Allow keystore to access KeyAttestationApplicationIDProviderService

(cherry picked from commit 58b079a2) Bug: 22914603 Change-Id: I8ae1a786702694ca2bb8707a4c142b8a233042ee

Allow keystore to access KeyAttestationApplicationIDProviderService
61e5ccae · Janis Danisevskis · Jeffrey Vander Stoep · 2c1b02eb · 61e5ccae · 61e5ccae
Commit 61e5ccae authored 8 years ago by Janis Danisevskis Committed by Jeffrey Vander Stoep 8 years ago
--- a/keystore.te
+++ b/keystore.te
@@ -6,6 +6,7 @@ init_daemon_domain(keystore)
 typeattribute keystore mlstrustedsubject;
 binder_use(keystore)
 binder_service(keystore)
+binder_call(keystore, system_server)
 allow keystore keystore_data_file:dir create_dir_perms;
 allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
 allow keystore keystore_exec:file { getattr };
@@ -13,6 +14,7 @@ allow keystore tee_device:chr_file rw_file_perms;
 allow keystore tee:unix_stream_socket connectto;

 allow keystore keystore_service:service_manager { add find };
+allow keystore sec_key_att_app_id_provider_service:service_manager find;

 # Check SELinux permissions.
 selinux_check_access(keystore)

--- a/service.te
+++ b/service.te
@@ -96,6 +96,7 @@ type rttmanager_service, app_api_service, system_server_service, service_manager
 type samplingprofiler_service, system_server_service, service_manager_type;
 type scheduling_policy_service, system_server_service, service_manager_type;
 type search_service, app_api_service, system_server_service, service_manager_type;
+type sec_key_att_app_id_provider_service, app_api_service, system_server_service, service_manager_type;
 type sensorservice_service, app_api_service, system_server_service, service_manager_type;
 type serial_service, system_api_service, system_server_service, service_manager_type;
 type servicediscovery_service, app_api_service, system_server_service, service_manager_type;

--- a/service_contexts
+++ b/service_contexts
@@ -94,6 +94,7 @@ nfc                                       u:object_r:nfc_service:s0
 notification                              u:object_r:notification_service:s0
 otadexopt                                 u:object_r:otadexopt_service:s0
 package                                   u:object_r:package_service:s0
+sec_key_att_app_id_provider               u:object_r:sec_key_att_app_id_provider_service:s0
 permission                                u:object_r:permission_service:s0
 persistent_data_block                     u:object_r:persistent_data_block_service:s0
 phone_msim                                u:object_r:radio_service:s0