Add keystore2 namespace for LocksettingsService. Bug: 184664830 Test: N/A Change-Id: Ie04186eddaae689b968690b2bb0d3692c81ac645

commit: 79d167704e9af2052291444d57e31d0721cbc0ea [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Wed Apr 14 16:03:13 2021 -0700
committer: Janis Danisevskis <jdanis@google.com> Wed Apr 14 16:03:13 2021 -0700
tree: 830640abfd0b9fa02579a2a95d0e295bc3d8c27b
parent: 19ae37f4eff62849fb6a9ca37a837c8315272e2c [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 084ea22..1bab3e7 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -905,6 +905,16 @@
 	use
 };
 
+# Allow lock_settings service to manage locksettings keys (e.g. the synthetic password key).
+allow system_server locksettings_key:keystore2_key {
+	delete
+	get_info
+	rebind
+	update
+	use
+};
+
+
 # Allow system server to search and write to the persistent factory reset
 # protection partition. This block device does not get wiped in a factory reset.
 allow system_server block_device:dir search;
commit	79d167704e9af2052291444d57e31d0721cbc0ea	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Wed Apr 14 16:03:13 2021 -0700
committer	Janis Danisevskis <jdanis@google.com>	Wed Apr 14 16:03:13 2021 -0700
tree	830640abfd0b9fa02579a2a95d0e295bc3d8c27b
parent	19ae37f4eff62849fb6a9ca37a837c8315272e2c [diff] [blame]