commit 291bc98a3643de711108eeb6c9ac9809d0888f89
author Janis Danisevskis <jdanis@google.com> Thu Jan 28 11:21:22 2021 -0800
committer Janis Danisevskis <jdanis@google.com> Tue Feb 23 13:24:52 2021 -0800
tree ebc2f3b97469490fb63ad8dbd41a5950f0c57dd4
parent e35b49bd1680d56d771389d5fc7f915a2b553e89

Keystore 2.0: Add policy for vpnprofilestore

Test: N/A
Change-Id: Iba6ca7be95dfcead8ce8ee17d6a6d78a5441d58f

private/compat/30.0/30.0.ignore.cil

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index bf02085..78b2f21 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -112,6 +112,7 @@
     vcn_management_service
     vibrator_manager_service
     vpn_management_service
+    vpnprofilestore_service
     watchdog_metadata_file
     wifi_key
     zygote_config_prop))

private/service_contexts

diff --git a/private/service_contexts b/private/service_contexts
index db56651..f522323 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -37,6 +37,7 @@
 android.security.keystore                 u:object_r:keystore_service:s0
 android.security.remoteprovisioning       u:object_r:remoteprovisioning_service:s0
 android.security.usermanager              u:object_r:usermanager_service:s0
+android.security.vpnprofilestore          u:object_r:vpnprofilestore_service:s0
 android.service.gatekeeper.IGateKeeperService    u:object_r:gatekeeper_service:s0
 android.system.keystore2                  u:object_r:keystore_service:s0
 app_binding                               u:object_r:app_binding_service:s0

public/domain.te

diff --git a/public/domain.te b/public/domain.te
index 81163d1..3666fbc 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -685,6 +685,7 @@
     -nfc_service
     -radio_service
     -virtual_touchpad_service
+    -vpnprofilestore_service
     -vr_hwc_service
     -vr_manager_service
     userdebug_or_eng(`-hal_face_service')

public/keystore.te

diff --git a/public/keystore.te b/public/keystore.te
index f70fb2c..ae7ed91 100644
--- a/public/keystore.te
+++ b/public/keystore.te
@@ -20,6 +20,7 @@
 add_service(keystore, keystore_compat_hal_service)
 add_service(keystore, authorization_service)
 add_service(keystore, usermanager_service)
+add_service(keystore, vpnprofilestore_service)
 
 # Check SELinux permissions.
 selinux_check_access(keystore)

public/service.te

diff --git a/public/service.te b/public/service.te
index 4a0b728..f6a47bc 100644
--- a/public/service.te
+++ b/public/service.te
@@ -42,6 +42,7 @@
 type usermanager_service,       service_manager_type;
 type virtual_touchpad_service,  service_manager_type;
 type vold_service,              service_manager_type;
+type vpnprofilestore_service,   service_manager_type;
 type vr_hwc_service,            service_manager_type;
 type vrflinger_vsync_service,   service_manager_type;
 

public/te_macros

diff --git a/public/te_macros b/public/te_macros
index c6035f8..50532c1 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -602,6 +602,7 @@
   allow keystore $1:process getattr;
   allow $1 apc_service:service_manager find;
   allow $1 keystore_service:service_manager find;
+  allow $1 vpnprofilestore_service:service_manager find;
   binder_call($1, keystore)
   binder_call(keystore, $1)
 ')