commit 7021f3f04092a5d349e4915ba0d78d70c558d2b3
author Tommy Chiu <tommychiu@google.com> Mon Feb 22 23:09:51 2021 +0800
committer Tommy Chiu <tommychiu@google.com> Mon Feb 22 23:19:37 2021 +0800
tree 94c6c0f3f47e7e4858bb7f41074ed15818cc1deb
parent 43132d1dfc40f5520c856b15c6b6d1ad674a54c7

[Keymint] Add sepolicy for keymint-citadel service

Bug: 179459878
Change-Id: Ia551606941f14c01a22e7e47b510f2edc88ef3b6

citadel/file_contexts

diff --git a/citadel/file_contexts b/citadel/file_contexts
index fd80454..9ee44e2 100644
--- a/citadel/file_contexts
+++ b/citadel/file_contexts
@@ -9,3 +9,4 @@
 /vendor/bin/hw/citadeld                                            u:object_r:citadeld_exec:s0
 /vendor/bin/hw/init_citadel                                        u:object_r:init_citadel_exec:s0
 /vendor/bin/hw/wait_for_strongbox                                  u:object_r:wait_for_strongbox_exec:s0
+/vendor/bin/hw/android.hardware.security.keymint-service.citadel   u:object_r:hal_keymint_citadel_exec:s0

citadel/hal_keymint_citadel.te

diff --git a/citadel/hal_keymint_citadel.te b/citadel/hal_keymint_citadel.te
new file mode 100644
index 0000000..130306a
--- /dev/null
+++ b/citadel/hal_keymint_citadel.te
@@ -0,0 +1,11 @@
+type hal_keymint_citadel, domain;
+type hal_keymint_citadel_exec, exec_type, vendor_file_type, file_type;
+
+vndbinder_use(hal_keymint_citadel)
+binder_call(hal_keymint_citadel, citadeld)
+allow hal_keymint_citadel citadeld_service:service_manager find;
+
+hal_server_domain(hal_keymint_citadel, hal_keymint)
+init_daemon_domain(hal_keymint_citadel)
+
+get_prop(hal_keymint_citadel, vendor_security_patch_level_prop)