Add ro.keystore.boot_level_key.strategy
Bug: 241241178
Test: set property on Cuttlefish, check logs for strategy used.
Change-Id: Ifaaec811316c43fdae232f9a08c5d862011ccc71
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index a032401..40c035e 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -9,6 +9,7 @@
device_config_memory_safety_native_prop
device_config_vendor_system_native_prop
hal_bootctl_service
+ keystore_config_prop
permissive_mte_prop
servicemanager_prop
system_net_netd_service
diff --git a/private/keystore.te b/private/keystore.te
index 78c0198..8e681b1 100644
--- a/private/keystore.te
+++ b/private/keystore.te
@@ -26,6 +26,7 @@
# Keystore need access to the keystore_key context files to load the keystore key backend.
allow keystore keystore2_key_contexts_file:file r_file_perms;
+# Allow keystore to listen to changing boot levels
get_prop(keystore, keystore_listen_prop)
# Keystore needs to transfer binder references to vold so that it
diff --git a/private/property_contexts b/private/property_contexts
index 5cf27aa..ed9de36 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1323,6 +1323,9 @@
# Property that tracks keystore crash counts during a boot cycle.
keystore.crash_count u:object_r:keystore_crash_prop:s0 exact int
+# Configure the means by which we protect the L0 key from the future
+ro.keystore.boot_level_key.strategy u:object_r:keystore_config_prop:s0 exact string
+
partition.system.verified u:object_r:verity_status_prop:s0 exact string
partition.system_ext.verified u:object_r:verity_status_prop:s0 exact string
partition.product.verified u:object_r:verity_status_prop:s0 exact string