From 61e5ccae9ea55fea77dbb3ce55e348c9d4f64422 Mon Sep 17 00:00:00 2001
From: Janis Danisevskis <jdanis@google.com>
Date: Fri, 3 Jun 2016 11:36:41 -0700
Subject: [PATCH] Allow keystore to access
 KeyAttestationApplicationIDProviderService

(cherry picked from commit 58b079a25961d15e8ff24342a7ba51bf125e7469)

Bug: 22914603
Change-Id: I8ae1a786702694ca2bb8707a4c142b8a233042ee
---
 keystore.te      | 2 ++
 service.te       | 1 +
 service_contexts | 1 +
 3 files changed, 4 insertions(+)

diff --git a/keystore.te b/keystore.te
index bb2e9d891..3d7bd9210 100644
--- a/keystore.te
+++ b/keystore.te
@@ -6,6 +6,7 @@ init_daemon_domain(keystore)
 typeattribute keystore mlstrustedsubject;
 binder_use(keystore)
 binder_service(keystore)
+binder_call(keystore, system_server)
 allow keystore keystore_data_file:dir create_dir_perms;
 allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
 allow keystore keystore_exec:file { getattr };
@@ -13,6 +14,7 @@ allow keystore tee_device:chr_file rw_file_perms;
 allow keystore tee:unix_stream_socket connectto;
 
 allow keystore keystore_service:service_manager { add find };
+allow keystore sec_key_att_app_id_provider_service:service_manager find;
 
 # Check SELinux permissions.
 selinux_check_access(keystore)
diff --git a/service.te b/service.te
index c65272d86..50aef266f 100644
--- a/service.te
+++ b/service.te
@@ -96,6 +96,7 @@ type rttmanager_service, app_api_service, system_server_service, service_manager
 type samplingprofiler_service, system_server_service, service_manager_type;
 type scheduling_policy_service, system_server_service, service_manager_type;
 type search_service, app_api_service, system_server_service, service_manager_type;
+type sec_key_att_app_id_provider_service, app_api_service, system_server_service, service_manager_type;
 type sensorservice_service, app_api_service, system_server_service, service_manager_type;
 type serial_service, system_api_service, system_server_service, service_manager_type;
 type servicediscovery_service, app_api_service, system_server_service, service_manager_type;
diff --git a/service_contexts b/service_contexts
index b73552931..c0dfd2be4 100644
--- a/service_contexts
+++ b/service_contexts
@@ -94,6 +94,7 @@ nfc                                       u:object_r:nfc_service:s0
 notification                              u:object_r:notification_service:s0
 otadexopt                                 u:object_r:otadexopt_service:s0
 package                                   u:object_r:package_service:s0
+sec_key_att_app_id_provider               u:object_r:sec_key_att_app_id_provider_service:s0
 permission                                u:object_r:permission_service:s0
 persistent_data_block                     u:object_r:persistent_data_block_service:s0
 phone_msim                                u:object_r:radio_service:s0
-- 
GitLab