NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,154 Commits 2 Branches 0 Tags
Commit Graph

4 Commits

Author SHA1 Message Date
Aayush Gupta
22380a4614 non_plat: Label /dev/tee* and grant required perms to domains 
/dev/tee* are accessed by domains that interact with TEE and thus
require access to them too.

Test: Boot and observe that denials are not visible in logs anymore

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I7b0944a1063da8561d2928e4110674ce4845ecea
 2020-12-30 17:00:34 +05:30
Aayush Gupta
5c601a9ada non_plat: Label /dev/ut_keymaster and allow relevant permissions to sources 
/dev/ut_keymaster is used by keymaster. Label it and allow relevant permissions
which domains using it (vold, tee and keymaster) requires.

Denial observed without this change:
[   46.666247] .(2)[399:logd.auditd]type=1400 audit(1609128921.744:392): avc: denied { ioctl } for comm="keymaster@3.0-s" path="/dev/ut_keymaster" dev="tmpfs" ino=17464 ioctlcmd=0x5402 scontext=u:r:hal_keymaster_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1

Test: Boot and notice that denial no longer appears

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: Iee0126d637a139397db8857d8a780277c3ea4576
 2020-12-30 16:14:46 +05:30
Vink Shen
6cc1bc6e08 [ALPS03852714] Trustonic TEE: fix sepolicy for persistent partition 
Add sepolicy rule to access persistent partition

MTK-Commit-Id: 526949cb99c2297d01f156ffb6ed6946deff348a

Change-Id: Ic9143dc14bbbac7db410f8450c34df54609d01dd
CR-Id: ALPS03852714
Feature: Trustonic TEE (Trusted Execution Environment)
 2020-01-18 10:05:10 +08:00
Chunyan Zhang
37e0caa36e import from mediatek/master to mediatek/alps-mp-o1.mp1 
Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79
MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee
 2020-01-18 09:29:32 +08:00