From 174dc137d1170d94d2b74750e1e4a9f3eaeeb131 Mon Sep 17 00:00:00 2001
From: Aayush Gupta <aayushgupta219@gmail.com>
Date: Mon, 28 Dec 2020 16:38:13 +0530
Subject: [PATCH] non_plat: Label /dev/tz_vfs and grant required perms to tee

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I6bb5d9e3f8f3047bfe8285f25b53adadb8b1c1ac
---
 non_plat/device.te     | 1 +
 non_plat/file_contexts | 1 +
 non_plat/tee.te        | 2 ++
 3 files changed, 4 insertions(+)

diff --git a/non_plat/device.te b/non_plat/device.te
index 5f955cf..6ebb70b 100644
--- a/non_plat/device.te
+++ b/non_plat/device.te
@@ -276,6 +276,7 @@ type dri_device, dev_type, mlstrustedobject;
 # TEE
 type teei_fp_device, dev_type;
 type teei_rpmb_device, dev_type;
+type teei_vfs_device, dev_type;
 
 # Keymaster
 type ut_keymaster_device, dev_type;
diff --git a/non_plat/file_contexts b/non_plat/file_contexts
index e0ccc1d..c832054 100644
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@@ -696,6 +696,7 @@
 /dev/teei_fp u:object_r:teei_fp_device:s0
 /dev/rpmb0 u:object_r:teei_rpmb_device:s0
 /dev/emmcrpmb0 u:object_r:teei_rpmb_device:s0
+/dev/tz_vfs u:object_r:teei_vfs_device:s0
 
 /(vendor|system\/vendor)/bin/teei_daemon u:object_r:tee_exec:s0
 /(vendor|system\/vendor)/bin/teei_loader u:object_r:tee_exec:s0
diff --git a/non_plat/tee.te b/non_plat/tee.te
index 754fda4..eb6e5c2 100644
--- a/non_plat/tee.te
+++ b/non_plat/tee.te
@@ -2,3 +2,5 @@ allow tee ut_keymaster_device:chr_file rw_file_perms;
 
 allow tee teei_rpmb_device:chr_file rw_file_perms;
 allow tee teei_rpmb_device:blk_file { read write ioctl open };
+
+allow tee teei_vfs_device:chr_file rw_file_perms;