diff options
| author | Tommy Chiu <tommychiu@google.com> | 2021-05-27 02:43:17 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2021-05-27 02:43:17 +0000 |
| commit | f8831e6fd4c042f2f9c18bf0beebe70929ff284b (patch) | |
| tree | e6e1014c7ada223e9327be3494e4c51fdd208a19 | |
| parent | c048d1173a2f81ee75f82ab0f4d29428d55b7af7 (diff) | |
| parent | 65bf73897e70ebedf06344df32ebb1abb2186238 (diff) | |
| download | pixel-sepolicy-f8831e6fd4c042f2f9c18bf0beebe70929ff284b.tar.gz | |
keymint: Add SharedSecret policies am: 65bf73897e
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/14660575
Change-Id: Ic5cf8ccc1d0a78b849c02b8f39b61add3dc2fefb
| -rw-r--r-- | citadel/file_contexts | 2 | ||||
| -rw-r--r-- | citadel/hal_keymint_citadel.te | 6 | ||||
| -rw-r--r-- | citadel/service_contexts | 3 |
3 files changed, 6 insertions, 5 deletions
diff --git a/citadel/file_contexts b/citadel/file_contexts index 9ee44e2..5376def 100644 --- a/citadel/file_contexts +++ b/citadel/file_contexts @@ -9,4 +9,4 @@ /vendor/bin/hw/citadeld u:object_r:citadeld_exec:s0 /vendor/bin/hw/init_citadel u:object_r:init_citadel_exec:s0 /vendor/bin/hw/wait_for_strongbox u:object_r:wait_for_strongbox_exec:s0 -/vendor/bin/hw/android.hardware.security.keymint-service.citadel u:object_r:hal_keymint_citadel_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.citadel u:object_r:hal_keymint_citadel_exec:s0 diff --git a/citadel/hal_keymint_citadel.te b/citadel/hal_keymint_citadel.te index 130306a..b08f767 100644 --- a/citadel/hal_keymint_citadel.te +++ b/citadel/hal_keymint_citadel.te @@ -1,11 +1,11 @@ type hal_keymint_citadel, domain; +hal_server_domain(hal_keymint_citadel, hal_keymint) + type hal_keymint_citadel_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_keymint_citadel) vndbinder_use(hal_keymint_citadel) binder_call(hal_keymint_citadel, citadeld) allow hal_keymint_citadel citadeld_service:service_manager find; -hal_server_domain(hal_keymint_citadel, hal_keymint) -init_daemon_domain(hal_keymint_citadel) - get_prop(hal_keymint_citadel, vendor_security_patch_level_prop) diff --git a/citadel/service_contexts b/citadel/service_contexts index 76c3122..5639b58 100644 --- a/citadel/service_contexts +++ b/citadel/service_contexts @@ -1 +1,2 @@ -android.hardware.security.keymint.IKeyMintDevice/strongbox u:object_r:hal_keymint_service:s0 +android.hardware.security.keymint.IKeyMintDevice/strongbox u:object_r:hal_keymint_service:s0 +android.hardware.security.sharedsecret.ISharedSecret/strongbox u:object_r:hal_sharedsecret_service:s0 |