From fc4cac9825380bf15e2ee5fb5fcfafe70e2dff05 Mon Sep 17 00:00:00 2001
From: SamarV-121 <samarvispute121@gmail.com>
Date: Sun, 18 Jul 2021 17:07:57 +0530
Subject: [PATCH] mobicore: Add missing vendor_file_type attribute to
 mobicore_vendor_file

 * also take away the write access from these HALs
   which are causing neverallows
 * Thanks fcuzzocrea for notifying

Change-Id: Id647d208bd9c44189935d5467ec99edb81a57e64
Signed-off-by: SamarV-121 <samarvispute121@gmail.com>
---
 tee/mobicore/common/file.te                   | 2 +-
 tee/mobicore/common/hal_gatekeeper_default.te | 2 +-
 tee/mobicore/common/hal_keymaster_default.te  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tee/mobicore/common/file.te b/tee/mobicore/common/file.te
index 479906c..beac200 100644
--- a/tee/mobicore/common/file.te
+++ b/tee/mobicore/common/file.te
@@ -1,4 +1,4 @@
 type mobicore_vendor_data_file, file_type, data_file_type;
 type mobicore_data_file, file_type, core_data_file_type, data_file_type;
 type gatekeeper_efs_file, file_type;
-type mobicore_vendor_file, file_type;
+type mobicore_vendor_file, file_type, vendor_file_type;
diff --git a/tee/mobicore/common/hal_gatekeeper_default.te b/tee/mobicore/common/hal_gatekeeper_default.te
index 0b8d003..5b017e5 100644
--- a/tee/mobicore/common/hal_gatekeeper_default.te
+++ b/tee/mobicore/common/hal_gatekeeper_default.te
@@ -3,4 +3,4 @@ allow hal_gatekeeper_default tee_device:chr_file rw_file_perms;
 
 # /vendor/app/mcRegistry/
 allow hal_gatekeeper_default mobicore_vendor_file:dir search;
-allow hal_gatekeeper_default mobicore_vendor_file:file rw_file_perms;
+allow hal_gatekeeper_default mobicore_vendor_file:file r_file_perms;
diff --git a/tee/mobicore/common/hal_keymaster_default.te b/tee/mobicore/common/hal_keymaster_default.te
index ec1add1..8d3f63d 100644
--- a/tee/mobicore/common/hal_keymaster_default.te
+++ b/tee/mobicore/common/hal_keymaster_default.te
@@ -2,4 +2,4 @@ get_prop(hal_keymaster_default, tee_prop)
 
 # /vendor/app/mcRegistry/
 allow hal_keymaster_default mobicore_vendor_file:dir search;
-allow hal_keymaster_default mobicore_vendor_file:file rw_file_perms;
+allow hal_keymaster_default mobicore_vendor_file:file r_file_perms;
-- 
2.20.1