Allow tee to access rpmb (denials seen on Moto E5 preventing keymaster from working)

This commit is contained in:
Pierre-Hugues Husson 2019-09-12 20:58:18 +02:00 committed by tboy1991
parent 86aa7e3ab8
commit 8243e75282

View File

@ -19,3 +19,7 @@ allow system_app hal_telephony_hwservice:hwservice_manager { find };
# SELinux : avc: denied { add } for interface=android.hardware.tetheroffload.control::IOffloadControl pid=15220 scontext=u:r:ipacm:s0 tcontext=u:object_r:hal_tetheroffload_hwservice:s0 tclass=hwservice_manager permissive=0 # SELinux : avc: denied { add } for interface=android.hardware.tetheroffload.control::IOffloadControl pid=15220 scontext=u:r:ipacm:s0 tcontext=u:object_r:hal_tetheroffload_hwservice:s0 tclass=hwservice_manager permissive=0
type ipacm, hwservice_manager_type; type ipacm, hwservice_manager_type;
allow ipacm hal_tetheroffload_hwservice:hwservice_manager { add }; allow ipacm hal_tetheroffload_hwservice:hwservice_manager { add };
type rpmb_device, file_type;
allow tee rpmb_device:blk_file rw_file_perms;
allowxperm tee rpmb_device:blk_file ioctl { 0xb300-0xbfff };