Add policy for property ro.android.security.keystore2.enable Bug: 171563717 Bug: 171305684 Test: N/A Change-Id: I323081fd2ce2fee80951c3d1e19b9935e4596705

commit: 202e8636ac025fb6d0e293889f106ffab81820af [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Fri Oct 23 11:16:34 2020 -0700
committer: Janis Danisevskis <jdanis@google.com> Tue Oct 27 09:49:18 2020 -0700
tree: df7232e0ec428de731ac801eefbd900a056936c6
parent: 45ac6e84000bf04f8fd1b1aee226f0499e0c81fa [diff] [blame]
diff --git a/private/property.te b/private/property.te
index 80966dc..bf73c3d 100644
--- a/private/property.te
+++ b/private/property.te

@@ -20,6 +20,9 @@
 system_internal_prop(userspace_reboot_log_prop)
 system_internal_prop(userspace_reboot_test_prop)
 
+# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
+system_internal_prop(keystore2_enable_prop)
+
 ###
 ### Neverallow rules
 ###
@@ -470,3 +473,12 @@
 } {
   lower_kptr_restrict_prop
 }:property_service set;
+
+# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
+neverallow {
+  -init
+  -dumpstate
+  -system_app
+  -system_server
+  -zygote
+} keystore2_enable_prop:file no_rw_file_perms;
commit	202e8636ac025fb6d0e293889f106ffab81820af	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Fri Oct 23 11:16:34 2020 -0700
committer	Janis Danisevskis <jdanis@google.com>	Tue Oct 27 09:49:18 2020 -0700
tree	df7232e0ec428de731ac801eefbd900a056936c6
parent	45ac6e84000bf04f8fd1b1aee226f0499e0c81fa [diff] [blame]