From abc1855b0386eee4704b34551cb87021e12145fa Mon Sep 17 00:00:00 2001
From: Mekala Natarajan <mekalan@codeaurora.org>
Date: Fri, 15 Aug 2014 15:14:44 -0700
Subject: [PATCH] tee.te: set persist_path permission

DRM needs rw permission to access /persist/
for Widevine OEMCrypto V9 dependency.

Change-Id: Ibb2bd7a118e35eb70a96f2354ca542d9b3644187
---
 init.mako.rc    | 6 +++---
 sepolicy/tee.te | 5 ++---
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/init.mako.rc b/init.mako.rc
index ab427fd..85babc8 100644
--- a/init.mako.rc
+++ b/init.mako.rc
@@ -416,9 +416,9 @@ service bugreport /system/bin/dumpstate -d -p -B \
     keycodes 114 115 116
 
 service qseecomd /system/bin/qseecomd
-    class late_start
-    user system
-    group system
+    class core
+    user root
+    group root
 
 service diag_mdlog /system/bin/diag_mdlog -s 100
     class late_start
diff --git a/sepolicy/tee.te b/sepolicy/tee.te
index 44603a9..7547cab 100644
--- a/sepolicy/tee.te
+++ b/sepolicy/tee.te
@@ -10,6 +10,5 @@ allow tee drm_data_file:dir create_dir_perms;
 allow tee drm_data_file:file create_file_perms;
 
 # Access /persist/{widevine,playready}
-allow tee persist_file:dir search;
-allow tee persist_drm_file:dir r_dir_perms;
-allow tee persist_drm_file:file r_file_perms;
+allow tee persist_file:dir { add_name create_dir_perms };
+allow tee persist_file:file create_file_perms;