Add keystore2 permission to get attestation keys Contexts must have this permission to fetch remotely provisioned attestation key blobs. It is expected that only credstore will have this permission. Test: manual, build and run cuttlefish Bug: 194696876 Change-Id: Ieebd552129bc8be6b8831ec2e38eb6bda522b216

commit: 7e95d22296510e21287736c0d8c9dbefb32e892b [log] [tgz]
author: Seth Moore <sethmo@google.com> Tue Dec 14 07:57:07 2021 -0800
committer: Seth Moore <sethmo@google.com> Tue Jan 18 16:17:45 2022 -0800
tree: 4835e2ab5deba6b8d4279932e85867feb1a00233
parent: bcc280963d7dd0cca55ec5af2665a3c0bff80618 [diff]
diff --git a/private/access_vectors b/private/access_vectors
index fc17c1d..0f8dd5f 100644
--- a/private/access_vectors
+++ b/private/access_vectors

@@ -722,7 +722,9 @@
 	change_user
 	clear_ns
 	clear_uid
+	delete_all_keys
 	early_boot_ended
+	get_attestation_key
 	get_auth_token
 	get_state
 	list
@@ -732,7 +734,6 @@
 	report_off_body
 	reset
 	unlock
-	delete_all_keys
 }
 
 class keystore2_key
commit	7e95d22296510e21287736c0d8c9dbefb32e892b	[log] [tgz]
author	Seth Moore <sethmo@google.com>	Tue Dec 14 07:57:07 2021 -0800
committer	Seth Moore <sethmo@google.com>	Tue Jan 18 16:17:45 2022 -0800
tree	4835e2ab5deba6b8d4279932e85867feb1a00233
parent	bcc280963d7dd0cca55ec5af2665a3c0bff80618 [diff]