identity: Add sepolicy permission for hal_identity_citadel to find hal_remotelyprovisionedcomponent_service

log: SELinux : avc: denied { find } for pid=885 uid=9999 name=android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox scontext=u:r:hal_identity_citadel:s0 tcontext=u:object_r:hal_remotelyprovisionedcomponent_service:s0 tclass=service_manager permissive=0 Bug: 218613398 Change-Id: I124ea5898609a3f68bee13b6db931878252d4081
author: Joseph Jang <josephjang@google.com> 2022-02-23 05:45:43 +0000
committer: Joseph Jang <josephjang@google.com> 2022-02-23 06:38:35 +0000
commit: 2bd2edf7ef28347a8373da7841727233e746f9e5 (patch)
tree: 11f33d56a7801992b0f3839c1ff0d5321802c363
parent: e1b4421a796e7635b4af93132a70a62d324eeec7 (diff)
download: pixel-sepolicy-2bd2edf7ef28347a8373da7841727233e746f9e5.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/citadel/hal_identity_citadel.te b/citadel/hal_identity_citadel.te
index e29310c..c181e27 100644
--- a/citadel/hal_identity_citadel.te
+++ b/citadel/hal_identity_citadel.te
@@ -4,6 +4,8 @@ type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type;
 vndbinder_use(hal_identity_citadel)
 binder_call(hal_identity_citadel, citadeld)
 allow hal_identity_citadel citadeld_service:service_manager find;
+allow hal_identity_citadel hal_keymint_citadel:binder call;
 
 hal_server_domain(hal_identity_citadel, hal_identity)
+hal_server_domain(hal_identity_citadel, hal_keymint)
 init_daemon_domain(hal_identity_citadel)
author	Joseph Jang <josephjang@google.com>	2022-02-23 05:45:43 +0000
committer	Joseph Jang <josephjang@google.com>	2022-02-23 06:38:35 +0000
commit	2bd2edf7ef28347a8373da7841727233e746f9e5 (patch)
tree	11f33d56a7801992b0f3839c1ff0d5321802c363
parent	e1b4421a796e7635b4af93132a70a62d324eeec7 (diff)
download	pixel-sepolicy-2bd2edf7ef28347a8373da7841727233e746f9e5.tar.gz