am ae49e7a3: Merge "Confine tee, but leave it permissive for now."

* commit 'ae49e7a3691137b5276254074b2c282bcdfee523': Confine tee, but leave it permissive for now.
author: Nick Kralevich <nnk@google.com> 2013-11-14 11:34:11 -0800
committer: Android Git Automerger <android-git-automerger@android.com> 2013-11-14 11:34:11 -0800
commit: 24fb24f7ea1bf74bc1234394b81955e0aab6943f (patch)
tree: 7a0a84ca7594e0c2bf1c8993b21e068dc08aafcc
parent: 678420e023c6f143fb99cfed031397e732960410 (diff)
parent: ae49e7a3691137b5276254074b2c282bcdfee523 (diff)
download: sepolicy-24fb24f7ea1bf74bc1234394b81955e0aab6943f.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/tee.te b/tee.te
index 1aae06e..c612821 100644
--- a/tee.te
+++ b/tee.te
@@ -2,9 +2,14 @@
 # trusted execution environment (tee) daemon
 #
 type tee, domain;
+permissive tee;
 type tee_exec, exec_type, file_type;
 type tee_device, dev_type;
 type tee_data_file, file_type, data_file_type;
 
-unconfined_domain(tee)
 init_daemon_domain(tee)
+allow tee self:capability { dac_override };
+allow tee tee_device:chr_file rw_file_perms;
+allow tee tee_data_file:dir rw_dir_perms;
+allow tee tee_data_file:file create_file_perms;
+allow tee self:netlink_socket { create bind read };
author	Nick Kralevich <nnk@google.com>	2013-11-14 11:34:11 -0800
committer	Android Git Automerger <android-git-automerger@android.com>	2013-11-14 11:34:11 -0800
commit	24fb24f7ea1bf74bc1234394b81955e0aab6943f (patch)
tree	7a0a84ca7594e0c2bf1c8993b21e068dc08aafcc
parent	678420e023c6f143fb99cfed031397e732960410 (diff)
parent	ae49e7a3691137b5276254074b2c282bcdfee523 (diff)
download	sepolicy-24fb24f7ea1bf74bc1234394b81955e0aab6943f.tar.gz