Merge "[attestation] Allow virtualizationservice to retrieve keys" into main

commit: 7a3d15416e4219e8af453a17ad8fe92d11e8bb59 [log] [tgz]
author: Alice Wang <aliceywang@google.com> Sat Jan 20 12:19:21 2024 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Sat Jan 20 12:19:21 2024 +0000
tree: 5ca8edea107a2b4aaf2331904634a0c6d9ad5600
parent: 04ea62b3581946ef58fa770afd9169becc54b8fd [diff]
parent: 260daf5164baef0530c1fa40936ac18709f545d2 [diff]
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 4d8ac6b..972f376 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -29,6 +29,10 @@
 binder_call(virtualizationservice, system_server)
 allow virtualizationservice permission_service:service_manager find;
 
+# Allow virtualizationservice to retrieve the remotely provisioned keys from rkpd.
+binder_call(virtualizationservice, remote_provisioning_service)
+allow virtualizationservice remote_provisioning_service:service_manager find;
+
 # Let virtualizationservice remove memlock rlimit of virtualizationmanager. This is necessary
 # to mlock VM memory and page tables.
 allow virtualizationservice self:capability sys_resource;
commit	7a3d15416e4219e8af453a17ad8fe92d11e8bb59	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Sat Jan 20 12:19:21 2024 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Sat Jan 20 12:19:21 2024 +0000
tree	5ca8edea107a2b4aaf2331904634a0c6d9ad5600
parent	04ea62b3581946ef58fa770afd9169becc54b8fd [diff]
parent	260daf5164baef0530c1fa40936ac18709f545d2 [diff]