Trusted Execution Environment policy.

author: rpcraig <rpcraig@tycho.ncsc.mil> 2012-08-13 06:09:39 -0400
committer: rpcraig <rpcraig@tycho.ncsc.mil> 2012-08-13 06:09:39 -0400
commit: e07b8a56b9ce87733024797018543c7faf7e6aa2 (patch)
tree: 93ed70a9ba0db23b8003a6b4da5684e48672e6e3
parent: a1ce2fa2218a768823a7c39426983a248b6e4f50 (diff)
download: android_external_sepolicy-e07b8a56b9ce87733024797018543c7faf7e6aa2.tar.gz
android_external_sepolicy-e07b8a56b9ce87733024797018543c7faf7e6aa2.tar.bz2
android_external_sepolicy-e07b8a56b9ce87733024797018543c7faf7e6aa2.zip
5 files changed, 19 insertions, 0 deletions
diff --git a/drmserver.te b/drmserver.te
index f30033a..63286d5 100644
--- a/drmserver.te
+++ b/drmserver.te
@@ -18,3 +18,4 @@ allow drmserver sdcard:dir search;
 allow drmserver drm_data_file:dir create_dir_perms;
 allow drmserver drm_data_file:file create_file_perms;
 allow drmserver self:{ tcp_socket udp_socket } *;
+allow drmserver tee_device:chr_file rw_file_perms;
diff --git a/gpsd.te b/gpsd.te
index bc2893d..8010efa 100644
--- a/gpsd.te
+++ b/gpsd.te
@@ -12,3 +12,5 @@ type_transition gpsd gps_data_file:sock_file gps_socket;
 allow gpsd gps_socket:sock_file create_file_perms;
 # XXX Label sysfs files with a specific type?
 allow gpsd sysfs:file rw_file_perms;
+
+allow gpsd gps_device:chr_file rw_file_perms;
diff --git a/keystore.te b/keystore.te
index 6c4d610..20e7222 100644
--- a/keystore.te
+++ b/keystore.te
@@ -6,3 +6,4 @@ init_daemon_domain(keystore)
 allow keystore keystore_data_file:dir create_dir_perms;
 allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
 allow keystore keystore_exec:file { getattr };
+allow keystore tee_device:chr_file rw_file_perms;
diff --git a/mediaserver.te b/mediaserver.te
index c8adf3a..e124db0 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -42,3 +42,5 @@ allow mediaserver qtaguid_proc:file rw_file_perms;
 allow mediaserver qtaguid_device:chr_file r_file_perms;
 # Allow abstract socket connection
 allow mediaserver rild:unix_stream_socket connectto;
+
+allow mediaserver tee_device:chr_file rw_file_perms;
diff --git a/tee.te b/tee.te
new file mode 100644
index 0000000..ce4e2b6
--- /dev/null
+++ b/tee.te
@@ -0,0 +1,13 @@
+##
+# trusted execution environment (tee) daemon
+#
+type tee, domain;
+type tee_exec, exec_type, file_type;
+type tee_device, dev_type;
+type tee_data_file, file_type, data_file_type;
+
+init_daemon_domain(tee)
+allow tee self:capability { dac_override };
+allow tee tee_device:chr_file rw_file_perms;
+allow tee tee_data_file:dir { getattr write add_name };
+allow tee tee_data_file:file create_file_perms;
author	rpcraig <rpcraig@tycho.ncsc.mil>	2012-08-13 06:09:39 -0400
committer	rpcraig <rpcraig@tycho.ncsc.mil>	2012-08-13 06:09:39 -0400
commit	e07b8a56b9ce87733024797018543c7faf7e6aa2 (patch)
tree	93ed70a9ba0db23b8003a6b4da5684e48672e6e3
parent	a1ce2fa2218a768823a7c39426983a248b6e4f50 (diff)
download	android_external_sepolicy-e07b8a56b9ce87733024797018543c7faf7e6aa2.tar.gz android_external_sepolicy-e07b8a56b9ce87733024797018543c7faf7e6aa2.tar.bz2 android_external_sepolicy-e07b8a56b9ce87733024797018543c7faf7e6aa2.zip