Add SELinux policies for remote_key_provisioning_native namespace. We need to separate out the feature flags in use by remote key provisioning daemon (RKPD). For this, I have set up a new namespace remote_key_provisioning_native. This change adds the SELinux policies to make sure appropriate permissions are present when accessing the feature flag for read/write. Change-Id: I9e73a623f847a058b6236dd0aa370a7f9a9e6da7 Test: TreeHugger

commit: e1c49f55247353c714777c610dac52cd1f6e16be [log] [tgz]
author: Vikram Gaur <vikramgaur@google.com> Thu Sep 29 21:20:22 2022 +0000
committer: Vikram Gaur <vikramgaur@google.com> Thu Sep 29 21:32:58 2022 +0000
tree: f7763907152be13b8a95c6964ac8da7bde18284a
parent: 38292f168a6180a9ecf5b6d31bcec4a0187d2cbb [diff] [blame]
diff --git a/private/keystore.te b/private/keystore.te
index 8e681b1..b69477c 100644
--- a/private/keystore.te
+++ b/private/keystore.te

@@ -20,6 +20,9 @@
 # Allow keystore to check if the system is rkp only.
 get_prop(keystore, remote_prov_prop)
 
+# Allow keystore to check rkpd feature flags
+get_prop(keystore, device_config_remote_key_provisioning_native_prop)
+
 # Allow keystore to write to statsd.
 unix_socket_send(keystore, statsdw, statsd)
commit	e1c49f55247353c714777c610dac52cd1f6e16be	[log] [tgz]
author	Vikram Gaur <vikramgaur@google.com>	Thu Sep 29 21:20:22 2022 +0000
committer	Vikram Gaur <vikramgaur@google.com>	Thu Sep 29 21:32:58 2022 +0000
tree	f7763907152be13b8a95c6964ac8da7bde18284a
parent	38292f168a6180a9ecf5b6d31bcec4a0187d2cbb [diff] [blame]