diff options
author | Joseph Jang <josephjang@google.com> | 2022-02-23 05:45:43 +0000 |
---|---|---|
committer | Joseph Jang <josephjang@google.com> | 2022-02-23 06:38:35 +0000 |
commit | 2bd2edf7ef28347a8373da7841727233e746f9e5 (patch) | |
tree | 11f33d56a7801992b0f3839c1ff0d5321802c363 | |
parent | e1b4421a796e7635b4af93132a70a62d324eeec7 (diff) | |
download | pixel-sepolicy-2bd2edf7ef28347a8373da7841727233e746f9e5.tar.gz |
identity: Add sepolicy permission for hal_identity_citadel to find hal_remotelyprovisionedcomponent_service
log:
SELinux : avc: denied { find } for pid=885 uid=9999
name=android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox
scontext=u:r:hal_identity_citadel:s0
tcontext=u:object_r:hal_remotelyprovisionedcomponent_service:s0
tclass=service_manager permissive=0
Bug: 218613398
Change-Id: I124ea5898609a3f68bee13b6db931878252d4081
-rw-r--r-- | citadel/hal_identity_citadel.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/citadel/hal_identity_citadel.te b/citadel/hal_identity_citadel.te index e29310c..c181e27 100644 --- a/citadel/hal_identity_citadel.te +++ b/citadel/hal_identity_citadel.te @@ -4,6 +4,8 @@ type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type; vndbinder_use(hal_identity_citadel) binder_call(hal_identity_citadel, citadeld) allow hal_identity_citadel citadeld_service:service_manager find; +allow hal_identity_citadel hal_keymint_citadel:binder call; hal_server_domain(hal_identity_citadel, hal_identity) +hal_server_domain(hal_identity_citadel, hal_keymint) init_daemon_domain(hal_identity_citadel) |