Allow keystore to monitor and read APEX info Test: logcat Bug: 369375199 Change-Id: Ib4a267e50f59367ca7426009ff7cc0559ce5c771

commit: 8b941e500275cb045c966b45c9b7199a50a4b80b [log] [tgz]
author: David Drysdale <drysdale@google.com> Thu Dec 05 18:31:00 2024 +0000
committer: David Drysdale <drysdale@google.com> Thu Dec 12 14:07:54 2024 +0000
tree: debb73650ada7599016788c524098446e7ac1be5
parent: 702663bd33cc067521de151ada713de7e23811e4 [diff] [blame]
diff --git a/private/keystore.te b/private/keystore.te
index 50542b0..014903e 100644
--- a/private/keystore.te
+++ b/private/keystore.te

@@ -41,6 +41,9 @@
 
 set_prop(keystore, keystore_crash_prop)
 
+# Allow keystore to monitor the `apexd.status` property.
+get_prop(keystore, apexd_prop)
+
 # keystore is using apex_info via libvintf
 use_apex_info(keystore)
 
@@ -61,6 +64,10 @@
 allow keystore remote_provisioning_service:service_manager find;
 allow keystore rkp_cert_processor_service:service_manager find;
 
+# Allow keystore to communicate to apexd
+allow keystore apex_service:service_manager find;
+allow keystore apexd:binder call;
+
 add_service(keystore, apc_service)
 add_service(keystore, keystore_compat_hal_service)
 add_service(keystore, authorization_service)
commit	8b941e500275cb045c966b45c9b7199a50a4b80b	[log] [tgz]
author	David Drysdale <drysdale@google.com>	Thu Dec 05 18:31:00 2024 +0000
committer	David Drysdale <drysdale@google.com>	Thu Dec 12 14:07:54 2024 +0000
tree	debb73650ada7599016788c524098446e7ac1be5
parent	702663bd33cc067521de151ada713de7e23811e4 [diff] [blame]