91547390a8
Denials observed without this change:
7.811050] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:5): avc: denied { read write } for comm="teei_daemon" name="teei_config" dev="tmpfs" ino=3600 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
[ 7.813712] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:6): avc: denied { open } for comm="teei_daemon" path="/dev/teei_config" dev="tmpfs" ino=3600 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
[ 7.816434] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:6): avc: denied { open } for comm="teei_daemon" path="/dev/teei_config" dev="tmpfs" ino=3600 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
[ 7.819089] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:7): avc: denied { ioctl } for comm="teei_daemon" path="/dev/teei_config" dev="tmpfs" ino=3600 ioctlcmd=0x5403 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
Test: Boot and notice that denials no longer appears
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: Ia779816cbf9312b50a5f5101f7935f1a83b210f2
15 lines
509 B
Plaintext
15 lines
509 B
Plaintext
allow tee ut_keymaster_device:chr_file rw_file_perms;
|
|
|
|
allow tee teei_rpmb_device:chr_file rw_file_perms;
|
|
allow tee teei_rpmb_device:blk_file { read write ioctl open };
|
|
|
|
allow tee teei_vfs_device:chr_file rw_file_perms;
|
|
|
|
allow tee vendor_teei_data_file:dir create_dir_perms;
|
|
allow tee vendor_teei_data_file:file create_file_perms;
|
|
|
|
allow tee teei_client_device:chr_file { create setattr unlink rw_file_perms };;
|
|
allow tee teei_config_device:chr_file rw_file_perms;
|
|
|
|
allow tee property_socket:sock_file write;
|