diff options
| author | Dmitry Shmidt <dimitrysh@google.com> | 2018-07-16 12:53:21 -0700 |
|---|---|---|
| committer | Dmitry Shmidt <dimitrysh@google.com> | 2018-07-16 12:53:21 -0700 |
| commit | a8ef1fa69a2b38f6692a1caf0b31314ae041e062 (patch) | |
| tree | 1e8170edfad87aa07f03fcfd3f08d1a3315cd56c /sepolicy/tee.te | |
| parent | 211b23918fea15585a3be6059bc69cb230b58829 (diff) | |
| download | poplar-a8ef1fa69a2b38f6692a1caf0b31314ae041e062.tar.gz | |
poplar: Cumulative patch from commit 6d860e7
6d860e7 (origin/master, origin/HEAD) poplar: use vendor prebuilt wifi files
2de4ee5 wifi: add capabilities for wpa_supplicant
46ac944 poplar: create an optee folder for OP-TEE files
9411998 poplar: move hiavplayer.rc into vendor folder
e19a218 poplar: rename rootfs to vendor
fdb3113 BoardConfig.mk: add printk.devkmsg=on to BOARD_KERNEL_CMDLINE
da84bb1 init.poplar.rc: setprop service.adb.tcp.port 5555
ad56c8a Revert "WIP: temporarily disable bluetooth"
28e4d5e bt: add ro.boot.btmacaddr property and chmod of rtkbt_dev
363a2e4 wifi: enable wifi HAL support
958edb7 wifi: remove use of rtl8822bu module
fe5024d audio: add include of <unistd.h> to fix usleep warnings
6e36a97 device.mk: add Launcher2 package
4673aee WIP: temporarily disable bluetooth
8b6fdda poplar: remove obsolete self-extractors
b8b039f poplar: switch from add_lunch_combo to COMMON_LUNCH_CHOICES
acd1ef6 poplar: enable full treble support
d6df05c audio: update Android.mk for treble support
d9a9261 audio: include <log/log.h> instead of <cutils/log.h>
1f6821d device.mk: use TARGET_COPY_OUT_VENDOR for feature declarations
9b9a1a7 device.mk: clean up newlines and backslash
29db545 device.mk: build soundtrigger package for audio support
3d4498f device.mk: add ro.config.build.name property
fdb44d6 manifest: update manifest file for treble support
d0cc662 ueventd.poplar.rc: add hi_gfx2d device node back
ccc635e sepolicy: sync up selinux policy with Hisilicon development
2c391e5 sepoilcy: remove 'x' attribute from .te files
44c53b7 fstab.poplar: remove system and vendor mount
6b21fe2 fstab.poplar: use by-name symlinks instead of by-num
1e3bd67 poplar: add bt/wifi files and configurations
93bf7a1 device.mk: move BT section close to Wifi
Bug: 110793466
Test: Manual
Change-Id: If7db092bbed239ea83287fcf294b7d70c53e04b5
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Diffstat (limited to 'sepolicy/tee.te')
| -rw-r--r-- | sepolicy/tee.te | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/sepolicy/tee.te b/sepolicy/tee.te new file mode 100644 index 0000000..28e80e3 --- /dev/null +++ b/sepolicy/tee.te @@ -0,0 +1,27 @@ +# allow run xtest as shell +domain_auto_trans(shell, tee_exec, tee); +allow shell tee_exec:file { getattr execute read open execute_no_trans }; +## allow shell tee_data_file:file { create write open getattr unlink read }; +## allow shell tee_data_file:dir { write add_name remove_name rename search }; +## allow shell tee_data_file:chr_file { read write open ioctl }; +allow tee console_device:chr_file { getattr read write ioctl }; +allow tee shell:fd { use }; + +## allow tee tee_data_file:dir { create rmdir rename }; +#allow tee system_data_file:file { append }; #write open +allow tee system_data_file:dir { getattr }; # open write +allow tee vendor_data_file:dir { getattr open write add_name create}; +allow tee vendor_data_file:file { getattr write open read create append }; + +# For xtest 200x tests +allow tee tee:tcp_socket { create connect read write getopt setopt }; +allow tee tee:udp_socket { create connect read write getopt getattr }; +allow tee tee:capability { net_raw }; +allow tee fwmarkd_socket:sock_file { write }; +## allow tee netd:unix_stream_socket { connectto }; +allow tee port:tcp_socket { name_connect }; + +# Rules on netd domain for optee xtest 200x tests +allow netd tee:tcp_socket { read write getopt setopt }; +allow netd tee:udp_socket { read write getopt setopt }; +allow netd tee:fd { use }; |