From a8ef1fa69a2b38f6692a1caf0b31314ae041e062 Mon Sep 17 00:00:00 2001
From: Dmitry Shmidt <dimitrysh@google.com>
Date: Mon, 16 Jul 2018 12:53:21 -0700
Subject: poplar: Cumulative patch from commit 6d860e7

6d860e7 (origin/master, origin/HEAD) poplar: use vendor prebuilt wifi files
2de4ee5 wifi: add capabilities for wpa_supplicant
46ac944 poplar: create an optee folder for OP-TEE files
9411998 poplar: move hiavplayer.rc into vendor folder
e19a218 poplar: rename rootfs to vendor
fdb3113 BoardConfig.mk: add printk.devkmsg=on to BOARD_KERNEL_CMDLINE
da84bb1 init.poplar.rc: setprop service.adb.tcp.port 5555
ad56c8a Revert "WIP: temporarily disable bluetooth"
28e4d5e bt: add ro.boot.btmacaddr property and chmod of rtkbt_dev
363a2e4 wifi: enable wifi HAL support
958edb7 wifi: remove use of rtl8822bu module
fe5024d audio: add include of <unistd.h> to fix usleep warnings
6e36a97 device.mk: add Launcher2 package
4673aee WIP: temporarily disable bluetooth
8b6fdda poplar: remove obsolete self-extractors
b8b039f poplar: switch from add_lunch_combo to COMMON_LUNCH_CHOICES
acd1ef6 poplar: enable full treble support
d6df05c audio: update Android.mk for treble support
d9a9261 audio: include <log/log.h> instead of <cutils/log.h>
1f6821d device.mk: use TARGET_COPY_OUT_VENDOR for feature declarations
9b9a1a7 device.mk: clean up newlines and backslash
29db545 device.mk: build soundtrigger package for audio support
3d4498f device.mk: add ro.config.build.name property
fdb44d6 manifest: update manifest file for treble support
d0cc662 ueventd.poplar.rc: add hi_gfx2d device node back
ccc635e sepolicy: sync up selinux policy with Hisilicon development
2c391e5 sepoilcy: remove 'x' attribute from .te files
44c53b7 fstab.poplar: remove system and vendor mount
6b21fe2 fstab.poplar: use by-name symlinks instead of by-num
1e3bd67 poplar: add bt/wifi files and configurations
93bf7a1 device.mk: move BT section close to Wifi

Bug: 110793466
Test: Manual

Change-Id: If7db092bbed239ea83287fcf294b7d70c53e04b5
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
---
 sepolicy/tee.te | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 sepolicy/tee.te

(limited to 'sepolicy/tee.te')

diff --git a/sepolicy/tee.te b/sepolicy/tee.te
new file mode 100644
index 0000000..28e80e3
--- /dev/null
+++ b/sepolicy/tee.te
@@ -0,0 +1,27 @@
+# allow run xtest as shell
+domain_auto_trans(shell, tee_exec, tee);
+allow shell tee_exec:file { getattr execute read open execute_no_trans };
+## allow shell tee_data_file:file { create write open getattr unlink read };
+## allow shell tee_data_file:dir { write add_name remove_name rename search };
+## allow shell tee_data_file:chr_file { read write open ioctl };
+allow tee console_device:chr_file {  getattr read write ioctl };
+allow tee shell:fd { use };
+
+## allow tee tee_data_file:dir { create rmdir rename };
+#allow tee system_data_file:file { append }; #write open
+allow tee system_data_file:dir { getattr }; # open write
+allow tee vendor_data_file:dir { getattr open write add_name create};
+allow tee vendor_data_file:file { getattr write open read create append };
+
+# For xtest 200x tests
+allow tee tee:tcp_socket { create connect read write getopt setopt };
+allow tee tee:udp_socket { create connect read write getopt getattr };
+allow tee tee:capability { net_raw };
+allow tee fwmarkd_socket:sock_file { write };
+## allow tee netd:unix_stream_socket { connectto };
+allow tee port:tcp_socket { name_connect };
+
+# Rules on netd domain for optee xtest 200x tests
+allow netd tee:tcp_socket { read write getopt setopt };
+allow netd tee:udp_socket { read write getopt setopt };
+allow netd tee:fd { use };
-- 
cgit v1.2.3