Skip to content
Snippets Groups Projects
Commit c403eb3c authored by Shawn Willden's avatar Shawn Willden Committed by android-build-merger
Browse files

Merge "Add keystore_key:attest_unique_id to priv_app." into oc-dev 

am: b36c9bcd

Change-Id: I14c5cc32b60ad5a9fd6251623aa5f4a40f2c6816
parents 62480e70 b36c9bcd
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
private/access_vectors
+ 1
0
View file @ c403eb3c
...@@ -702,6 +702,7 @@ class keystore_key ...@@ -702,6 +702,7 @@ class keystore_key
clear_uid clear_uid
add_auth add_auth
user_changed user_changed
gen_unique_id
} }
class drmservice { class drmservice {
......
private/domain.te
+ 3
0
View file @ c403eb3c
...@@ -13,3 +13,6 @@ neverallow { ...@@ -13,3 +13,6 @@ neverallow {
-system_server -system_server
userdebug_or_eng(`-perfprofd') userdebug_or_eng(`-perfprofd')
} self:capability sys_ptrace; } self:capability sys_ptrace;
# Limit ability to generate hardware unique device ID attestations to priv_apps
neverallow { domain -priv_app } *:keystore_key gen_unique_id;
private/priv_app.te
+ 3
0
View file @ c403eb3c
...@@ -114,6 +114,9 @@ allow priv_app functionfs:file rw_file_perms; ...@@ -114,6 +114,9 @@ allow priv_app functionfs:file rw_file_perms;
# TODO: narrow this to just MediaProvider # TODO: narrow this to just MediaProvider
allow priv_app mnt_media_rw_file:dir search; allow priv_app mnt_media_rw_file:dir search;
# Allow privileged apps (e.g. GMS core) to generate unique hardware IDs
allow priv_app keystore:keystore_key gen_unique_id;
read_runtime_log_tags(priv_app) read_runtime_log_tags(priv_app)
### ###
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment