commit c40681f1b51dbba51ed6c6a9d83805305c27252f
author Janis Danisevskis <jdanis@google.com> Sat Jul 25 13:02:29 2020 -0700
committer Janis Danisevskis <jdanis@google.com> Wed Aug 05 16:11:48 2020 +0000
tree 1e3a94c2277d120a5e4f725b9c31cef798a55f9c
parent 2e91219f9aef16d21f4d006dd97f35cbcbb2b19b

Add libselinux keystore_key backend.

We add a new back end for SELinux based keystore2_key namespaces.
This patch adds the rump policy and build system infrastructure
for installing keystore2_key context files on the target devices.

Bug: 158500146
Bug: 159466840
Test: None
Change-Id: I423c9e68ad259926e4a315d052dfda97fa502106
Merged-In: I423c9e68ad259926e4a315d052dfda97fa502106

private/file_contexts

diff --git a/private/file_contexts b/private/file_contexts
index a4d967e..08e9e2f 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -62,6 +62,7 @@
 /sepolicy           u:object_r:sepolicy_file:s0
 /plat_service_contexts   u:object_r:service_contexts_file:s0
 /plat_hwservice_contexts   u:object_r:hwservice_contexts_file:s0
+/plat_keystore2_key_contexts u:object_r:keystore2_key_contexts_file:s0
 /nonplat_service_contexts   u:object_r:nonplat_service_contexts_file:s0
 # Use nonplat_service_contexts_file to allow servicemanager to read it
 # on non full-treble devices.
@@ -329,6 +330,7 @@
 /system/etc/selinux/plat_property_contexts  u:object_r:property_contexts_file:s0
 /system/etc/selinux/plat_service_contexts  u:object_r:service_contexts_file:s0
 /system/etc/selinux/plat_hwservice_contexts  u:object_r:hwservice_contexts_file:s0
+/system/etc/selinux/plat_keystore2_key_contexts  u:object_r:keystore2_key_contexts_file:s0
 /system/etc/selinux/plat_file_contexts  u:object_r:file_contexts_file:s0
 /system/etc/selinux/plat_seapp_contexts  u:object_r:seapp_contexts_file:s0
 /system/etc/selinux/plat_sepolicy\.cil       u:object_r:sepolicy_file:s0
@@ -419,6 +421,7 @@
 /(odm|vendor/odm)/etc/selinux/odm_seapp_contexts                u:object_r:seapp_contexts_file:s0
 /(odm|vendor/odm)/etc/selinux/odm_property_contexts             u:object_r:property_contexts_file:s0
 /(odm|vendor/odm)/etc/selinux/odm_hwservice_contexts            u:object_r:hwservice_contexts_file:s0
+/(odm|vendor/odm)/etc/selinux/odm_keystore2_key_contexts         u:object_r:keystore2_key_contexts_file:s0
 /(odm|vendor/odm)/etc/selinux/odm_mac_permissions\.xml           u:object_r:mac_perms_file:s0
 
 #############################
@@ -431,6 +434,7 @@
 
 /(product|system/product)/etc/selinux/product_file_contexts      u:object_r:file_contexts_file:s0
 /(product|system/product)/etc/selinux/product_hwservice_contexts u:object_r:hwservice_contexts_file:s0
+/(product|system/product)/etc/selinux/product_keystore2_key_contexts u:object_r:keystore2_key_contexts_file:s0
 /(product|system/product)/etc/selinux/product_property_contexts  u:object_r:property_contexts_file:s0
 /(product|system/product)/etc/selinux/product_seapp_contexts     u:object_r:seapp_contexts_file:s0
 /(product|system/product)/etc/selinux/product_service_contexts   u:object_r:service_contexts_file:s0
@@ -448,6 +452,7 @@
 
 /(system_ext|system/system_ext)/etc/selinux/system_ext_file_contexts        u:object_r:file_contexts_file:s0
 /(system_ext|system/system_ext)/etc/selinux/system_ext_hwservice_contexts   u:object_r:hwservice_contexts_file:s0
+/(system_ext|system/system_ext)/etc/selinux/system_ext_keystore2_key_contexts u:object_r:keystore2_key_contexts_file:s0
 /(system_ext|system/system_ext)/etc/selinux/system_ext_property_contexts    u:object_r:property_contexts_file:s0
 /(system_ext|system/system_ext)/etc/selinux/system_ext_seapp_contexts       u:object_r:seapp_contexts_file:s0
 /(system_ext|system/system_ext)/etc/selinux/system_ext_service_contexts     u:object_r:service_contexts_file:s0