| # ============================================== |
| # Common SEPolicy Rule |
| # ============================================== |
| |
| # Date : WK15.49 |
| # Operation : Migration |
| # Purpose: Trustonic HW-backed Gatekeeper |
| allow hal_gatekeeper_default mobicore:unix_stream_socket { connectto read write }; |
| allow hal_gatekeeper_default mobicore_user_device:chr_file { read write open ioctl}; |
| |
| allow hal_gatekeeper_default debugfs_tracing:file write; |
| allow hal_gatekeeper_default mnt_vendor_file:dir search; |
| allow hal_gatekeeper_default persist_data_file:dir { write search add_name remove_name}; |
| allow hal_gatekeeper_default persist_data_file:file { write read getattr open create unlink}; |
| |
| # Date : 2016/06/01 |
| # Operation: TEEI integration |
| # Purpose: Microtrust HW-backed Gatekeeper |
| hal_client_domain(hal_gatekeeper_default, hal_teei_capi) |
| hal_client_domain(hal_gatekeeper_default, hal_allocator) |
| allow hal_gatekeeper_default teei_client_device:chr_file rw_file_perms; |
| |
| # Purpose: TrustKernel HW-backed Gatekeeper |
| allow hal_gatekeeper_default tkcore_admin_device:chr_file { read write open ioctl }; |
| |
| # Allow hal_gatekeeper_default to access /data/key_provisioning |
| allow hal_gatekeeper_default key_install_data_file:dir w_dir_perms; |
| allow hal_gatekeeper_default key_install_data_file:file create_file_perms; |