Merge "Allow tee to access mnt_vendor_file" am: 435c1e8e7d am: ab07ab083b am: d787fc54a9 am: 55f1b00891 am: 752d548ab3

Original change: https://android-review.googlesource.com/c/device/google/redbull-sepolicy/+/1884509 Change-Id: I3882803ca674704a916af65c90c18f0ed38ee405
author: Thiébaud Weksteen <tweek@google.com> 2021-11-10 06:42:43 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2021-11-10 06:42:43 +0000
commit: 15a7803633dd1ed1b9f20ac00abf5c5a3c25a640 (patch)
tree: 5de5b4764b4431a3ed67bddf49835e0b6593d708
parent: ae4b7183afd2b7cda3d6bfde7122a1d536e09426 (diff)
parent: 752d548ab3c1d6035ad998d44ef0652a3c37f57e (diff)
download: redbull-sepolicy-15a7803633dd1ed1b9f20ac00abf5c5a3c25a640.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/vendor/qcom/common/tee.te b/vendor/qcom/common/tee.te
index 05a9c29..1aac029 100644
--- a/vendor/qcom/common/tee.te
+++ b/vendor/qcom/common/tee.te
@@ -11,12 +11,15 @@ allow tee block_device:dir r_dir_perms;
 allow tee ssd_block_device:blk_file rw_file_perms;
 allow tee sg_device:chr_file { rw_file_perms setattr };
 
-allow tee mnt_vendor_file:dir search;
-allow tee persist_file:dir search;
+allow tee mnt_vendor_file:dir r_dir_perms;
+allow tee persist_file:dir r_dir_perms;
 allow tee persist_file:lnk_file read;
 allow tee persist_drm_file:dir create_dir_perms;
 allow tee persist_drm_file:file create_file_perms;
 
+# b/198130336
+dontaudit tee tmpfs:dir read;
+
 wakelock_use(tee);
 
 hwbinder_use(tee)
author	Thiébaud Weksteen <tweek@google.com>	2021-11-10 06:42:43 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2021-11-10 06:42:43 +0000
commit	15a7803633dd1ed1b9f20ac00abf5c5a3c25a640 (patch)
tree	5de5b4764b4431a3ed67bddf49835e0b6593d708
parent	ae4b7183afd2b7cda3d6bfde7122a1d536e09426 (diff)
parent	752d548ab3c1d6035ad998d44ef0652a3c37f57e (diff)
download	redbull-sepolicy-15a7803633dd1ed1b9f20ac00abf5c5a3c25a640.tar.gz