Allow shell to call virtualizationservice for AVF RKP HAL am: 4877bedec2 am: 1db80a817b
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3150119
Change-Id: I6fb67d657648aa305b734c1d76ad8e166cc111a5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/private/shell.te b/private/shell.te
index 6d6e06f..f896541 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -198,6 +198,11 @@
# Allow shell to execute the remote key provisioning factory tool
binder_call(shell, hal_keymint)
+# Allow shell to run the AVF RKP HAL during the execution of the remote key
+# provisioning factory tool.
+# TODO(b/351113293): Remove this once the AVF RKP HAL registration is moved to
+# a separate process.
+binder_call(shell, virtualizationservice)
# Allow reading the outcome of perf_event_open LSM support test for CTS.
get_prop(shell, init_perf_lsm_hooks_prop)
@@ -360,6 +365,7 @@
-virtual_touchpad_service
-vold_service
-default_android_service
+ -virtualization_service
}:service_manager find;
allow shell dumpstate:binder call;
@@ -489,6 +495,7 @@
hal_keymint_service
hal_secureclock_service
hal_sharedsecret_service
+ virtualization_service
}:service_manager find;
# Do not allow shell to hard link to any files.