From e4c27418ef542d172068e65055ce8a10fec6e57d Mon Sep 17 00:00:00 2001 From: tImIbreakdown Date: Mon, 5 Jul 2021 11:43:49 +0300 Subject: [PATCH] sdm710-common: sepolicy: allow tee to read persist_file link for qseecomd * W qseecomd: type=1400 audit(0.0:26131): avc: denied { read } for name="persist" dev="mmcblk0p27" ino=43 scontext=u:r:tee:s0 tcontext=u:object_r:persist_file:s0 tclass=lnk_file permissive=0 Change-Id: If830be30b4f8c64c7d0260c0a009149e3aba8668 --- sepolicy/vendor/tee.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sepolicy/vendor/tee.te b/sepolicy/vendor/tee.te index cff5ef3..4b405c0 100644 --- a/sepolicy/vendor/tee.te +++ b/sepolicy/vendor/tee.te @@ -1 +1,2 @@ -allow tee tmpfs:dir r_dir_perms; \ No newline at end of file +allow tee tmpfs:dir r_dir_perms; +allow tee persist_file:lnk_file read;