diff options
| author | Bill Yi <byi@google.com> | 2014-10-22 08:46:23 -0700 |
|---|---|---|
| committer | Bill Yi <byi@google.com> | 2014-10-22 08:46:23 -0700 |
| commit | 3a1aaa95b116d498c89300f7a7dfa75cbddef783 (patch) | |
| tree | aa822a871a77cf28e1bbc328690f92a42e90373a /sepolicy | |
| parent | 8752bd46644cfabb175f4cb0070aa4895db9e28d (diff) | |
| parent | d903bf6916640b88730f54b1b65986696cdfb1ab (diff) | |
Merge commit 'd903bf6916640b88730f54b1b65986696cdfb1ab' into HEAD
Diffstat (limited to 'sepolicy')
| -rw-r--r-- | sepolicy/rmt.te | 3 | ||||
| -rw-r--r-- | sepolicy/tee.te | 5 |
2 files changed, 4 insertions, 4 deletions
diff --git a/sepolicy/rmt.te b/sepolicy/rmt.te index ad30cb7..9ad40d7 100644 --- a/sepolicy/rmt.te +++ b/sepolicy/rmt.te @@ -5,9 +5,6 @@ type rmt_exec, exec_type, file_type; # Started by init init_daemon_domain(rmt) -# The following line is deleted in Google internal master -permissive rmt; - # Drop (user, group) to (nobody, nobody) allow rmt self:capability { setuid setgid }; diff --git a/sepolicy/tee.te b/sepolicy/tee.te index d14b864..70ca62a 100644 --- a/sepolicy/tee.te +++ b/sepolicy/tee.te @@ -10,5 +10,8 @@ allow tee drm_data_file:dir create_dir_perms; allow tee drm_data_file:file create_file_perms; # Read from persist partition -allow tee persist_file:dir search; +allow tee persist_file:dir r_dir_perms; r_dir_file(tee, persist_data_file) +# Write to drm related pieces of persist partition +allow tee persist_data_file:dir create_dir_perms; +allow tee persist_data_file:file create_file_perms; |