non_plat: Label /dev/tz_vfs and grant required perms to tee

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com> Change-Id: I6bb5d9e3f8f3047bfe8285f25b53adadb8b1c1ac
2020-12-28 16:38:13 +05:30 · 2020-12-28 16:38:13 +05:30 · 174dc137d1
commit 174dc137d1
parent acd62758d9
3 changed files with 4 additions and 0 deletions
--- a/non_plat/device.te
+++ b/non_plat/device.te
@ -276,6 +276,7 @@ type dri_device, dev_type, mlstrustedobject;
 # TEE
 type teei_fp_device, dev_type;
 type teei_rpmb_device, dev_type;
+type teei_vfs_device, dev_type;

 # Keymaster
 type ut_keymaster_device, dev_type;
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@ -696,6 +696,7 @@
 /dev/teei_fp u:object_r:teei_fp_device:s0
 /dev/rpmb0 u:object_r:teei_rpmb_device:s0
 /dev/emmcrpmb0 u:object_r:teei_rpmb_device:s0
+/dev/tz_vfs u:object_r:teei_vfs_device:s0

 /(vendor|system\/vendor)/bin/teei_daemon u:object_r:tee_exec:s0
 /(vendor|system\/vendor)/bin/teei_loader u:object_r:tee_exec:s0
--- a/non_plat/tee.te
+++ b/non_plat/tee.te
@ -2,3 +2,5 @@ allow tee ut_keymaster_device:chr_file rw_file_perms;

 allow tee teei_rpmb_device:chr_file rw_file_perms;
 allow tee teei_rpmb_device:blk_file { read write ioctl open };
+
+allow tee teei_vfs_device:chr_file rw_file_perms;