-
Stephen Smalley authoredAside from the keystore daemon itself, only init needs any access to keystore_data_file (in order to create and potentially restorecon /data/misc/keystore). The exceptions for the kernel and recovery domains are unnecessary; no allow rule permits this access in current policy. Change-Id: I5cf6f29ec08174017ac8f5fb36fef166ce360ca0 Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>Stephen Smalley authoredAside from the keystore daemon itself, only init needs any access to keystore_data_file (in order to create and potentially restorecon /data/misc/keystore). The exceptions for the kernel and recovery domains are unnecessary; no allow rule permits this access in current policy. Change-Id: I5cf6f29ec08174017ac8f5fb36fef166ce360ca0 Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>