mirrors/meta-arm
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-05-07 16:59:30 +00:00
Code Issues Projects Releases Wiki Activity

libts: tee-udev.rules: Change ownership to tee group

Browse Source 
tee and teeclnt are there to avoid running client applications (CAs) and
tee-supplicant as root.

- The teeclnt group stands for "TEE client" and is for CAs (CAs need
  access to /dev/tee[0-9]* but not /dev/teepriv[0-9]*).

- tee is just for tee-supplicant to open its device /dev/teepriv[0-9]*.
  No other process is supposed to open that one.

Signed-off-by: Javier Tia <javier.tia@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Javier Tia
2023-09-18 21:04:52 +02:00
committed by Jon Mason
parent 4fb79a2f7c
commit 0221098739
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-arm/recipes-security/trusted-services/libts/tee-udev.rules
+1 -1
View File
@@ -3,5 +3,5 @@ KERNEL=="tee[0-9]*", TAG+="systemd", MODE="0660", GROUP="teeclnt"
# If a /dev/teepriv[0-9]* device is detected, start an instance of
# tee-supplicant.service with the device name as parameter
KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="teeclnt", \
KERNEL=="teepriv[0-9]*", MODE="0660", OWNER="root", GROUP="tee", \
TAG+="systemd", ENV{SYSTEMD_WANTS}+="tee-supplicant@%k.service"