trusty: Fix selinux denials for block devices
Bug: 312894027 Test: Confirmed avc denial is gone on boot Change-Id: Iaa87cdef24214a2b6f6eba2af917c03bbbb4bfb5 Signed-off-by: Donnie Pollitz <donpollitz@google.com>
This commit is contained in:
Donnie Pollitz
parent
2dc63cb5cd
commit
662dc87e32
4 changed files with 4 additions and 5 deletions
1
legacy/zuma/vendor/tee.te
vendored
1
legacy/zuma/vendor/tee.te
vendored
|
|
@ -7,7 +7,6 @@ allow tee persist_file:dir r_dir_perms;
|
|||
allow tee mnt_vendor_file:dir r_dir_perms;
|
||||
allow tee tee_data_file:dir rw_dir_perms;
|
||||
allow tee tee_data_file:lnk_file r_file_perms;
|
||||
allow tee tee_persist_block_device:blk_file rw_file_perms;
|
||||
allow tee block_device:dir search;
|
||||
|
||||
# Allow storageproxyd access to gsi_public_metadata_file
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue