Add keystore2_key namespace `shell_key` for `shell`.
Add a keystore2_key namespace that can be used by `shell` for testing.
Bug: 158500146
Bug: 162265751
Test: keystore2_test
Change-Id: I78b9b285969dd503a09609f7bcb02552b24d1a6b
Merged-In: I78b9b285969dd503a09609f7bcb02552b24d1a6b
diff --git a/private/keystore2_key_contexts b/private/keystore2_key_contexts
index 43a39e5..1c6573c 100644
--- a/private/keystore2_key_contexts
+++ b/private/keystore2_key_contexts
@@ -7,6 +7,9 @@
# su_key is a keystore_key namespace for the su domain intended for native tests.
0 u:object_r:su_key:s0
+# shell_key is a keystore_key namespace for the shell domain intended for native tests.
+1 u:object_r:shell_key:s0
+
# vold_key is a keystore2_key namespace for vold. It allows using raw Keymint blobs.
100 u:object_r:vold_key:s0
diff --git a/private/keystore_keys.te b/private/keystore_keys.te
index 99211bf..cff37eb 100644
--- a/private/keystore_keys.te
+++ b/private/keystore_keys.te
@@ -1,6 +1,9 @@
# Specify keystore2_key namespaces in this file.
# Please keep the names in alphabetical order and comment each new entry.
+# A keystore2_key namespace for the shell domain. Mainly used for native tests.
+type shell_key, keystore2_key_type;
+
# A keystore2 namespace for the su domain. Mainly used for native tests.
type su_key, keystore2_key_type;
diff --git a/private/shell.te b/private/shell.te
index b63a569..090adb2 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -144,3 +144,9 @@
userdebug_or_eng(`
allow shell profcollectd:binder call;
')
+
+# Allow shell to read the keystore key contexts files. Used by native tests to test label lookup.
+allow shell keystore2_key_contexts_file:file r_file_perms;
+
+# Allow shell to access the keystore2_key namespace shell_key. Mainly used for native tests.
+allow shell shell_key:keystore2_key { delete rebind use get_info list update };