Merge "Add diced security class"

commit: ea7e1bd6aac8e2d0b4616f709a3bd13dd19045d5 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Tue Jan 18 01:14:52 2022 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Jan 18 01:14:52 2022 +0000
tree: 818ffa4baa5ade871b22c33532952ac4073ad62d
parent: f20bcb4a722de9378b1851d57937aa55b462e6fa [diff]
parent: f3ec0742edbec0eff5cc1fc07f3edfc042ec7d0e [diff]
diff --git a/microdroid/system/private/access_vectors b/microdroid/system/private/access_vectors
index 22f2ffa..477f78f 100644
--- a/microdroid/system/private/access_vectors
+++ b/microdroid/system/private/access_vectors

@@ -746,6 +746,16 @@
 	use_dev_id
 }
 
+class diced
+{
+	demote
+	demote_self
+	derive
+	get_attestation_chain
+	use_seal
+	use_sign
+}
+
 class drmservice {
 	consumeRights
 	setPlaybackStatus

diff --git a/microdroid/system/private/security_classes b/microdroid/system/private/security_classes
index 200b030..0d3cc80 100644
--- a/microdroid/system/private/security_classes
+++ b/microdroid/system/private/security_classes

@@ -163,5 +163,8 @@
 # Keystore 2.0 key permissions
 class keystore2_key             # userspace
 
+# Diced permissions
+class diced                     # userspace
+
 class drmservice                # userspace
 # FLASK
commit	ea7e1bd6aac8e2d0b4616f709a3bd13dd19045d5	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Tue Jan 18 01:14:52 2022 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Jan 18 01:14:52 2022 +0000
tree	818ffa4baa5ade871b22c33532952ac4073ad62d
parent	f20bcb4a722de9378b1851d57937aa55b462e6fa [diff]
parent	f3ec0742edbec0eff5cc1fc07f3edfc042ec7d0e [diff]