new file mode 100644
@@ -0,0 +1,30 @@
+From 3ac2d2334ebf9e225f457c93100e4686d97f1fc4 Mon Sep 17 00:00:00 2001
+From: Wenjia Zhang <wenjia.zhang@oss.qualcomm.com>
+Date: Thu, 11 Jun 2026 14:29:58 +0800
+Subject: [PATCH] Enable the tunable flag tee_supplicant_qtee
+
+Set the status of tunable flag tee_supplicant_qtee to true.
+
+Upstream-Status: Inappropriate [Embedded specific]
+
+Signed-off-by: Wenjia Zhang <wenjia.zhang@oss.qualcomm.com>
+---
+ policy/modules/services/tee_supplicant.te | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/policy/modules/services/tee_supplicant.te b/policy/modules/services/tee_supplicant.te
+index ab0cc2e8c..c3710e13e 100644
+--- a/policy/modules/services/tee_supplicant.te
++++ b/policy/modules/services/tee_supplicant.te
+@@ -10,7 +10,7 @@ policy_module(tee_supplicant)
+ ## Enable rules specific to qtee_supplicant.
+ ## </p>
+ ## </desc>
+-gen_tunable(tee_supplicant_qtee, false)
++gen_tunable(tee_supplicant_qtee, true)
+
+ type tee_supplicant_t;
+ type tee_supplicant_exec_t;
+--
+2.43.0
+
@@ -74,6 +74,7 @@ SRC_URI += " \
file://0056-policy-modules-system-setrans-allow-setrans_t-use-fd.patch \
file://0057-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch \
file://0058-policy-modules-system-logging-make-syslogd_runtime_t.patch \
+ file://0059-Enable-the-tunable-flag-tee_supplicant_qtee.patch \
"
S = "${UNPACKDIR}/refpolicy"
Set the status of tunable flag tee_supplicant_qtee to true. Signed-off-by: Wenjia Zhang <wenjia.zhang@oss.qualcomm.com> --- ...the-tunable-flag-tee_supplicant_qtee.patch | 30 +++++++++++++++++++ .../refpolicy/refpolicy_common.inc | 1 + 2 files changed, 31 insertions(+) create mode 100644 recipes-security/refpolicy/refpolicy/0059-Enable-the-tunable-flag-tee_supplicant_qtee.patch