non_plat: Label /dev/teei_config and allow tee rw permissions to it
Denials observed without this change:
7.811050] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:5): avc: denied { read write } for comm="teei_daemon" name="teei_config" dev="tmpfs" ino=3600 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
[ 7.813712] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:6): avc: denied { open } for comm="teei_daemon" path="/dev/teei_config" dev="tmpfs" ino=3600 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
[ 7.816434] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:6): avc: denied { open } for comm="teei_daemon" path="/dev/teei_config" dev="tmpfs" ino=3600 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
[ 7.819089] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:7): avc: denied { ioctl } for comm="teei_daemon" path="/dev/teei_config" dev="tmpfs" ino=3600 ioctlcmd=0x5403 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
Test: Boot and notice that denials no longer appears
Signed-off-by: 
Aayush Gupta <[email protected]>
Change-Id: Ia779816cbf9312b50a5f5101f7935f1a83b210f2
Loading
Please register or sign in to comment