Merge "Make backup service app_api_service."
diff --git a/gatekeeperd.te b/gatekeeperd.te
index 45bf7d9..dfb2c7f 100644
--- a/gatekeeperd.te
+++ b/gatekeeperd.te
@@ -7,9 +7,15 @@
binder_service(gatekeeperd)
allow gatekeeperd tee_device:chr_file rw_file_perms;
+# need to find KeyStore and add self
allow gatekeeperd gatekeeper_service:service_manager { add find };
+# Need to add auth tokens to KeyStore
allow gatekeeperd keystore:keystore_key { add_auth };
+# For permissions checking
+allow gatekeeperd system_server:binder call;
+allow gatekeeperd permission_service:service_manager find;
+
neverallow { domain -gatekeeperd -system_server } gatekeeper_service:service_manager find;
neverallow { domain -gatekeeperd } gatekeeper_service:service_manager add;
diff --git a/isolated_app.te b/isolated_app.te
index 48bf3de..c368527 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -13,7 +13,7 @@
app_domain(isolated_app)
# Access already open app data files received over Binder or local socket IPC.
-allow isolated_app app_data_file:file { read write getattr };
+allow isolated_app app_data_file:file { read write getattr lock };
allow isolated_app activity_service:service_manager find;
allow isolated_app display_service:service_manager find;