Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 144c822018006244e6cb4f3a538fbb13df56d058^! / . / private
commit144c822018006244e6cb4f3a538fbb13df56d058[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Thu Sep 24 08:55:28 2020 -0700
committerXin Li <delphij@google.com>Thu Oct 01 05:33:31 2020 +0000
treef52ce32ec3ca6eb0c0473ac0cec9addc8e6a7fa8
parentcc932836c1d7266171d644f4a74a2030824602dd [diff]
Move list permission from keystore2_key to keystore class.

The list permission protects the ability to list arbitrary namespaces.
This is not a namespace specific permission but a Keystore specific
permission. Listing the entries of a given namsepace is covered by the
get_info permission already.

Ignore-AOSP-First: This needs to land in googleplex first to updated
                   prebuilt vendor images. Otherwise it breaks
                   aosp-with-phone builds.
Test: N/A
Change-Id: If6e79fd863a79acf8d8ab10c6362a4eeaa88a5b8

diff --git a/private/access_vectors b/private/access_vectors
index 8364bc5..1420360 100644
--- a/private/access_vectors
+++ b/private/access_vectors

@@ -716,6 +716,7 @@
 	add_auth
 	clear_ns
 	get_state
+	list
 	lock
 	reset
 	unlock
@@ -727,7 +728,6 @@
 	gen_unique_id
 	get_info
 	grant
-	list
 	manage_blob
 	rebind
 	req_forced_op

diff --git a/private/binderservicedomain.te b/private/binderservicedomain.te
index cbe8ed7..7275954 100644
--- a/private/binderservicedomain.te
+++ b/private/binderservicedomain.te

@@ -19,6 +19,6 @@
 
 allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
 allow binderservicedomain keystore:keystore2 { get_state };
-allow binderservicedomain keystore:keystore2_key { delete get_info list rebind use };
+allow binderservicedomain keystore:keystore2_key { delete get_info rebind use };
 
 use_keystore(binderservicedomain)

diff --git a/private/shell.te b/private/shell.te
index a392665..dff6a9f 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -152,4 +152,4 @@
 allow shell keystore2_key_contexts_file:file r_file_perms;
 
 # Allow shell to access the keystore2_key namespace shell_key. Mainly used for native tests.
-allow shell shell_key:keystore2_key { delete rebind use get_info list update };
+allow shell shell_key:keystore2_key { delete rebind use get_info update };

diff --git a/private/system_app.te b/private/system_app.te
index 9298937..8fafce0 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -139,7 +139,6 @@
     delete
     get_info
     grant
-    list
     rebind
     update
     use

diff --git a/private/system_server.te b/private/system_server.te
index f344bbb..dcdf501 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -837,7 +837,6 @@
 	use_dev_id
 	grant
 	get_info
-	list
 	rebind
 	update
 	use

diff --git a/private/vold.te b/private/vold.te
index ce451ac..0f464a9 100644
--- a/private/vold.te
+++ b/private/vold.te

@@ -37,7 +37,6 @@
 allow vold vold_key:keystore2_key {
     delete
     get_info
-    list
     manage_blob
     rebind
     req_forced_op