From cc483d3af22305a88002d259e879ba812fc675d2 Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Thu, 30 Aug 2018 14:58:33 +0200
Subject: [PATCH] buildroot: optee_client: add ion group and set permissions on
 /dev/ion

If /dev/ion exists, it should be set up so that the test user can access
it. Otherwise, some tests will fail, such as xtest 1014 (Secure Data
Path). Similar to what is done for /dev/tee*, this commit configures
permissions based on a specific group: ion.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
---
 br-ext/package/optee_client/S30optee        | 5 +++++
 br-ext/package/optee_client/optee_client.mk | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/br-ext/package/optee_client/S30optee b/br-ext/package/optee_client/S30optee
index f863e09..df6129f 100755
--- a/br-ext/package/optee_client/S30optee
+++ b/br-ext/package/optee_client/S30optee
@@ -14,6 +14,11 @@ case "$1" in
 		chown root:tee /dev/teepriv0 && chmod 0660 /dev/teepriv0 && \
 			chown root:teeclnt /dev/tee0 && chmod 0660 /dev/tee0
 		[ $? = 0 ] && echo "OK" || echo "FAIL"
+		if [ -e /dev/ion ]; then
+			printf "Setting permissions on /dev/ion... "
+			chown root:ion /dev/ion && chmod 0660 /dev/ion
+			[ $? = 0 ] && echo "OK" || echo "FAIL"
+		fi
 		printf "Starting tee-supplicant... "
 		su tee -c '/usr/sbin/tee-supplicant -d'
 		[ $? = 0 ] && echo "OK" || echo "FAIL"
diff --git a/br-ext/package/optee_client/optee_client.mk b/br-ext/package/optee_client/optee_client.mk
index 420e5fd..18dd799 100644
--- a/br-ext/package/optee_client/optee_client.mk
+++ b/br-ext/package/optee_client/optee_client.mk
@@ -20,10 +20,12 @@ endef
 # User tee is used to run tee-supplicant because access to /dev/teepriv0 is
 # restricted to group tee.
 # Any user in group teeclnt (such as test) may run client applications.
+# Any user in group ion may access /dev/ion
 define OPTEE_CLIENT_USERS
 	tee -1 tee -1 * - /bin/sh - TEE user
 	- -1 teeclnt -1 - - - - TEE users group
-	test -1 test -1 - - /bin/sh teeclnt Test user, may run TEE client applications
+	- -1 ion -1 - - - - ION users group
+	test -1 test -1 - - /bin/sh teeclnt,ion Test user, may run TEE client applications
 endef
 
 define OPTEE_CLIENT_PERMISSIONS
-- 
GitLab