commit 02bf814aa24e4b69c5fa356958f9de91badbde26
author David Zeuthen <zeuthen@google.com> Fri Jan 17 16:47:53 2020 -0500
committer David Zeuthen <zeuthen@google.com> Wed Feb 19 13:46:45 2020 -0500
tree 79d215497cc3ce307bb727f96a0694a0857e710a
parent 429ce33777ffd92d3b0538b718761a0584d5bfe8

Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL.

The credstore service is a system service which backs the
android.security.identity.* Framework APIs. It essentially calls into
the Identity Credential HAL while providing persistent storage for
credentials.

Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I5cd9a6ae810e764326355c0842e88c490f214c60

private/service_contexts

diff --git a/private/service_contexts b/private/service_contexts
index 19d3b0d..21067ec 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,3 +1,4 @@
+android.hardware.identity.IIdentityCredentialStore/default           u:object_r:hal_identity_service:s0
 android.hardware.light.ILights/default                               u:object_r:hal_light_service:s0
 android.hardware.power.IPower/default                                u:object_r:hal_power_service:s0
 android.hardware.rebootescrow.IRebootEscrow/default                  u:object_r:hal_rebootescrow_service:s0
@@ -12,6 +13,7 @@
 aidl_lazy_test_2                          u:object_r:aidl_lazy_test_service:s0
 alarm                                     u:object_r:alarm_service:s0
 android.os.UpdateEngineService            u:object_r:update_engine_service:s0
+android.security.identity                 u:object_r:credstore_service:s0
 android.security.keystore                 u:object_r:keystore_service:s0
 android.service.gatekeeper.IGateKeeperService    u:object_r:gatekeeper_service:s0
 app_binding                               u:object_r:app_binding_service:s0