mirror of
https://github.com/Evolution-X-Devices/device_google_walleye
synced 2026-02-01 07:33:36 +00:00
6b49f17b55
tee was attempting to access an sdd device as per the following denial,
but access to generic block devices can't be granted due to a neverallow
rule. The device was granted its own type and tee was granted the
appropriate allow rules
avc: denied { getattr read write } for pid=790 comm="qseecomd"
name="sdd2" dev="tmpfs" ino=18294 scontext=u:r:tee:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file
Bug: 34784662
Test: The above denials are no longer present
Change-Id: Idebb7c7aa5c2001f643f4d617eaa3ee8cab8ad28
8 lines
261 B
Plaintext
8 lines
261 B
Plaintext
allow tee self:capability { chown setgid setuid sys_admin sys_rawio };
|
|
|
|
allow tee device:dir r_dir_perms;
|
|
|
|
allow tee block_device:dir { getattr search };
|
|
allow tee sdd_block_device:blk_file rw_file_perms;
|
|
allow tee sg_device:chr_file { rw_file_perms setattr };
|