76aab82cb3
This attribute is being actively removed from policy. Since
attributes are not being versioned, partners must not be able to
access and use this attribute. Move it from private and verify in
the logs that rild and tee are not using these permissions.
Bug: 38316109
Test: build and boot Marlin
Test: Verify that rild and tee are not being granted any of these
permissions.
Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b
17 lines
610 B
Text
17 lines
610 B
Text
##
|
|
# trusted execution environment (tee) daemon
|
|
#
|
|
type tee_exec, exec_type, vendor_file_type, file_type;
|
|
init_daemon_domain(tee)
|
|
|
|
allow tee self:capability { dac_override };
|
|
allow tee tee_device:chr_file rw_file_perms;
|
|
allow tee tee_data_file:dir rw_dir_perms;
|
|
allow tee tee_data_file:file create_file_perms;
|
|
allow tee self:netlink_socket create_socket_perms_no_ioctl;
|
|
allow tee self:netlink_generic_socket create_socket_perms_no_ioctl;
|
|
allow tee ion_device:chr_file r_file_perms;
|
|
r_dir_file(tee, sysfs_type)
|
|
|
|
allow tee system_data_file:file { getattr read };
|
|
allow tee system_data_file:lnk_file r_file_perms;
|