Merge "Allow tee to access mnt_vendor_file" am: 435c1e8e7d am: ab07ab083b am: d787fc54a9

Original change: https://android-review.googlesource.com/c/device/google/redbull-sepolicy/+/1884509 Change-Id: I17591138873c716f421ff6f6a0fdaf1c4245bcbe
author: Thiébaud Weksteen <tweek@google.com> 2021-11-10 06:00:25 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2021-11-10 06:00:25 +0000
commit: 55f1b0089100b5499fe6b0cf3f1357008adede51 (patch)
tree: 80755940c026b3e75f40c090de058a7bcee25901
parent: c504bda0fa715396f363d993dc005c08099723a2 (diff)
parent: d787fc54a977d84c09012c387edcedce62cf281b (diff)
download: redbull-sepolicy-55f1b0089100b5499fe6b0cf3f1357008adede51.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/vendor/qcom/common/tee.te b/vendor/qcom/common/tee.te
index 05a9c29..1aac029 100644
--- a/vendor/qcom/common/tee.te
+++ b/vendor/qcom/common/tee.te
@@ -11,12 +11,15 @@ allow tee block_device:dir r_dir_perms;
 allow tee ssd_block_device:blk_file rw_file_perms;
 allow tee sg_device:chr_file { rw_file_perms setattr };
 
-allow tee mnt_vendor_file:dir search;
-allow tee persist_file:dir search;
+allow tee mnt_vendor_file:dir r_dir_perms;
+allow tee persist_file:dir r_dir_perms;
 allow tee persist_file:lnk_file read;
 allow tee persist_drm_file:dir create_dir_perms;
 allow tee persist_drm_file:file create_file_perms;
 
+# b/198130336
+dontaudit tee tmpfs:dir read;
+
 wakelock_use(tee);
 
 hwbinder_use(tee)
author	Thiébaud Weksteen <tweek@google.com>	2021-11-10 06:00:25 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2021-11-10 06:00:25 +0000
commit	55f1b0089100b5499fe6b0cf3f1357008adede51 (patch)
tree	80755940c026b3e75f40c090de058a7bcee25901
parent	c504bda0fa715396f363d993dc005c08099723a2 (diff)
parent	d787fc54a977d84c09012c387edcedce62cf281b (diff)
download	redbull-sepolicy-55f1b0089100b5499fe6b0cf3f1357008adede51.tar.gz