From 8927772caa421f1c9ccc80337527e039353d65dd Mon Sep 17 00:00:00 2001
From: Chad Brubaker <cbrubaker@google.com>
Date: Tue, 31 Mar 2015 13:03:06 -0700
Subject: [PATCH] Add keystore add_auth

This is for the new addAuthToken keystore method from
I7f7647d9a36ea453ec6d62fc84087ca8f76e53dd. These tokens will be used to
authorize keymaster operations. The tokens are HMAC'd and so shouldn't
be fakeable but this is still limited to system_server only.

Change-Id: I3ff46b676ecac8a878d3aa0a25ba9a8b0c5e1f47
---
 access_vectors   | 1 +
 system_server.te | 1 +
 2 files changed, 2 insertions(+)

diff --git a/access_vectors b/access_vectors
index 43b81e9f4..65b7e2226 100644
--- a/access_vectors
+++ b/access_vectors
@@ -909,6 +909,7 @@ class keystore_key
 	reset_uid
 	sync_uid
 	password_uid
+	add_auth
 }
 
 class debuggerd
diff --git a/system_server.te b/system_server.te
index 36fbacead..e967adb8b 100644
--- a/system_server.te
+++ b/system_server.te
@@ -455,6 +455,7 @@ allow system_server keystore:keystore_key {
 	reset_uid
 	sync_uid
 	password_uid
+	add_auth
 };
 
 # Allow system server to search and write to the persistent factory reset
-- 
GitLab