7 @@
 /dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab]                        u:object_r:custom_ab_block_device:s0
 /dev/block/platform/13200000\.ufs/by-name/super                             u:object_r:super_block_device:s0
 /dev/block/platform/13200000\.ufs/by-name/tzsw_[ab]                         u:object_r:custom_ab_block_device:s0
+/dev/block/platform/13200000\.ufs/by-name/trusty_persist                    u:object_r:tee_persist_block_device:s0
 /dev/block/platform/13200000\.ufs/by-name/userdata                          u:object_r:userdata_block_device:s0
 /dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab]                       u:object_r:custom_ab_block_device:s0
 /dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab]                u:object_r:custom_ab_block_device:s0
--- a/vendor/tee.te
+++ b/vendor/tee.te
@ -8,6 +8,8 @@ allow tee mnt_vendor_file:dir r_dir_perms;
 allow tee tee_data_file:dir rw_dir_perms;
 allow tee tee_data_file:lnk_file r_file_perms;
 allow tee sg_device:chr_file rw_file_perms;
+allow tee tee_persist_block_device:blk_file rw_file_perms;
+allow tee block_device:dir search;

 # Allow storageproxyd access to gsi_public_metadata_file
 read_fstab(tee)