Add keystore2_key namespace `shell_key` for `shell`. Add a keystore2_key namespace that can be used by `shell` for testing. Bug: 158500146 Bug: 162265751 Test: keystore2_test Change-Id: I78b9b285969dd503a09609f7bcb02552b24d1a6b Merged-In: I78b9b285969dd503a09609f7bcb02552b24d1a6b

commit: 47f3761cc84de9b7c4a10b71454ceee2c4bbd591 [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Mon Jul 27 13:07:39 2020 -0700
committer: Janis Danisevskis <jdanis@google.com> Wed Aug 05 21:58:04 2020 +0000
tree: 852d3de2dc96ddd4806e9937914d6d4001ddc0a6
parent: d3451f88bead7e9c2fd9c9df01f76b379532242f [diff] [blame]
diff --git a/private/shell.te b/private/shell.te
index b63a569..090adb2 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -144,3 +144,9 @@
 userdebug_or_eng(`
   allow shell profcollectd:binder call;
 ')
+
+# Allow shell to read the keystore key contexts files. Used by native tests to test label lookup.
+allow shell keystore2_key_contexts_file:file r_file_perms;
+
+# Allow shell to access the keystore2_key namespace shell_key. Mainly used for native tests.
+allow shell shell_key:keystore2_key { delete rebind use get_info list update };
commit	47f3761cc84de9b7c4a10b71454ceee2c4bbd591	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Mon Jul 27 13:07:39 2020 -0700
committer	Janis Danisevskis <jdanis@google.com>	Wed Aug 05 21:58:04 2020 +0000
tree	852d3de2dc96ddd4806e9937914d6d4001ddc0a6
parent	d3451f88bead7e9c2fd9c9df01f76b379532242f [diff] [blame]