Preliminary policy for hal_keymaster (TREBLE) This adds the premissions required for android.hardware.keymaster@2.0-service to access the keymaster TA as well as for keystore and vold to lookup and use android.hardware.keymaster@2.0-service. IT DOES NOT remove the privileges from keystore and vold to access the keymaster TA directly. Test: Run keystore CTS tests Bug: 32020919 (cherry picked from commit 5090d6f3241ffbd96f5a0b24df602bd2559f3cf4) Change-Id: Ib02682da26e2dbcabd81bc23169f9bd0e832eb19

commit: e8acd7695b96434cde84c8bc16b364d39856857d [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Fri Jan 27 15:00:27 2017 -0800
committer: Alex Klyubin <klyubin@google.com> Fri Jan 27 15:02:57 2017 -0800
tree: dcaf3ae0ceee77ed856ba9523f1b0ed0b110f907
parent: a7653ee2eded1083e47bf091abaf85804be22c6b [diff] [blame]
diff --git a/public/hal_keymaster.te b/public/hal_keymaster.te
new file mode 100644
index 0000000..a3aef59
--- /dev/null
+++ b/public/hal_keymaster.te

@@ -0,0 +1,7 @@
+# hwbinder access
+hwbinder_use(hal_keymaster)
+
+allow hal_keymaster tee_device:chr_file rw_file_perms;
+allow hal_keymaster tee:unix_stream_socket connectto;
+
+allow hal_keymaster ion_device:chr_file r_file_perms;
commit	e8acd7695b96434cde84c8bc16b364d39856857d	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Fri Jan 27 15:00:27 2017 -0800
committer	Alex Klyubin <klyubin@google.com>	Fri Jan 27 15:02:57 2017 -0800
tree	dcaf3ae0ceee77ed856ba9523f1b0ed0b110f907
parent	a7653ee2eded1083e47bf091abaf85804be22c6b [diff] [blame]