Keystore 2.0: Add wifi namespace to sepolicy. Add the wifi namespace to sepolicy and allow system_app (Settings) and wifi_supplicant to manage/use the keys in that namespace Test: N/A Bug: 171305388 Change-Id: Ib6af8656b18288a1116c241c2e76d9aea421a889

commit: df31f20dfe7f76cabb73eec3f3f62ca07e048bd8 [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Mon Feb 01 23:04:45 2021 -0800
committer: Janis Danisevskis <jdanis@google.com> Tue Feb 09 08:28:45 2021 -0800
tree: b1ec1e6c49e71f8a7b2463784a6bfa3fc0ee8d06
parent: c86c173de7e4ad09ccb2dc8d19d9cfb4a287fcbe [diff] [blame]
diff --git a/public/hal_wifi_supplicant.te b/public/hal_wifi_supplicant.te
index 79a0667..5fbe9f2 100644
--- a/public/hal_wifi_supplicant.te
+++ b/public/hal_wifi_supplicant.te

@@ -19,6 +19,14 @@
 allow hal_wifi_supplicant self:packet_socket create_socket_perms;
 allowxperm hal_wifi_supplicant self:packet_socket ioctl { unpriv_sock_ioctls priv_sock_ioctls unpriv_tty_ioctls };
 
+use_keystore(hal_wifi_supplicant)
+
+# Allow the WI-FI HAL to use keys in the keystore namespace wifi_key.
+allow hal_wifi_supplicant wifi_key:keystore2_key {
+    get_info
+    use
+};
+
 ###
 ### neverallow rules
 ###
commit	df31f20dfe7f76cabb73eec3f3f62ca07e048bd8	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Mon Feb 01 23:04:45 2021 -0800
committer	Janis Danisevskis <jdanis@google.com>	Tue Feb 09 08:28:45 2021 -0800
tree	b1ec1e6c49e71f8a7b2463784a6bfa3fc0ee8d06
parent	c86c173de7e4ad09ccb2dc8d19d9cfb4a287fcbe [diff] [blame]