shinano: sepolicy: Fix UIM denials.

* Grand access to qseecomd. * Grant access to bluetooth properties. Change-Id: Iacd41d8c313e1137c66e76da2ee2c4db7b3f4883 Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
author: Alexander Diewald <Diewi@diewald-net.com> 2017-11-20 22:43:14 +0100
committer: Arian <arian.kulmer@web.de> 2019-10-07 11:11:29 +0200
commit: fdd6206d685f80b896d6316d5fec4d6dfb5b8f5d (patch)
tree: d7088063770efe514473b1d1b9337f84b70f30ec
parent: e6a391cedfd0d229b53dec56e2f0ba751c642da8 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/sepolicy/uim.te b/sepolicy/uim.te
index 11b7fbf..6f8b30e 100644
--- a/sepolicy/uim.te
+++ b/sepolicy/uim.te
@@ -5,7 +5,6 @@ rw_dir_file(uim, brcm_ldisc_sysfs)
 rw_dir_file(uim, bluetooth_data_file)
 rw_dir_file(uim, sysfs_bluetooth_writable)
 allow uim brcm_uim_exec:file { entrypoint getattr read execute };
-allow uim hci_attach_dev:chr_file { read write open };
 allow uim self:capability { net_admin dac_override };
 allow uim rootfs:lnk_file getattr;
 allow uim ta_data_file:dir search;
@@ -13,4 +12,11 @@ allow uim bluetooth_prop:sock_file write;
 allow uim ta_data_file:file r_file_perms;
 allow uim hci_attach_dev:chr_file ioctl; 
 
+# Access to qseecomd
+allow uim tee_device:chr_file rw_file_perms;
+
+# Access to serial port
+allow uim hci_attach_dev:chr_file rw_file_perms;
 allowxperm uim hci_attach_dev:chr_file ioctl uim_sock_ipc_ioctls;
+
+get_prop(uim, bluetooth_prop)
author	Alexander Diewald <Diewi@diewald-net.com>	2017-11-20 22:43:14 +0100
committer	Arian <arian.kulmer@web.de>	2019-10-07 11:11:29 +0200
commit	fdd6206d685f80b896d6316d5fec4d6dfb5b8f5d (patch)
tree	d7088063770efe514473b1d1b9337f84b70f30ec
parent	e6a391cedfd0d229b53dec56e2f0ba751c642da8 (diff)