blob: 453caad179e4418b0115033e73f7824e39d817f6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
type persist_ss_file, file_type, vendor_persist_type;
# Handle wake locks
wakelock_use(tee)
allow tee persist_ss_file:file create_file_perms;
allow tee persist_ss_file:dir create_dir_perms;
allow tee persist_file:dir r_dir_perms;
allow tee mnt_vendor_file:dir r_dir_perms;
allow tee tee_data_file:dir create_dir_perms;
allow tee tee_data_file:lnk_file r_file_perms;
# Allow storageproxyd access to gsi_public_metadata_file
read_fstab(tee)
# storageproxyd starts before /data is mounted. It handles /data not being there
# gracefully. However, attempts to access /data trigger a denial.
dontaudit tee unlabeled:dir { search };
set_prop(tee, vendor_trusty_storage_prop)
|
