Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL. The credstore service is a system service which backs the android.security.identity.* Framework APIs. It essentially calls into the Identity Credential HAL while providing persistent storage for credentials. Bug: 111446262 Test: atest android.security.identity.cts Test: VtsHalIdentityTargetTest Test: android.hardware.identity-support-lib-test Change-Id: I5cd9a6ae810e764326355c0842e88c490f214c60

commit: 02bf814aa24e4b69c5fa356958f9de91badbde26 [log] [tgz]
author: David Zeuthen <zeuthen@google.com> Fri Jan 17 16:47:53 2020 -0500
committer: David Zeuthen <zeuthen@google.com> Wed Feb 19 13:46:45 2020 -0500
tree: 79d215497cc3ce307bb727f96a0694a0857e710a
parent: 429ce33777ffd92d3b0538b718761a0584d5bfe8 [diff]
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index f28757e..473907d 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil

@@ -27,6 +27,10 @@
     bq_config_prop
     charger_prop
     cold_boot_done_prop
+    credstore
+    credstore_data_file
+    credstore_exec
+    credstore_service
     platform_compat_service
     ctl_apexd_prop
     dataloader_manager_service
@@ -39,7 +43,7 @@
     gmscore_app
     hal_can_bus_hwservice
     hal_can_controller_hwservice
-    hal_identity_hwservice
+    hal_identity_service
     hal_light_service
     hal_power_service
     hal_rebootescrow_service

diff --git a/private/credstore.te b/private/credstore.te
new file mode 100644
index 0000000..8d87e2f
--- /dev/null
+++ b/private/credstore.te

@@ -0,0 +1,6 @@
+typeattribute credstore coredomain;
+
+init_daemon_domain(credstore)
+
+# talk to Identity Credential
+hal_client_domain(credstore, hal_identity)

diff --git a/private/file_contexts b/private/file_contexts
index 3955708..5a53782 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -252,6 +252,7 @@
 /system/bin/otapreopt_chroot   u:object_r:otapreopt_chroot_exec:s0
 /system/bin/otapreopt_slot   u:object_r:otapreopt_slot_exec:s0
 /system/bin/art_apex_boot_integrity   u:object_r:art_apex_boot_integrity_exec:s0
+/system/bin/credstore	u:object_r:credstore_exec:s0
 /system/bin/keystore	u:object_r:keystore_exec:s0
 /system/bin/fingerprintd u:object_r:fingerprintd_exec:s0
 /system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0
@@ -535,6 +536,7 @@
 /data/misc/incidents(/.*)?	    u:object_r:incident_data_file:s0
 /data/misc/installd(/.*)?		u:object_r:install_data_file:s0
 /data/misc/keychain(/.*)?       u:object_r:keychain_data_file:s0
+/data/misc/credstore(/.*)?       u:object_r:credstore_data_file:s0
 /data/misc/keystore(/.*)?       u:object_r:keystore_data_file:s0
 /data/misc/logd(/.*)?           u:object_r:misc_logd_file:s0
 /data/misc/media(/.*)?          u:object_r:media_data_file:s0

diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 238fd53..b2cad3f 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts

@@ -25,7 +25,6 @@
 android.hardware.camera.provider::ICameraProvider               u:object_r:hal_camera_hwservice:s0
 android.hardware.configstore::ISurfaceFlingerConfigs            u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
 android.hardware.confirmationui::IConfirmationUI                u:object_r:hal_confirmationui_hwservice:s0
-android.hardware.identity::IIdentityCredentialStore             u:object_r:hal_identity_hwservice:s0
 android.hardware.contexthub::IContexthub                        u:object_r:hal_contexthub_hwservice:s0
 android.hardware.cas::IMediaCasService                          u:object_r:hal_cas_hwservice:s0
 android.hardware.drm::ICryptoFactory                            u:object_r:hal_drm_hwservice:s0

diff --git a/private/service_contexts b/private/service_contexts
index 19d3b0d..21067ec 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -1,3 +1,4 @@
+android.hardware.identity.IIdentityCredentialStore/default           u:object_r:hal_identity_service:s0
 android.hardware.light.ILights/default                               u:object_r:hal_light_service:s0
 android.hardware.power.IPower/default                                u:object_r:hal_power_service:s0
 android.hardware.rebootescrow.IRebootEscrow/default                  u:object_r:hal_rebootescrow_service:s0
@@ -12,6 +13,7 @@
 aidl_lazy_test_2                          u:object_r:aidl_lazy_test_service:s0
 alarm                                     u:object_r:alarm_service:s0
 android.os.UpdateEngineService            u:object_r:update_engine_service:s0
+android.security.identity                 u:object_r:credstore_service:s0
 android.security.keystore                 u:object_r:keystore_service:s0
 android.service.gatekeeper.IGateKeeperService    u:object_r:gatekeeper_service:s0
 app_binding                               u:object_r:app_binding_service:s0
commit	02bf814aa24e4b69c5fa356958f9de91badbde26	[log] [tgz]
author	David Zeuthen <zeuthen@google.com>	Fri Jan 17 16:47:53 2020 -0500
committer	David Zeuthen <zeuthen@google.com>	Wed Feb 19 13:46:45 2020 -0500
tree	79d215497cc3ce307bb727f96a0694a0857e710a
parent	429ce33777ffd92d3b0538b718761a0584d5bfe8 [diff]