Allow for ISecretkeeper/default Test: VtsAidlAuthGraphSessionTest Bug: 306364873 Change-Id: I788d6cd67c2b6dfa7b5f14bc66444d18e3fd35d3

commit: 8d1876b4f6f9fd0b286000e44bb4103c10043417 [log] [tgz]
author: David Drysdale <drysdale@google.com> Mon Nov 13 13:06:52 2023 +0000
committer: David Drysdale <drysdale@google.com> Tue Dec 05 14:33:47 2023 +0000
tree: 1027c662e301200a090c83063f44ca0e13b148be
parent: cba619bf6038c25af27710b84a87e01792b803a8 [diff]
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 9118cba..49481bd 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go

@@ -120,6 +120,7 @@
 		"android.hardware.security.dice.IDiceDevice/default":                      EXCEPTION_NO_FUZZER,
 		"android.hardware.security.keymint.IKeyMintDevice/default":                EXCEPTION_NO_FUZZER,
 		"android.hardware.security.keymint.IRemotelyProvisionedComponent/default": EXCEPTION_NO_FUZZER,
+		"android.hardware.security.secretkeeper.ISecretkeeper/default":            EXCEPTION_NO_FUZZER,
 		"android.hardware.security.secretkeeper.ISecretkeeper/nonsecure":          EXCEPTION_NO_FUZZER,
 		"android.hardware.security.secureclock.ISecureClock/default":              EXCEPTION_NO_FUZZER,
 		"android.hardware.security.sharedsecret.ISharedSecret/default":            EXCEPTION_NO_FUZZER,

diff --git a/private/service_contexts b/private/service_contexts
index 2209c6a..091ab99 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -125,6 +125,7 @@
 android.hardware.secure_element.ISecureElement/SIM1                  u:object_r:hal_secure_element_service:s0
 android.hardware.secure_element.ISecureElement/SIM2                  u:object_r:hal_secure_element_service:s0
 android.hardware.secure_element.ISecureElement/SIM3                  u:object_r:hal_secure_element_service:s0
+android.hardware.security.secretkeeper.ISecretkeeper/default         u:object_r:hal_secretkeeper_service:s0
 android.hardware.security.secretkeeper.ISecretkeeper/nonsecure       u:object_r:hal_secretkeeper_service:s0
 android.system.keystore2.IKeystoreService/default                    u:object_r:keystore_service:s0
 android.system.net.netd.INetd/default                                u:object_r:system_net_netd_service:s0

diff --git a/public/hal_secretkeeper.te b/public/hal_secretkeeper.te
index 809ed77..359159f 100644
--- a/public/hal_secretkeeper.te
+++ b/public/hal_secretkeeper.te

@@ -6,3 +6,7 @@
 
 binder_use(hal_secretkeeper_server)
 binder_use(hal_secretkeeper_client)
+
+# The Secretkeeper HAL service needs to communicate with a trusted application running
+# in the TEE, which is represented by the tee_device permission.
+allow hal_secretkeeper_server tee_device:chr_file rw_file_perms;
commit	8d1876b4f6f9fd0b286000e44bb4103c10043417	[log] [tgz]
author	David Drysdale <drysdale@google.com>	Mon Nov 13 13:06:52 2023 +0000
committer	David Drysdale <drysdale@google.com>	Tue Dec 05 14:33:47 2023 +0000
tree	1027c662e301200a090c83063f44ca0e13b148be
parent	cba619bf6038c25af27710b84a87e01792b803a8 [diff]