tee.te: set persist_path permission

DRM needs rw permission to access /persist/ for Widevine OEMCrypto V9 dependency. Change-Id: Ibb2bd7a118e35eb70a96f2354ca542d9b3644187
author: Mekala Natarajan <mekalan@codeaurora.org> 2014-08-15 15:14:44 -0700
committer: Vineeta Srivastava <vsrivastava@google.com> 2014-08-20 08:31:02 +0000
commit: abc1855b0386eee4704b34551cb87021e12145fa (patch)
tree: 223f0f7dd64f5a8670310f56bfb524a81847732f
parent: 232785414a34b442b064785ced01d025cbe3cce1 (diff)
download: mako-abc1855b0386eee4704b34551cb87021e12145fa.tar.gz
2 files changed, 5 insertions, 6 deletions
diff --git a/init.mako.rc b/init.mako.rc
index ab427fd..85babc8 100644
--- a/init.mako.rc
+++ b/init.mako.rc
@@ -416,9 +416,9 @@ service bugreport /system/bin/dumpstate -d -p -B \
     keycodes 114 115 116
 
 service qseecomd /system/bin/qseecomd
-    class late_start
-    user system
-    group system
+    class core
+    user root
+    group root
 
 service diag_mdlog /system/bin/diag_mdlog -s 100
     class late_start
diff --git a/sepolicy/tee.te b/sepolicy/tee.te
index 44603a9..7547cab 100644
--- a/sepolicy/tee.te
+++ b/sepolicy/tee.te
@@ -10,6 +10,5 @@ allow tee drm_data_file:dir create_dir_perms;
 allow tee drm_data_file:file create_file_perms;
 
 # Access /persist/{widevine,playready}
-allow tee persist_file:dir search;
-allow tee persist_drm_file:dir r_dir_perms;
-allow tee persist_drm_file:file r_file_perms;
+allow tee persist_file:dir { add_name create_dir_perms };
+allow tee persist_file:file create_file_perms;
author	Mekala Natarajan <mekalan@codeaurora.org>	2014-08-15 15:14:44 -0700
committer	Vineeta Srivastava <vsrivastava@google.com>	2014-08-20 08:31:02 +0000
commit	abc1855b0386eee4704b34551cb87021e12145fa (patch)
tree	223f0f7dd64f5a8670310f56bfb524a81847732f
parent	232785414a34b442b064785ced01d025cbe3cce1 (diff)
download	mako-abc1855b0386eee4704b34551cb87021e12145fa.tar.gz