Add security class keystore2_key. Keystore 2.0 has a different set of permission that it enforces. We introduce keystore2_key so that we can set up policy for both Keystore 1.0 and Keystore 2.0 for a gradual transition from one to the other. Bug: 158500146 Test: None Change-Id: I3dcab06d73d242d63d21883659c304dfab8bf74f Merged-In: I3dcab06d73d242d63d21883659c304dfab8bf74f

commit: 24f3dce0cad0af1a198fb579a886f146548b8d8c [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Sat Jul 25 13:08:15 2020 -0700
committer: Janis Danisevskis <jdanis@google.com> Wed Aug 05 16:11:48 2020 +0000
tree: 65cbeb1fcb1f16688ca6cfa3948c63d1a196e610
parent: c40681f1b51dbba51ed6c6a9d83805305c27252f [diff]
diff --git a/private/access_vectors b/private/access_vectors
index f41eadd..8364bc5 100644
--- a/private/access_vectors
+++ b/private/access_vectors

@@ -711,6 +711,31 @@
 	gen_unique_id
 }
 
+class keystore2
+{
+	add_auth
+	clear_ns
+	get_state
+	lock
+	reset
+	unlock
+}
+
+class keystore2_key
+{
+	delete
+	gen_unique_id
+	get_info
+	grant
+	list
+	manage_blob
+	rebind
+	req_forced_op
+	update
+	use
+	use_dev_id
+}
+
 class drmservice {
 	consumeRights
 	setPlaybackStatus

diff --git a/private/security_classes b/private/security_classes
index 04ed814..3e9bff0 100644
--- a/private/security_classes
+++ b/private/security_classes

@@ -153,8 +153,14 @@
 # hardware service manager      # userspace
 class hwservice_manager
 
-# Keystore Key
+# Legacy Keystore key permissions
 class keystore_key              # userspace
 
+# Keystore 2.0 permissions
+class keystore2                 # userspace
+
+# Keystore 2.0 key permissions
+class keystore2_key             # userspace
+
 class drmservice                # userspace
 # FLASK
commit	24f3dce0cad0af1a198fb579a886f146548b8d8c	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Sat Jul 25 13:08:15 2020 -0700
committer	Janis Danisevskis <jdanis@google.com>	Wed Aug 05 16:11:48 2020 +0000
tree	65cbeb1fcb1f16688ca6cfa3948c63d1a196e610
parent	c40681f1b51dbba51ed6c6a9d83805305c27252f [diff]