Move microdroid sepolicy to system/sepolicy Bug: 190511750 Test: boot microdroid Change-Id: I4aa4a56e9be5103d70469c3508110a973f3e4f12

commit: e1389977e00124633c1165d778081afe6b185f92 [log] [tgz]
author: Inseob Kim <inseob@google.com> Mon Jul 19 07:48:34 2021 +0000
committer: Inseob Kim <inseob@google.com> Mon Jul 19 07:48:34 2021 +0000
tree: a516e15cb0e7dca45ecd53486ab6f99afa8998e1
parent: 951bf93ad8941b7e2848b82dac92b8f75c13b279 [diff] [blame]
diff --git a/microdroid/system/private/su.te b/microdroid/system/private/su.te
new file mode 100644
index 0000000..55b7308
--- /dev/null
+++ b/microdroid/system/private/su.te

@@ -0,0 +1,12 @@
+userdebug_or_eng(`
+  typeattribute su coredomain;
+
+  domain_auto_trans(shell, su_exec, su)
+
+  # su is also permissive to permit setenforce.
+  permissive su;
+
+  # Do not audit accesses to keystore2 namespace for the su domain.
+  dontaudit su keystore2_key_type:{ keystore2 keystore2_key } *;
+
+')
commit	e1389977e00124633c1165d778081afe6b185f92	[log] [tgz]
author	Inseob Kim <inseob@google.com>	Mon Jul 19 07:48:34 2021 +0000
committer	Inseob Kim <inseob@google.com>	Mon Jul 19 07:48:34 2021 +0000
tree	a516e15cb0e7dca45ecd53486ab6f99afa8998e1
parent	951bf93ad8941b7e2848b82dac92b8f75c13b279 [diff] [blame]