Make Keystore equivalent policy for Keystore2 Bug: 158500146 Bug: 159466840 Test: keystore2_test tests part of this policy Change-Id: Id3dcb2ba4423d93170b9ba7ecf8aed0580ce83bc Merged-In: Id3dcb2ba4423d93170b9ba7ecf8aed0580ce83bc

commit: abb93f24c027ed7751e107373237d2c42d434b7a [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Mon Jul 27 12:53:20 2020 -0700
committer: Janis Danisevskis <jdanis@google.com> Wed Aug 05 16:11:48 2020 +0000
tree: 422f2da434057359f53d03139f9d3aa99f6978de
parent: 24f3dce0cad0af1a198fb579a886f146548b8d8c [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 0622908..5382508 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -824,6 +824,26 @@
 	user_changed
 };
 
+allow system_server keystore:keystore2 {
+	add_auth
+	clear_ns
+	get_state
+	lock
+	reset
+	unlock
+};
+
+allow system_server keystore:keystore2_key {
+	delete
+	use_dev_id
+	grant
+	get_info
+	list
+	rebind
+	update
+	use
+};
+
 # Allow system server to search and write to the persistent factory reset
 # protection partition. This block device does not get wiped in a factory reset.
 allow system_server block_device:dir search;
commit	abb93f24c027ed7751e107373237d2c42d434b7a	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Mon Jul 27 12:53:20 2020 -0700
committer	Janis Danisevskis <jdanis@google.com>	Wed Aug 05 16:11:48 2020 +0000
tree	422f2da434057359f53d03139f9d3aa99f6978de
parent	24f3dce0cad0af1a198fb579a886f146548b8d8c [diff] [blame]