Keystore 2.0: Add early_boot_ended permission Add early_boot_ended permission to the keystore2 access vector. This permission must be checked before allowing calls to earlyBootEnded() on Keymint devices. Bug: 181821046 Bug: 181910578 Change-Id: I8860a4424a249455ab540b6c2896e7d836ceb8a3

commit: 5ef8686428bfe2729b9ed33b8466ac8fc828244a [log] [tgz]
author: Satya Tangirala <satyat@google.com> Thu Mar 11 03:57:03 2021 -0800
committer: Satya Tangirala <satyat@google.com> Wed Mar 24 05:20:58 2021 -0700
tree: 5d3a9f2bb93f98c1f81e6c9b2f5b0b888d5e2d20
parent: e3c3dd37865d075402a178b7a74ef2e737ee363b [diff]
diff --git a/private/access_vectors b/private/access_vectors
index fdac890..78dc135 100644
--- a/private/access_vectors
+++ b/private/access_vectors

@@ -721,6 +721,7 @@
 	change_user
 	clear_ns
 	clear_uid
+	early_boot_ended
 	get_auth_token
 	get_state
 	list

diff --git a/private/vold.te b/private/vold.te
index ba5ad8c..93a3515 100644
--- a/private/vold.te
+++ b/private/vold.te

@@ -45,6 +45,12 @@
     use
 };
 
+# vold needs to find keystore2 services
+allow vold keystore_maintenance_service:service_manager find;
+
+# vold needs to be able to call earlyBootEnded()
+allow vold keystore:keystore2 early_boot_ended;
+
 neverallow {
     domain
     -system_server
commit	5ef8686428bfe2729b9ed33b8466ac8fc828244a	[log] [tgz]
author	Satya Tangirala <satyat@google.com>	Thu Mar 11 03:57:03 2021 -0800
committer	Satya Tangirala <satyat@google.com>	Wed Mar 24 05:20:58 2021 -0700
tree	5d3a9f2bb93f98c1f81e6c9b2f5b0b888d5e2d20
parent	e3c3dd37865d075402a178b7a74ef2e737ee363b [diff]