From b2f0956771141a4b81865ceeaf88e8d894c8216d Mon Sep 17 00:00:00 2001
From: Randall Huang <huangrandall@google.com>
Date: Wed, 22 Nov 2023 13:53:05 +0800
Subject: [PATCH] Move sg_device related policy

Bug: 312582937
Test: make selinux_policy
Change-Id: Ic71e4eb53e22b24651e76e2d480d34affa01460b
Signed-off-by: Randall Huang <huangrandall@google.com>
---
 storage/sepolicy/file.te        | 1 +
 storage/sepolicy/vendor_init.te | 1 +
 trusty/sepolicy/tee.te          | 1 +
 3 files changed, 3 insertions(+)
 create mode 100644 storage/sepolicy/vendor_init.te
 create mode 100644 trusty/sepolicy/tee.te

diff --git a/storage/sepolicy/file.te b/storage/sepolicy/file.te
index c1f082d..ed4f925 100644
--- a/storage/sepolicy/file.te
+++ b/storage/sepolicy/file.te
@@ -1,3 +1,4 @@
 type debugfs_f2fs, debugfs_type, fs_type;
 type dump_storage_data_file, file_type, data_file_type;
+type sg_device, dev_type;
 type sg_util_exec, exec_type, vendor_file_type, file_type;
diff --git a/storage/sepolicy/vendor_init.te b/storage/sepolicy/vendor_init.te
new file mode 100644
index 0000000..da4fcba
--- /dev/null
+++ b/storage/sepolicy/vendor_init.te
@@ -0,0 +1 @@
+allow vendor_init sg_device:chr_file r_file_perms;
diff --git a/trusty/sepolicy/tee.te b/trusty/sepolicy/tee.te
new file mode 100644
index 0000000..50aab69
--- /dev/null
+++ b/trusty/sepolicy/tee.te
@@ -0,0 +1 @@
+allow tee sg_device:chr_file rw_file_perms;