Limit special file permissions to the keymint server domain There are still some paths (potentially obsolete) on non-treble devices where hal_keymint_client domains have the hal_keymint typeattribute applied. In these cases, those domains also pick up the file access permissions currently granted to hal_keymint. Clean this up by limiting the permissions to hal_keymint_server only. Test: VtsAidlKeyMintTargetTest Change-Id: If1a437636824df254da245e7587df825b6963ed9

commit: 970cfa5674b1d6c68c7245aabb7ff811537d427d [log] [tgz]
author: Seth Moore <sethmo@google.com> Wed Nov 02 21:06:57 2022 -0700
committer: Seth Moore <sethmo@google.com> Thu Nov 03 05:30:01 2022 +0000
tree: 11749ccceec48251f66c1d47b82345a03269818e
parent: 2c818d9b324dc310f6544ccc203bc15385756369 [diff]
diff --git a/public/hal_keymint.te b/public/hal_keymint.te
index 9c65e22..ba29956 100644
--- a/public/hal_keymint.te
+++ b/public/hal_keymint.te

@@ -4,5 +4,5 @@
 hal_attribute_service(hal_keymint, hal_remotelyprovisionedcomponent_service)
 binder_call(hal_keymint_server, servicemanager)
 
-allow hal_keymint tee_device:chr_file rw_file_perms;
-allow hal_keymint ion_device:chr_file r_file_perms;
+allow hal_keymint_server tee_device:chr_file rw_file_perms;
+allow hal_keymint_server ion_device:chr_file r_file_perms;
commit	970cfa5674b1d6c68c7245aabb7ff811537d427d	[log] [tgz]
author	Seth Moore <sethmo@google.com>	Wed Nov 02 21:06:57 2022 -0700
committer	Seth Moore <sethmo@google.com>	Thu Nov 03 05:30:01 2022 +0000
tree	11749ccceec48251f66c1d47b82345a03269818e
parent	2c818d9b324dc310f6544ccc203bc15385756369 [diff]