22380a4614
/dev/tee* are accessed by domains that interact with TEE and thus require access to them too. Test: Boot and observe that denials are not visible in logs anymore Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com> Change-Id: I7b0944a1063da8561d2928e4110674ce4845ecea
22 lines
925 B
Plaintext
22 lines
925 B
Plaintext
type hal_keymaster_attestation, domain;
|
|
hal_server_domain(hal_keymaster_attestation, mtk_hal_keyattestation)
|
|
|
|
type hal_keymaster_attestation_exec, exec_type, vendor_file_type, file_type;
|
|
init_daemon_domain(hal_keymaster_attestation)
|
|
|
|
hwbinder_use(hal_keymaster_attestation);
|
|
|
|
#============= hal_keymaster_attestation ==============
|
|
allow hal_keymaster_attestation tee_device:chr_file { read write open ioctl };
|
|
|
|
# Date : WK17.42 2017/10/19
|
|
# Operation: Keymaster 3.0
|
|
# Purpose: Access attestation key in persist partition
|
|
allow hal_keymaster_attestation mnt_vendor_file:dir search;
|
|
allow hal_keymaster_attestation persist_data_file:dir { write search add_name };
|
|
allow hal_keymaster_attestation persist_data_file:file { write create open getattr };
|
|
|
|
allow hal_keymaster_attestation ut_keymaster_device:chr_file { read write ioctl open };
|
|
|
|
allow hal_keymaster_attestation teei_client_device:chr_file { read write open ioctl};
|