Allow platform_app access to keystore.

Encountered when certinstaller tries to talk to keystore: ComponentInfo{com.android.certinstaller/com.android.certinstaller.CertInstaller}: java.lang.NullPointerException: Attempt to invoke interface method 'int android.security.IKeystoreService.test()' on a null object reference Address the following denial: avc: denied { find } for service=android.security.keystore scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:keystore_service:s0 tclass=service_manager Bug: 19347232 Change-Id: I35b46da3c78b384cf04216be937c6b5bfa86452d

Allow platform_app access to keystore.
6a2451b5 · dcashman · e4da594d · 6a2451b5 · 6a2451b5 · 6a2451b5
Commit 6a2451b5 authored 10 years ago by dcashman
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -50,7 +50,6 @@ allow bluetooth pan_result_prop:property_service set;
 allow bluetooth ctl_dhcp_pan_prop:property_service set;
 allow bluetooth bluetooth_service:service_manager find;
-allow bluetooth keystore_service:service_manager find;
 allow bluetooth mediaserver_service:service_manager find;
 allow bluetooth radio_service:service_manager find;
 allow bluetooth surfaceflinger_service:service_manager find;

--- a/system_app.te
+++ b/system_app.te
@@ -48,7 +48,6 @@ allow system_app anr_data_file:file create_file_perms;
 # Settings need to access app name and icon from asec
 allow system_app asec_apk_file:file r_file_perms;
-allow system_app keystore_service:service_manager find;
 allow system_app mediaserver_service:service_manager find;
 allow system_app nfc_service:service_manager find;
 allow system_app radio_service:service_manager find;

--- a/te_macros
+++ b/te_macros
@@ -336,6 +336,7 @@ define(`use_keystore', `
  allow keystore $1:dir search;
  allow keystore $1:file { read open };
  allow keystore $1:process getattr;
+  allow $1 keystore_service:service_manager find;
  binder_call($1, keystore)
 ')

--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -64,7 +64,6 @@ allow untrusted_app cache_file:dir create_dir_perms;
 allow untrusted_app cache_file:file create_file_perms;
 allow untrusted_app drmserver_service:service_manager find;
-allow untrusted_app keystore_service:service_manager find;
 allow untrusted_app mediaserver_service:service_manager find;
 allow untrusted_app nfc_service:service_manager find;
 allow untrusted_app radio_service:service_manager find;