Allow keystore to access KeyAttestationApplicationIDProviderService (cherry picked from commit 58b079a25961d15e8ff24342a7ba51bf125e7469) Bug: 22914603 Change-Id: I8ae1a786702694ca2bb8707a4c142b8a233042ee

commit: 61e5ccae9ea55fea77dbb3ce55e348c9d4f64422 [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Fri Jun 03 11:36:41 2016 -0700
committer: Jeffrey Vander Stoep <jeffv@google.com> Wed Sep 14 19:24:48 2016 +0000
tree: d4bba62f3e8ddadac2386e13bce3675ef42034ff
parent: 2c1b02eba6a8e6cc3bf66018e66e7f66e942566a [diff]
diff --git a/keystore.te b/keystore.te
index bb2e9d8..3d7bd92 100644
--- a/keystore.te
+++ b/keystore.te

@@ -6,6 +6,7 @@
 typeattribute keystore mlstrustedsubject;
 binder_use(keystore)
 binder_service(keystore)
+binder_call(keystore, system_server)
 allow keystore keystore_data_file:dir create_dir_perms;
 allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
 allow keystore keystore_exec:file { getattr };
@@ -13,6 +14,7 @@
 allow keystore tee:unix_stream_socket connectto;
 
 allow keystore keystore_service:service_manager { add find };
+allow keystore sec_key_att_app_id_provider_service:service_manager find;
 
 # Check SELinux permissions.
 selinux_check_access(keystore)

diff --git a/service.te b/service.te
index c65272d..50aef26 100644
--- a/service.te
+++ b/service.te

@@ -96,6 +96,7 @@
 type samplingprofiler_service, system_server_service, service_manager_type;
 type scheduling_policy_service, system_server_service, service_manager_type;
 type search_service, app_api_service, system_server_service, service_manager_type;
+type sec_key_att_app_id_provider_service, app_api_service, system_server_service, service_manager_type;
 type sensorservice_service, app_api_service, system_server_service, service_manager_type;
 type serial_service, system_api_service, system_server_service, service_manager_type;
 type servicediscovery_service, app_api_service, system_server_service, service_manager_type;

diff --git a/service_contexts b/service_contexts
index b735529..c0dfd2b 100644
--- a/service_contexts
+++ b/service_contexts

@@ -94,6 +94,7 @@
 notification                              u:object_r:notification_service:s0
 otadexopt                                 u:object_r:otadexopt_service:s0
 package                                   u:object_r:package_service:s0
+sec_key_att_app_id_provider               u:object_r:sec_key_att_app_id_provider_service:s0
 permission                                u:object_r:permission_service:s0
 persistent_data_block                     u:object_r:persistent_data_block_service:s0
 phone_msim                                u:object_r:radio_service:s0
commit	61e5ccae9ea55fea77dbb3ce55e348c9d4f64422	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Fri Jun 03 11:36:41 2016 -0700
committer	Jeffrey Vander Stoep <jeffv@google.com>	Wed Sep 14 19:24:48 2016 +0000
tree	d4bba62f3e8ddadac2386e13bce3675ef42034ff
parent	2c1b02eba6a8e6cc3bf66018e66e7f66e942566a [diff]