2e08559c2b
TEE stores its file in /data/vendor/thh/. Allow it required permissions
to do so.
Denials observed without this change:
12-28 16:42:11.556 416 416 I teei_daemon: type=1400 audit(0.0:394): avc: denied { open } for path="/data/vendor/thh/7778c03fc30c4dd0a319ea29643d4d4b." dev="sdc46" ino=2490455 scontext=u:r:tee:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=dir permissive=1
Test: Boot and notice that denials have resolved
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I1a608ebac628c8ce9c35ece1566e049236321a4b
SELinux policy for MediaTek devices
Don't recurse into the platform makefiles. We don't care about them, and we
don't want to force a reset of BOARD_SEPOLICY_DIRS.
If you want to use these policies, add a
include device/mediatek/sepolicy/sepolicy.mk
to your device's BoardConfig. It is highly recommended that in case you have
your own BOARD_SEPOLICY_DIRS declaration, the inclusion happens before
those lines
Repository Details
This repository uses device/mediatek/wembley-sepolicy as base till 4769fb0d973bf079934054c6c5423ca06d67010a.
After that Google's device-specific changes starts.
Till 4769fb0d973bf079934054c6c5423ca06d67010a, this repository is similar to
the basic sepolicy repository provided by MediaTek to the OEMs.