Home | History | Annotate | Download | only in sepolicy 
      1 allow tee self:process execmem;
      2 
      3 # /data/misc/playready labeling
      4 type_transition tee system_data_file:dir drm_data_file;
      5 
      6 # Access /data/misc/playready
      7 allow tee system_data_file:dir ra_dir_perms;
      8 allow tee drm_data_file:dir create_dir_perms;
      9 allow tee drm_data_file:file create_file_perms;
     10 
     11 # Read from persist partition
     12 allow tee persist_file:dir r_dir_perms;
     13 r_dir_file(tee, persist_data_file)
     14 r_dir_file(tee, persist_drm_file)
     15 # Write to drm related pieces of persist partition
     16 allow tee persist_drm_file:dir create_dir_perms;
     17 allow tee persist_drm_file:file create_file_perms;
     18 
     19 # b/15777869 - update for Nexus 5 modular DRM
     20 
     21 # tee starts as root, and drops privileges
     22 allow tee self:capability { setuid setgid };
     23 
     24 # Need to directly minipulate certain block devices
     25 # for anti-rollback protection
     26 allow tee block_device:dir search;
     27 allow tee self:capability sys_rawio;
     28 allow tee drm_block_device:blk_file rw_file_perms;
     29 allow tee ssd_block_device:blk_file rw_file_perms;
     30