Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

trusty: Fix selinux denials for block devices

Browse source 
Bug: 312894027
Test: Confirmed avc denial is gone on boot
Change-Id: Iaa87cdef24214a2b6f6eba2af917c03bbbb4bfb5
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
This commit is contained in:
Donnie Pollitz 2023-11-27 11:55:00 +01:00
parent 2dc63cb5cd
commit 662dc87e32
4 changed files with 4 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
legacy/zuma/vendor/tee.te vendored
View file

@ -7,7 +7,6 @@ allow tee persist_file:dir r_dir_perms;
allow tee mnt_vendor_file:dir r_dir_perms;
allow tee tee_data_file:dir rw_dir_perms;
allow tee tee_data_file:lnk_file r_file_perms;
allow tee tee_persist_block_device:blk_file rw_file_perms;
allow tee block_device:dir search;
# Allow storageproxyd access to gsi_public_metadata_file

2
tracking_denials/tee.te
View file

@ -1,2 +0,0 @@
# b/312894027
dontaudit tee tee_userdata_block_device:blk_file { read write };

2
vendor/device.te vendored
View file

@ -1 +1,3 @@
type lwis_device, dev_type;
type tee_persist_block_device, dev_type;
type tee_userdata_block_device, dev_type;

4
vendor/tee.te vendored
View file

@ -1,2 +1,2 @@
type tee_persist_block_device, dev_type;
type tee_userdata_block_device, dev_type;
allow tee tee_persist_block_device:blk_file rw_file_perms;
allow tee tee_userdata_block_device:blk_file rw_file_perms;