From de08be8aa006c313e5025ba5f032abf786a39f71 Mon Sep 17 00:00:00 2001
From: Robin Lee <rgl@google.com>
Date: Wed, 27 Aug 2014 21:35:34 +0100
Subject: [PATCH] Allow system reset_uid, sync_uid, password_uid

Permits the system server to change keystore passwords for users other
than primary.

Bug: 16233206
Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
---
 access_vectors   | 3 +++
 system_server.te | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/access_vectors b/access_vectors
index 5e7834140..74a377c5e 100644
--- a/access_vectors
+++ b/access_vectors
@@ -914,4 +914,7 @@ class keystore_key
 	grant
 	duplicate
 	clear_uid
+	reset_uid
+	sync_uid
+	password_uid
 }
diff --git a/system_server.te b/system_server.te
index 99fb9634e..de0408827 100644
--- a/system_server.te
+++ b/system_server.te
@@ -377,6 +377,9 @@ allow system_server keystore:keystore_key {
 	grant
 	duplicate
 	clear_uid
+	reset_uid
+	sync_uid
+	password_uid
 };
 
 # Allow system server to search and write to the persistent data block device
-- 
GitLab