1 files changed, 17 insertions, 5 deletions

diff --git a/security/tpm2-abrmd/files/patch-dist_tpm2-abrmd.conf b/security/tpm2-abrmd/files/patch-dist_tpm2-abrmd.conf
index 755942458792..29c02ab9640d 100644
--- a/security/tpm2-abrmd/files/patch-dist_tpm2-abrmd.conf
+++ b/security/tpm2-abrmd/files/patch-dist_tpm2-abrmd.conf
@@ -1,25 +1,37 @@
 --- dist/tpm2-abrmd.conf.orig	2022-05-09 15:39:53 UTC
 +++ dist/tpm2-abrmd.conf
-@@ -2,7 +2,7 @@
+@@ -2,27 +2,25 @@
   "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
  <busconfig>
    <!-- ../system.conf have denied everything, so we just punch some holes -->
 -  <policy user="tss">
-+  <policy user="_tss">
-     <allow own="com.intel.tss2.Tabrmd"/>
-   </policy>
+-    <allow own="com.intel.tss2.Tabrmd"/>
+-  </policy>
+-  <policy user="root">
+-    <allow own="com.intel.tss2.Tabrmd"/>
+-  </policy>
+   <!-- Match /dev/tpmrm0 permissions tss tss 0660 -->
    <policy user="root">
-@@ -17,11 +17,11 @@
      <allow send_destination="com.intel.tss2.Tabrmd"/>
      <allow receive_sender="com.intel.tss2.Tabrmd"/>
++    <allow own="com.intel.tss2.Tabrmd"/>
+   </policy>
+-  <policy group="root">
++  <policy group="wheel">
+     <allow send_destination="com.intel.tss2.Tabrmd"/>
+     <allow receive_sender="com.intel.tss2.Tabrmd"/>
++    <allow own="com.intel.tss2.Tabrmd"/>
    </policy>
 -  <policy user="tss">
 +  <policy user="_tss">
      <allow send_destination="com.intel.tss2.Tabrmd"/>
      <allow receive_sender="com.intel.tss2.Tabrmd"/>
++    <allow own="com.intel.tss2.Tabrmd"/>
    </policy>
 -  <policy group="tss">
 +  <policy group="_tss">
      <allow send_destination="com.intel.tss2.Tabrmd"/>
      <allow receive_sender="com.intel.tss2.Tabrmd"/>
++    <allow own="com.intel.tss2.Tabrmd"/>
    </policy>
+ </busconfig>