selinux: Boot Huawei Mate 9

TrebleDroid · Nov 11, 2022 · f8a2070 · f8a2070
1 parent 7734526
commit f8a2070
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/sepolicy/huawei.te b/sepolicy/huawei.te
@@ -15,3 +15,18 @@ type oeminfo_nvm_device, file_type;
 allowxperm oeminfo_nvm oeminfo_nvm_device:blk_file ioctl { 0x1260 };
 
 allow charger rootfs:file { ioctl read getattr lock map execute entrypoint open };
+
+# This is use exclusively for init to relabel /dev/selinux from tmpfs to device
+allow kernel tmpfs:{ dir file } relabelfrom;
+allow kernel device:{ dir file } relabelto;
+
+# system/core/init/mount_handler.cpp likes to browse all /sys/block/xxx, so let it do so...
+type sys_block_sdd, file_type;
+allow init { sysfs sys_block_sdd }:dir r_dir_perms;
+allow init { sysfs sys_block_sdd }:file r_file_perms;
+allow init { sysfs sys_block_sdd }:lnk_file read;
+
+allowxperm vendor_init { teecd_data_file }:dir ioctl { 
+  FS_IOC_GET_ENCRYPTION_POLICY
+  FS_IOC_SET_ENCRYPTION_POLICY
+};