Rename vpnprofilestore to legacykeystore
Bug: 192555229
Bug: 191373871
Test: boot microdroid and there aren't SELinux denials
Change-Id: Ia48d5ca15341446039080168e2a130f71c828527
diff --git a/microdroid/sepolicy/system/private/service_contexts b/microdroid/sepolicy/system/private/service_contexts
index 965b688..150c89a 100644
--- a/microdroid/sepolicy/system/private/service_contexts
+++ b/microdroid/sepolicy/system/private/service_contexts
@@ -10,8 +10,8 @@
android.security.compat u:object_r:keystore_compat_hal_service:s0
android.security.identity u:object_r:credstore_service:s0
android.security.keystore u:object_r:keystore_service:s0
+android.security.legacykeystore u:object_r:legacykeystore_service:s0
android.security.maintenance u:object_r:keystore_maintenance_service:s0
android.security.remoteprovisioning u:object_r:remoteprovisioning_service:s0
-android.security.vpnprofilestore u:object_r:vpnprofilestore_service:s0
apexservice u:object_r:apex_service:s0
* u:object_r:default_android_service:s0
diff --git a/microdroid/sepolicy/system/public/domain.te b/microdroid/sepolicy/system/public/domain.te
index d84abf1..799a2f1 100644
--- a/microdroid/sepolicy/system/public/domain.te
+++ b/microdroid/sepolicy/system/public/domain.te
@@ -677,6 +677,7 @@
-credstore_service
-keystore_maintenance_service
-keystore_service
+ -legacykeystore_service
-mediadrmserver_service
-mediaextractor_service
-mediametrics_service
@@ -684,7 +685,6 @@
-nfc_service
-radio_service
-virtual_touchpad_service
- -vpnprofilestore_service
-vr_hwc_service
-vr_manager_service
userdebug_or_eng(`-hal_face_service')
diff --git a/microdroid/sepolicy/system/public/keystore.te b/microdroid/sepolicy/system/public/keystore.te
index 155322c..43ee28d 100644
--- a/microdroid/sepolicy/system/public/keystore.te
+++ b/microdroid/sepolicy/system/public/keystore.te
@@ -20,7 +20,7 @@
add_service(keystore, keystore_compat_hal_service)
add_service(keystore, authorization_service)
add_service(keystore, keystore_maintenance_service)
-add_service(keystore, vpnprofilestore_service)
+add_service(keystore, legacykeystore_service)
# Check SELinux permissions.
selinux_check_access(keystore)
diff --git a/microdroid/sepolicy/system/public/service.te b/microdroid/sepolicy/system/public/service.te
index 74dc104..365515a 100644
--- a/microdroid/sepolicy/system/public/service.te
+++ b/microdroid/sepolicy/system/public/service.te
@@ -22,6 +22,7 @@
type keystore_compat_hal_service, service_manager_type;
type keystore_maintenance_service, service_manager_type;
type keystore_service, service_manager_type;
+type legacykeystore_service, service_manager_type;
type lpdump_service, service_manager_type;
type mediaserver_service, service_manager_type;
type mediametrics_service, service_manager_type;
@@ -44,7 +45,6 @@
type virtualization_service, service_manager_type;
type virtual_touchpad_service, service_manager_type;
type vold_service, service_manager_type;
-type vpnprofilestore_service, service_manager_type;
type vr_hwc_service, service_manager_type;
type vrflinger_vsync_service, service_manager_type;
diff --git a/microdroid/sepolicy/system/public/te_macros b/microdroid/sepolicy/system/public/te_macros
index 8d15d47..7dc5062 100644
--- a/microdroid/sepolicy/system/public/te_macros
+++ b/microdroid/sepolicy/system/public/te_macros
@@ -635,7 +635,7 @@
allow keystore $1:process getattr;
allow $1 apc_service:service_manager find;
allow $1 keystore_service:service_manager find;
- allow $1 vpnprofilestore_service:service_manager find;
+ allow $1 legacykeystore_service:service_manager find;
binder_call($1, keystore)
binder_call(keystore, $1)
')