device_google_walleye/sepolicy/tee.te at 288ec289c53b699f05a228da7ae3ceb597006dc2 - device_google_walleye - EvolutionX mirror

Evolution-x-devices/device_google_walleye

mirror of https://github.com/Evolution-X-Devices/device_google_walleye synced 2026-02-01 07:33:36 +00:00

Files

Max Bires 6b49f17b55 Added sdd_block_device so tee could access what was a generic blk_file

tee was attempting to access an sdd device as per the following denial,
but access to generic block devices can't be granted due to a neverallow
rule. The device was granted its own type and tee was granted the
appropriate allow rules

avc: denied { getattr read write } for pid=790 comm="qseecomd"
name="sdd2" dev="tmpfs" ino=18294 scontext=u:r:tee:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file

Bug: 34784662
Test: The above denials are no longer present
Change-Id: Idebb7c7aa5c2001f643f4d617eaa3ee8cab8ad28

2017-02-10 13:33:11 -08:00

8 lines

261 B

Plaintext

Raw Blame History

 allow tee self:capability { chown setgid setuid sys_admin sys_rawio };
 allow tee device:dir r_dir_perms;
 allow tee block_device:dir { getattr search };
 allow tee sdd_block_device:blk_file rw_file_perms;
 allow tee sg_device:chr_file { rw_file_perms setattr };