Merge "Keystore 2.0: Allow apps to get the Keystore state."

commit: e165cd486bfbc9d5a2cc9028caa8e16515bb7525 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Wed Mar 17 14:11:21 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Mar 17 14:11:21 2021 +0000
tree: 551efd732e34a25dfeb7f30b28cf830a7dcf11df
parent: a3f3045f421d432a890596f29b61875b911e0d66 [diff]
parent: ac4a6e75fc66a1cc414c8c0ff8d10790e0370a7b [diff]
diff --git a/public/app.te b/public/app.te
index 67a996a..af19d10 100644
--- a/public/app.te
+++ b/public/app.te

@@ -298,6 +298,9 @@
 allow { appdomain -isolated_app -ephemeral_app } keystore:keystore_key { get_state get insert delete exist list sign verify };
 allow { appdomain -isolated_app -ephemeral_app } keystore:keystore2_key { delete use get_info rebind update };
 
+allow { appdomain -isolated_app -ephemeral_app } keystore_maintenance_service:service_manager find;
+allow { appdomain -isolated_app -ephemeral_app } keystore:keystore2 get_state;
+
 use_keystore({ appdomain -isolated_app -ephemeral_app })
 
 use_credstore({ appdomain -isolated_app -ephemeral_app })

diff --git a/public/domain.te b/public/domain.te
index 3666fbc..02df9a3 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -677,6 +677,7 @@
     -cameraserver_service
     -drmserver_service
     -credstore_service
+    -keystore_maintenance_service
     -keystore_service
     -mediadrmserver_service
     -mediaextractor_service
commit	e165cd486bfbc9d5a2cc9028caa8e16515bb7525	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Wed Mar 17 14:11:21 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Mar 17 14:11:21 2021 +0000
tree	551efd732e34a25dfeb7f30b28cf830a7dcf11df
parent	a3f3045f421d432a890596f29b61875b911e0d66 [diff]
parent	ac4a6e75fc66a1cc414c8c0ff8d10790e0370a7b [diff]