Keystore 2.0: sepolicy changes for vold to use keystore2 Vold needs to be able to search for keystore2 and keystore2 maintenance services, and call methods provided by those services. Bug: 181910578 Change-Id: I6e336c3bfaabe158b850dc175b6c9a942dd717be

commit: a9990045280f3ca67de82aaee433f77da23e1462 [log] [tgz]
author: Satya Tangirala <satyat@google.com> Mon Mar 01 02:53:46 2021 -0800
committer: Satya Tangirala <satyat@google.com> Wed Apr 07 02:14:33 2021 -0700
tree: 787e80ea6a42e8ed1e9a5393203beccb793b453f
parent: 794b7d83ec69ee417a9f89c14811264245ef8c26 [diff] [blame]
diff --git a/private/keystore.te b/private/keystore.te
index 85f1517..aa902d5 100644
--- a/private/keystore.te
+++ b/private/keystore.te

@@ -24,3 +24,8 @@
 allow keystore keystore2_key_contexts_file:file r_file_perms;
 
 get_prop(keystore, keystore_listen_prop)
+
+# Keystore needs to transfer binder references to vold and wait_for_keymaster so that they
+# can call keystore methods on those references.
+allow keystore vold:binder transfer;
+allow keystore wait_for_keymaster:binder transfer;
commit	a9990045280f3ca67de82aaee433f77da23e1462	[log] [tgz]
author	Satya Tangirala <satyat@google.com>	Mon Mar 01 02:53:46 2021 -0800
committer	Satya Tangirala <satyat@google.com>	Wed Apr 07 02:14:33 2021 -0700
tree	787e80ea6a42e8ed1e9a5393203beccb793b453f
parent	794b7d83ec69ee417a9f89c14811264245ef8c26 [diff] [blame]