Skip to content
Snippets Groups Projects
Commit 61e5ccae authored by Janis Danisevskis's avatar Janis Danisevskis Committed by Jeffrey Vander Stoep
Browse files

Allow keystore to access KeyAttestationApplicationIDProviderService 

(cherry picked from commit 58b079a2)

Bug: 22914603
Change-Id: I8ae1a786702694ca2bb8707a4c142b8a233042ee
parent 2c1b02eb
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
keystore.te
+ 2
0
View file @ 61e5ccae
...@@ -6,6 +6,7 @@ init_daemon_domain(keystore) ...@@ -6,6 +6,7 @@ init_daemon_domain(keystore)
typeattribute keystore mlstrustedsubject; typeattribute keystore mlstrustedsubject;
binder_use(keystore) binder_use(keystore)
binder_service(keystore) binder_service(keystore)
binder_call(keystore, system_server)
allow keystore keystore_data_file:dir create_dir_perms; allow keystore keystore_data_file:dir create_dir_perms;
allow keystore keystore_data_file:notdevfile_class_set create_file_perms; allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
allow keystore keystore_exec:file { getattr }; allow keystore keystore_exec:file { getattr };
...@@ -13,6 +14,7 @@ allow keystore tee_device:chr_file rw_file_perms; ...@@ -13,6 +14,7 @@ allow keystore tee_device:chr_file rw_file_perms;
allow keystore tee:unix_stream_socket connectto; allow keystore tee:unix_stream_socket connectto;
allow keystore keystore_service:service_manager { add find }; allow keystore keystore_service:service_manager { add find };
allow keystore sec_key_att_app_id_provider_service:service_manager find;
# Check SELinux permissions. # Check SELinux permissions.
selinux_check_access(keystore) selinux_check_access(keystore)
......
service.te
+ 1
0
View file @ 61e5ccae
...@@ -96,6 +96,7 @@ type rttmanager_service, app_api_service, system_server_service, service_manager ...@@ -96,6 +96,7 @@ type rttmanager_service, app_api_service, system_server_service, service_manager
type samplingprofiler_service, system_server_service, service_manager_type; type samplingprofiler_service, system_server_service, service_manager_type;
type scheduling_policy_service, system_server_service, service_manager_type; type scheduling_policy_service, system_server_service, service_manager_type;
type search_service, app_api_service, system_server_service, service_manager_type; type search_service, app_api_service, system_server_service, service_manager_type;
type sec_key_att_app_id_provider_service, app_api_service, system_server_service, service_manager_type;
type sensorservice_service, app_api_service, system_server_service, service_manager_type; type sensorservice_service, app_api_service, system_server_service, service_manager_type;
type serial_service, system_api_service, system_server_service, service_manager_type; type serial_service, system_api_service, system_server_service, service_manager_type;
type servicediscovery_service, app_api_service, system_server_service, service_manager_type; type servicediscovery_service, app_api_service, system_server_service, service_manager_type;
......
service_contexts
+ 1
0
View file @ 61e5ccae
...@@ -94,6 +94,7 @@ nfc u:object_r:nfc_service:s0 ...@@ -94,6 +94,7 @@ nfc u:object_r:nfc_service:s0
notification u:object_r:notification_service:s0 notification u:object_r:notification_service:s0
otadexopt u:object_r:otadexopt_service:s0 otadexopt u:object_r:otadexopt_service:s0
package u:object_r:package_service:s0 package u:object_r:package_service:s0
sec_key_att_app_id_provider u:object_r:sec_key_att_app_id_provider_service:s0
permission u:object_r:permission_service:s0 permission u:object_r:permission_service:s0
persistent_data_block u:object_r:persistent_data_block_service:s0 persistent_data_block u:object_r:persistent_data_block_service:s0
phone_msim u:object_r:radio_service:s0 phone_msim u:object_r:radio_service:s0
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment