sm8550-common: Work around keymint HAL to avoid conflicts with source built
Change-Id: Ie16c7052cb9e343adcafa4303ae62d606ce4585f
This commit is contained in:
chaptsand
31
sepolicy/vendor/hal_keymint_default.te
vendored
31
sepolicy/vendor/hal_keymint_default.te
vendored
@@ -1,25 +1,24 @@
|
||||
# Allow keymint HAL to read/write efs_file
|
||||
allow hal_keymint_default efs_file:dir create_dir_perms;
|
||||
allow hal_keymint_default efs_file:file create_file_perms;
|
||||
allow vendor_hal_keymint_qti efs_file:dir create_dir_perms;
|
||||
allow vendor_hal_keymint_qti efs_file:file create_file_perms;
|
||||
|
||||
# Allow keymint HAL to read/write dak_efs_file
|
||||
allow hal_keymint_default dak_efs_file:dir create_dir_perms;
|
||||
allow hal_keymint_default dak_efs_file:file create_file_perms;
|
||||
allow vendor_hal_keymint_qti dak_efs_file:dir create_dir_perms;
|
||||
allow vendor_hal_keymint_qti dak_efs_file:file create_file_perms;
|
||||
|
||||
# Allow keymint HAL to read/write sec_efs_file
|
||||
allow hal_keymint_default sec_efs_file:dir create_dir_perms;
|
||||
allow hal_keymint_default sec_efs_file:file create_file_perms;
|
||||
allow vendor_hal_keymint_qti sec_efs_file:dir create_dir_perms;
|
||||
allow vendor_hal_keymint_qti sec_efs_file:file create_file_perms;
|
||||
|
||||
# Allow keymint HAL to access TZ device
|
||||
allow hal_keymint_default vendor_dmabuf_qseecom_ta_heap_device:chr_file r_file_perms;
|
||||
allow hal_keymint_default vendor_dmabuf_qseecom_heap_device:chr_file r_file_perms;
|
||||
allow hal_keymint_default vendor_dmabuf_secure_sp_tz_heap_device:chr_file r_file_perms;
|
||||
allow hal_keymint_default vendor_skp_device:chr_file r_file_perms;
|
||||
allow hal_keymint_default vendor_spcom_device:chr_file rw_file_perms;
|
||||
allow hal_keymint_default vendor_spss_utils_device:chr_file rw_file_perms;
|
||||
allow vendor_hal_keymint_qti vendor_dmabuf_qseecom_ta_heap_device:chr_file r_file_perms;
|
||||
allow vendor_hal_keymint_qti vendor_dmabuf_secure_sp_tz_heap_device:chr_file r_file_perms;
|
||||
allow vendor_hal_keymint_qti vendor_skp_device:chr_file r_file_perms;
|
||||
allow vendor_hal_keymint_qti vendor_spcom_device:chr_file rw_file_perms;
|
||||
allow vendor_hal_keymint_qti vendor_spss_utils_device:chr_file rw_file_perms;
|
||||
|
||||
get_prop(hal_keymint_default, vendor_tee_listener_prop)
|
||||
get_prop(hal_keymint_default, vendor_spcomlib_prop)
|
||||
allow hal_keymint_default mnt_vendor_file:dir search;
|
||||
get_prop(vendor_hal_keymint_qti, vendor_spcomlib_prop)
|
||||
|
||||
unix_socket_connect(hal_keymint_default, property, hermesd)
|
||||
allow vendor_hal_keymint_qti mnt_vendor_file:dir search;
|
||||
|
||||
unix_socket_connect(vendor_hal_keymint_qti, property, hermesd)
|
||||
|
||||
2
sepolicy/vendor/hermesd.te
vendored
2
sepolicy/vendor/hermesd.te
vendored
@@ -23,7 +23,7 @@ allow hermesd vendor_dmabuf_qseecom_ta_heap_device:chr_file r_file_perms;
|
||||
allow hermesd vendor_gatekeeper_data_file:dir create_dir_perms;
|
||||
allow hermesd vendor_gatekeeper_data_file:file create_file_perms;
|
||||
|
||||
allow hermesd hal_keymint_default:binder transfer;
|
||||
allow hermesd vendor_hal_keymint_qti:binder transfer;
|
||||
|
||||
set_prop(hermesd, vendor_securenvm_prop)
|
||||
set_prop(hermesd, vendor_securehw_prop)
|
||||
|
||||
Reference in New Issue
Block a user