Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_device_qcom_sepolicy_vndr / e2f8185f71c984d9baa1d47e665326f318c361c3^! / .
commite2f8185f71c984d9baa1d47e665326f318c361c3[log] [tgz]
authorShivangi Kesharwani <quic_skesharw@quicinc.com>Fri Oct 13 17:28:56 2023 +0530
committerShivangi Kesharwani <quic_skesharw@quicinc.com>Fri Nov 10 03:02:35 2023 -0800
treeeeddf53aeae266cb179709319c2c557965d63f26
parent494b05b56161133eba4e0f4bc60e27f845d93f01 [diff]
sepolicy: Add context for rpmb device node.

Add context of mmcblk0rpmb device node.
(Permission are already available for
this context in qseecomd sepolicy file).

Test:
1) Bootup validation
2) AVC denial validation regarding rpmb in qseecomd

Change-Id: Id7f35e3162b546e3f215f3b4d9f7a2e17e1aee6d

diff --git a/qva/vendor/trinket/file_contexts b/qva/vendor/trinket/file_contexts
index c004202..da1af6b 100644
--- a/qva/vendor/trinket/file_contexts
+++ b/qva/vendor/trinket/file_contexts

@@ -1,4 +1,5 @@
 # Copyright (c) 2016-2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -31,6 +32,7 @@
 /dev/block/mmcblk0boot1                                                         u:object_r:root_block_device:s0
 /dev/block/mmcblk0boot0                                                         u:object_r:root_block_device:s0
 /dev/block/mmcblk0rpmb                                                          u:object_r:vendor_rpmb_device:s0
+/dev/mmcblk0rpmb                                                                u:object_r:vendor_rpmb_device:s0
 /dev/block/mmcblk0                                                              u:object_r:root_block_device:s0
 
 # UFS Devices