91547390a8
Denials observed without this change:
7.811050] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:5): avc: denied { read write } for comm="teei_daemon" name="teei_config" dev="tmpfs" ino=3600 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
[ 7.813712] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:6): avc: denied { open } for comm="teei_daemon" path="/dev/teei_config" dev="tmpfs" ino=3600 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
[ 7.816434] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:6): avc: denied { open } for comm="teei_daemon" path="/dev/teei_config" dev="tmpfs" ino=3600 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
[ 7.819089] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:7): avc: denied { ioctl } for comm="teei_daemon" path="/dev/teei_config" dev="tmpfs" ino=3600 ioctlcmd=0x5403 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
Test: Boot and notice that denials no longer appears
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: Ia779816cbf9312b50a5f5101f7935f1a83b210f2
SELinux policy for MediaTek devices
Don't recurse into the platform makefiles. We don't care about them, and we
don't want to force a reset of BOARD_SEPOLICY_DIRS.
If you want to use these policies, add a
include device/mediatek/sepolicy/sepolicy.mk
to your device's BoardConfig. It is highly recommended that in case you have
your own BOARD_SEPOLICY_DIRS declaration, the inclusion happens before
those lines
Repository Details
This repository uses device/mediatek/wembley-sepolicy as base till 4769fb0d973bf079934054c6c5423ca06d67010a.
After that Google's device-specific changes starts.
Till 4769fb0d973bf079934054c6c5423ca06d67010a, this repository is similar to
the basic sepolicy repository provided by MediaTek to the OEMs.