Add `su_key`, a keystore2_key namespace for `su`. Add a keystore2_key namespace that can be used by `su` for testing. Test: keystore2_test Bug: 158500146 Bug: 160623310 Bug: 159466840 Change-Id: I017a10ad8c7fce28e8bc921b764e65c49bae5107 Merged-In: I017a10ad8c7fce28e8bc921b764e65c49bae5107

commit: d3451f88bead7e9c2fd9c9df01f76b379532242f [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Mon Jul 27 13:06:11 2020 -0700
committer: Janis Danisevskis <jdanis@google.com> Wed Aug 05 16:11:48 2020 +0000
tree: 6078ddf2e18a9b7bdfef2b9b08f8763c9892f3f1
parent: 32d7738224ab635cd0e6d5acb1bb6492ba1dd4d5 [diff] [blame]
diff --git a/private/su.te b/private/su.te
index 16e47bb..072e8db 100644
--- a/private/su.te
+++ b/private/su.te

@@ -20,4 +20,8 @@
   permissive su;
 
   app_domain(su)
+
+  # Do not audit accesses to keystore2 namespace for the su domain.
+  dontaudit su keystore2_key_type:{ keystore2 keystore2_key } *;
+
 ')
commit	d3451f88bead7e9c2fd9c9df01f76b379532242f	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Mon Jul 27 13:06:11 2020 -0700
committer	Janis Danisevskis <jdanis@google.com>	Wed Aug 05 16:11:48 2020 +0000
tree	6078ddf2e18a9b7bdfef2b9b08f8763c9892f3f1
parent	32d7738224ab635cd0e6d5acb1bb6492ba1dd4d5 [diff] [blame]