Skip to content
Snippets Groups Projects
Commit 1a640f32 authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "Allow keystore to access KeyAttestationApplicationIDProviderService"

parents 52c8adb3 61e5ccae
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
keystore.te
+ 2
0
View file @ 1a640f32
...@@ -6,6 +6,7 @@ init_daemon_domain(keystore) ...@@ -6,6 +6,7 @@ init_daemon_domain(keystore)
typeattribute keystore mlstrustedsubject; typeattribute keystore mlstrustedsubject;
binder_use(keystore) binder_use(keystore)
binder_service(keystore) binder_service(keystore)
binder_call(keystore, system_server)
allow keystore keystore_data_file:dir create_dir_perms; allow keystore keystore_data_file:dir create_dir_perms;
allow keystore keystore_data_file:notdevfile_class_set create_file_perms; allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
allow keystore keystore_exec:file { getattr }; allow keystore keystore_exec:file { getattr };
...@@ -13,6 +14,7 @@ allow keystore tee_device:chr_file rw_file_perms; ...@@ -13,6 +14,7 @@ allow keystore tee_device:chr_file rw_file_perms;
allow keystore tee:unix_stream_socket connectto; allow keystore tee:unix_stream_socket connectto;
allow keystore keystore_service:service_manager { add find }; allow keystore keystore_service:service_manager { add find };
allow keystore sec_key_att_app_id_provider_service:service_manager find;
# Check SELinux permissions. # Check SELinux permissions.
selinux_check_access(keystore) selinux_check_access(keystore)
......
service.te
+ 1
0
View file @ 1a640f32
...@@ -96,6 +96,7 @@ type rttmanager_service, app_api_service, system_server_service, service_manager ...@@ -96,6 +96,7 @@ type rttmanager_service, app_api_service, system_server_service, service_manager
type samplingprofiler_service, system_server_service, service_manager_type; type samplingprofiler_service, system_server_service, service_manager_type;
type scheduling_policy_service, system_server_service, service_manager_type; type scheduling_policy_service, system_server_service, service_manager_type;
type search_service, app_api_service, system_server_service, service_manager_type; type search_service, app_api_service, system_server_service, service_manager_type;
type sec_key_att_app_id_provider_service, app_api_service, system_server_service, service_manager_type;
type sensorservice_service, app_api_service, system_server_service, service_manager_type; type sensorservice_service, app_api_service, system_server_service, service_manager_type;
type serial_service, system_api_service, system_server_service, service_manager_type; type serial_service, system_api_service, system_server_service, service_manager_type;
type servicediscovery_service, app_api_service, system_server_service, service_manager_type; type servicediscovery_service, app_api_service, system_server_service, service_manager_type;
......
service_contexts
+ 1
0
View file @ 1a640f32
...@@ -94,6 +94,7 @@ nfc u:object_r:nfc_service:s0 ...@@ -94,6 +94,7 @@ nfc u:object_r:nfc_service:s0
notification u:object_r:notification_service:s0 notification u:object_r:notification_service:s0
otadexopt u:object_r:otadexopt_service:s0 otadexopt u:object_r:otadexopt_service:s0
package u:object_r:package_service:s0 package u:object_r:package_service:s0
sec_key_att_app_id_provider u:object_r:sec_key_att_app_id_provider_service:s0
permission u:object_r:permission_service:s0 permission u:object_r:permission_service:s0
persistent_data_block u:object_r:persistent_data_block_service:s0 persistent_data_block u:object_r:persistent_data_block_service:s0
phone_msim u:object_r:radio_service:s0 phone_msim u:object_r:radio_service:s0
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment