From 6af7af151b1927afbe4c9e5f74e415d1c4594ae5 Mon Sep 17 00:00:00 2001 From: Paul Crowley <paulcrowley@google.com> Date: Tue, 8 May 2018 15:45:38 -0700 Subject: [PATCH] Add wait_for_keymaster Bug: 79228237 Test: audit2allow finds no relevant denials on boot Change-Id: Ia80b77ba9a1ec2354127cd0ef68d50ebcf593fb0 --- prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil | 3 +++ prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil | 3 +++ prebuilts/api/28.0/private/file_contexts | 1 + prebuilts/api/28.0/private/wait_for_keymaster.te | 9 +++++++++ private/compat/26.0/26.0.ignore.cil | 3 +++ private/compat/27.0/27.0.ignore.cil | 3 +++ private/file_contexts | 1 + private/wait_for_keymaster.te | 9 +++++++++ 8 files changed, 32 insertions(+) create mode 100644 prebuilts/api/28.0/private/wait_for_keymaster.te create mode 100644 private/wait_for_keymaster.te diff --git a/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil b/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil index 3d243d419..461e6b61d 100644 --- a/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil +++ b/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil @@ -133,6 +133,9 @@ vold_prepare_subdirs vold_prepare_subdirs_exec vold_service + wait_for_keymaster + wait_for_keymaster_exec + wait_for_keymaster_tmpfs wpantund wpantund_exec wpantund_service diff --git a/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil b/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil index dbb277bd9..839ee0a84 100644 --- a/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil +++ b/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil @@ -111,6 +111,9 @@ vold_prepare_subdirs vold_prepare_subdirs_exec vold_service + wait_for_keymaster + wait_for_keymaster_exec + wait_for_keymaster_tmpfs wm_trace_data_file wpantund wpantund_exec diff --git a/prebuilts/api/28.0/private/file_contexts b/prebuilts/api/28.0/private/file_contexts index 71bff7365..3dfb8a649 100644 --- a/prebuilts/api/28.0/private/file_contexts +++ b/prebuilts/api/28.0/private/file_contexts @@ -292,6 +292,7 @@ /system/bin/stats u:object_r:stats_exec:s0 /system/bin/statsd u:object_r:statsd_exec:s0 /system/bin/bpfloader u:object_r:bpfloader_exec:s0 +/system/bin/wait_for_keymaster u:object_r:wait_for_keymaster_exec:s0 ############################# # Vendor files diff --git a/prebuilts/api/28.0/private/wait_for_keymaster.te b/prebuilts/api/28.0/private/wait_for_keymaster.te new file mode 100644 index 000000000..8b8dd2927 --- /dev/null +++ b/prebuilts/api/28.0/private/wait_for_keymaster.te @@ -0,0 +1,9 @@ +# wait_for_keymaster service +type wait_for_keymaster, domain, coredomain; +type wait_for_keymaster_exec, exec_type, file_type; + +init_daemon_domain(wait_for_keymaster) + +hal_client_domain(wait_for_keymaster, hal_keymaster) + +allow wait_for_keymaster kmsg_device:chr_file w_file_perms; diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil index 3d243d419..461e6b61d 100644 --- a/private/compat/26.0/26.0.ignore.cil +++ b/private/compat/26.0/26.0.ignore.cil @@ -133,6 +133,9 @@ vold_prepare_subdirs vold_prepare_subdirs_exec vold_service + wait_for_keymaster + wait_for_keymaster_exec + wait_for_keymaster_tmpfs wpantund wpantund_exec wpantund_service diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil index dbb277bd9..839ee0a84 100644 --- a/private/compat/27.0/27.0.ignore.cil +++ b/private/compat/27.0/27.0.ignore.cil @@ -111,6 +111,9 @@ vold_prepare_subdirs vold_prepare_subdirs_exec vold_service + wait_for_keymaster + wait_for_keymaster_exec + wait_for_keymaster_tmpfs wm_trace_data_file wpantund wpantund_exec diff --git a/private/file_contexts b/private/file_contexts index 71bff7365..3dfb8a649 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -292,6 +292,7 @@ /system/bin/stats u:object_r:stats_exec:s0 /system/bin/statsd u:object_r:statsd_exec:s0 /system/bin/bpfloader u:object_r:bpfloader_exec:s0 +/system/bin/wait_for_keymaster u:object_r:wait_for_keymaster_exec:s0 ############################# # Vendor files diff --git a/private/wait_for_keymaster.te b/private/wait_for_keymaster.te new file mode 100644 index 000000000..8b8dd2927 --- /dev/null +++ b/private/wait_for_keymaster.te @@ -0,0 +1,9 @@ +# wait_for_keymaster service +type wait_for_keymaster, domain, coredomain; +type wait_for_keymaster_exec, exec_type, file_type; + +init_daemon_domain(wait_for_keymaster) + +hal_client_domain(wait_for_keymaster, hal_keymaster) + +allow wait_for_keymaster kmsg_device:chr_file w_file_perms; -- GitLab