Keystore 2.0: Add permissions and policy for user manager AIDL. Bug: 176123105 Test: User can set a password and unlock the phone. Change-Id: I96c033328eb360413e82e82c0c69210dea2ddac9

commit: 685ca0c8889deb6d6db4ba3b31f108d3b077cbd6 [log] [tgz]
author: Hasini Gunasinghe <hasinitg@google.com> Wed Jan 27 01:01:45 2021 +0000
committer: Janis Danisevskis <jdanis@google.com> Wed Feb 17 08:55:31 2021 -0800
tree: 5f8a5bac94b5167e12428dd300ae9b4acf220955
parent: e8d2732651edfaf9f32df039216cbf54f247e9ec [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index e1919e2..a3e1f97 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -824,6 +824,7 @@
 allow system_server storaged_service:service_manager find;
 allow system_server surfaceflinger_service:service_manager find;
 allow system_server update_engine_service:service_manager find;
+allow system_server usermanager_service:service_manager find;
 allow system_server vold_service:service_manager find;
 allow system_server wifinl80211_service:service_manager find;
 userdebug_or_eng(`
@@ -855,7 +856,10 @@
 
 allow system_server keystore:keystore2 {
 	add_auth
+	change_password
+	change_user
 	clear_ns
+	clear_uid
 	get_state
 	lock
 	reset
commit	685ca0c8889deb6d6db4ba3b31f108d3b077cbd6	[log] [tgz]
author	Hasini Gunasinghe <hasinitg@google.com>	Wed Jan 27 01:01:45 2021 +0000
committer	Janis Danisevskis <jdanis@google.com>	Wed Feb 17 08:55:31 2021 -0800
tree	5f8a5bac94b5167e12428dd300ae9b4acf220955
parent	e8d2732651edfaf9f32df039216cbf54f247e9ec [diff] [blame]