diff options
author | nailyk-fr <nailyk_git@nailyk.fr> | 2017-04-28 16:46:44 +0200 |
---|---|---|
committer | nailyk-fr <nailyk_git@nailyk.fr> | 2017-05-10 11:14:37 +0000 |
commit | 765df75917ac3fe3da5d1dd092d8c33c0983f9d6 (patch) | |
tree | 6eafdc0fe9065bc52101b429ff2fe3880f8e0c72 /sepolicy/qseecomd.te | |
parent | 092690fcb0ddfbc8c6d3c86103d2a6d1016ac44a (diff) |
shinano-common: sepolicy: Solve encryption
Change-Id: I078576ec339adcf935b47034f6c5faed429339f5
Diffstat (limited to 'sepolicy/qseecomd.te')
-rw-r--r-- | sepolicy/qseecomd.te | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/sepolicy/qseecomd.te b/sepolicy/qseecomd.te new file mode 100644 index 0000000..7e61f6d --- /dev/null +++ b/sepolicy/qseecomd.te @@ -0,0 +1,29 @@ + +# tee starts as root, and drops privileges +allow tee self:capability { + setuid + setgid +}; + +# Need to directly manipulate certain block devices +# for anti-rollback protection +allow tee block_device:dir r_dir_perms; +allow tee rpmb_device:blk_file rw_file_perms; + +# Provide tee access to ssd partition for HW FDE +allow tee ssd_device:blk_file rw_file_perms; + +# Allow tee to directly save and load fingerprint data +allow tee fingerprintd_data_file:dir rw_dir_perms; +allow tee fingerprintd_data_file:file create_file_perms; +allow tee system_data_file:dir r_dir_perms; + +# allow tee to load firmware images +r_dir_file(tee, firmware_file) + +binder_use(tee) + +# Provide tee ability to access QMUXD/IPCRouter for QMI +qmux_socket(tee); + +set_prop(tee, tee_prop) |