Modify sepolicy for compos key changes Add the compos_key_helper domain for the process which has access to the signing key, make sure it can't be crashdumped. Also extend that protection to diced & its HAL. Rename compos_verify_key to compos_verify, because it doesn't verify keys any more. Move exec types used by Microdroid to file.te in the host rather than their own dedicated files. Bug: 218494522 Test: atest CompOsSigningHostTest CompOsDenialHostTest Change-Id: I942667355d8ce29b3a9eb093e0b9c4f6ee0df6c1

commit: 766caba5deef2ee02ac8aa1d406a7dab4735dfe1 [log] [tgz]
author: Alan Stokes <alanstokes@google.com> Mon Feb 14 14:33:37 2022 +0000
committer: Alan Stokes <alanstokes@google.com> Thu Feb 17 12:14:40 2022 +0000
tree: 14cb90526165c08e59bf9e639e0a50f6dd067100
parent: 8817edcbb47a8681dd6a3644ea9368f1581ba8a8 [diff] [blame]
diff --git a/apex/com.android.compos-file_contexts b/apex/com.android.compos-file_contexts
index 0502084..799c2c4 100644
--- a/apex/com.android.compos-file_contexts
+++ b/apex/com.android.compos-file_contexts

@@ -1,4 +1,5 @@
 (/.*)?                   u:object_r:system_file:s0
-/bin/compsvc             u:object_r:compos_exec:s0
-/bin/compos_verify_key   u:object_r:compos_verify_key_exec:s0
+/bin/compos_key_helper   u:object_r:compos_key_helper_exec:s0
+/bin/compos_verify       u:object_r:compos_verify_exec:s0
 /bin/composd             u:object_r:composd_exec:s0
+/bin/compsvc             u:object_r:compos_exec:s0
commit	766caba5deef2ee02ac8aa1d406a7dab4735dfe1	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Mon Feb 14 14:33:37 2022 +0000
committer	Alan Stokes <alanstokes@google.com>	Thu Feb 17 12:14:40 2022 +0000
tree	14cb90526165c08e59bf9e639e0a50f6dd067100
parent	8817edcbb47a8681dd6a3644ea9368f1581ba8a8 [diff] [blame]