Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_device_qcom_sepolicy_vndr / 6d1ffa911d6110859d63fb7801e9f70d4b37573f^2..6d1ffa911d6110859d63fb7801e9f70d4b37573f / .
commit6d1ffa911d6110859d63fb7801e9f70d4b37573f[log] [tgz]
authorLinux Build Service Account <lnxbuild@localhost>Fri Jul 07 03:28:03 2023 -0700
committerGerrit - the friendly Code Review server <code-review@localhost>Fri Jul 07 03:28:03 2023 -0700
tree8f23bde53f0cf181f9e0b16964a2a2fb2e4a7eeb
parent5a7301d225bc0706f149939d5da3a642b626addd [diff]
parentead793ca39c15857aa2cf9db47c740da26332be3 [diff]
Merge "sepolicy_vndr: Add selinux label for LED devices" into sepolicy.vndr.lnx.13.0.r1-rel
diff --git a/qva/vendor/common/file_contexts b/qva/vendor/common/file_contexts
index 69fddb1..f7e64b4 100644
--- a/qva/vendor/common/file_contexts
+++ b/qva/vendor/common/file_contexts

@@ -90,7 +90,6 @@
 /vendor/bin/hw/android\.hardware\.keymaster@4\.1-strongbox-service-qti             u:object_r:vendor_hal_keymaster_qti_exec:s0
 /vendor/bin/hw/android\.hardware\.keymaster@4\.1-javacard.service                  u:object_r:hal_keymaster_default_exec:s0
 /vendor/bin/init\.qti\.ese\.strongbox\.sh                                          u:object_r:vendor_init-qti-ese-strongbox-sh_exec:s0
-/vendor/bin/hw/android\.hardware\.security\.keymint-service-spu-qti                u:object_r:vendor_hal_keymint_spu_qti_exec:s0
 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.strongbox             u:object_r:vendor_hal_keymint_strongbox_exec:s0
 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.strongbox-thales      u:object_r:vendor_hal_keymint_strongbox_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.weaver@1\.0-service              u:object_r:vendor_hal_weaver_default_exec:s0

diff --git a/qva/vendor/kalama/file_contexts b/qva/vendor/kalama/file_contexts
old mode 100755
new mode 100644
index 3676482..edbdf67
--- a/qva/vendor/kalama/file_contexts
+++ b/qva/vendor/kalama/file_contexts

@@ -61,6 +61,7 @@
 
 
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.0-service    u:object_r:vendor_biometricsface_exec:s0
+/vendor/bin/hw/android\.hardware\.security\.keymint-service-spu-qti                u:object_r:vendor_hal_keymint_spu_qti_exec:s0
 
 /data/vendor/face3d_dir(/.*)?                                                      u:object_r:vendor_biometricsface_data_file:s0
 

diff --git a/qva/vendor/kalama/hal_gatekeeper_spu_qti.te b/qva/vendor/kalama/hal_gatekeeper_spu_qti.te
index 43ec711..158f80c 100644
--- a/qva/vendor/kalama/hal_gatekeeper_spu_qti.te
+++ b/qva/vendor/kalama/hal_gatekeeper_spu_qti.te

@@ -58,3 +58,6 @@
 # As each dma buf is seperate device, need to allow access to those devices
 allow vendor_hal_gatekeeper_spu_qti vendor_dmabuf_qseecom_heap_device:chr_file r_file_perms;
 allow vendor_hal_gatekeeper_spu_qti vendor_dmabuf_secure_sp_tz_heap_device:chr_file r_file_perms;
+
+# Allow read vendor TEE listener ready property
+get_prop(vendor_hal_gatekeeper_spu_qti, vendor_tee_listener_prop)
\ No newline at end of file

diff --git a/qva/vendor/common/hal_keymint_spu_qti.te b/qva/vendor/kalama/hal_keymint_spu_qti.te
similarity index 96%
rename from qva/vendor/common/hal_keymint_spu_qti.te
rename to qva/vendor/kalama/hal_keymint_spu_qti.te
index d2ef483..7129e3e 100644
--- a/qva/vendor/common/hal_keymint_spu_qti.te
+++ b/qva/vendor/kalama/hal_keymint_spu_qti.te

@@ -70,3 +70,6 @@
 allow vendor_hal_keymint_spu_qti vendor_vm_cp_spss_sp_shared_device:chr_file r_file_perms;
 allow vendor_hal_keymint_spu_qti vendor_vm_cp_spss_hlos_shared_device:chr_file r_file_perms;
 allow vendor_hal_keymint_spu_qti vendor_membuf_dev:chr_file r_file_perms;
+
+# Allow read vendor TEE listener ready property
+get_prop(vendor_hal_keymint_spu_qti, vendor_tee_listener_prop)
\ No newline at end of file