Allow system_server to search su:key in debuggable build Test: successful fs-verity setup with key loaded from shell Bug: 112037636 Change-Id: Ide01d11f309008fffeafdedb517508db94472873

commit: a8b2bc47ec35ce0a8017f0d805b4dc35d51542c8 [log] [tgz]
author: Victor Hsieh <victorhsieh@google.com> Fri Jan 25 12:59:29 2019 -0800
committer: Victor Hsieh <victorhsieh@google.com> Fri Jan 25 12:59:29 2019 -0800
tree: 89556e37dff06730ad5e1b8072eec44b89714f8d
parent: f6243dac0b2fd216bc589d90b2ea3d1dc9e46d4d [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 8aa7785..6fa2ae6 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -798,6 +798,9 @@
 };
 # Allow system process to access the keyring.
 allow system_server kernel:key search;
+userdebug_or_eng(`
+  allow system_server su:key search;
+')
 
 # Postinstall
 #
commit	a8b2bc47ec35ce0a8017f0d805b4dc35d51542c8	[log] [tgz]
author	Victor Hsieh <victorhsieh@google.com>	Fri Jan 25 12:59:29 2019 -0800
committer	Victor Hsieh <victorhsieh@google.com>	Fri Jan 25 12:59:29 2019 -0800
tree	89556e37dff06730ad5e1b8072eec44b89714f8d
parent	f6243dac0b2fd216bc589d90b2ea3d1dc9e46d4d [diff] [blame]