Allow gsid to find and binder-call vold Bug: 168571434 Test: 1. Install a DSU system. 2. Boot the DSU system and reboot back to the host system. 3. Wipe the DSU installation. 4. DSU metadata key dir /metadata/vold/metadata_encryption/dsu/dsu is destroyed. Change-Id: I229a02abb7bd1f070bb078bdaf89fb27cc4bfa47

commit: ffe786ebd74d86af0c46a19dcc568306b3f54aa3 [log] [tgz]
author: Yo Chiang <yochiang@google.com> Wed Oct 07 13:59:52 2020 +0800
committer: Yo Chiang <yochiang@google.com> Fri Oct 23 20:30:00 2020 +0800
tree: 2190ea147a8938ea845913a149ff5d8a837392cd
parent: c1eb80e302f3a23c9dbbea8ab1fa8a972ff8bf30 [diff]
diff --git a/private/gsid.te b/private/gsid.te
index 3d91eb8..fe1d08e 100644
--- a/private/gsid.te
+++ b/private/gsid.te

@@ -9,6 +9,11 @@
 binder_use(gsid)
 binder_service(gsid)
 add_service(gsid, gsi_service)
+
+# Manage DSU metadata encryption key through vold.
+allow gsid vold_service:service_manager find;
+binder_call(gsid, vold)
+
 set_prop(gsid, gsid_prop)
 
 # Needed to create/delete device-mapper nodes, and read/write to them.

diff --git a/private/vold.te b/private/vold.te
index 0f464a9..09388f1 100644
--- a/private/vold.te
+++ b/private/vold.te

@@ -44,3 +44,12 @@
     use
 };
 
+neverallow {
+    domain
+    -system_server
+    -vdc
+    -vold
+    -update_verifier
+    -apexd
+    -gsid
+} vold_service:service_manager find;
commit	ffe786ebd74d86af0c46a19dcc568306b3f54aa3	[log] [tgz]
author	Yo Chiang <yochiang@google.com>	Wed Oct 07 13:59:52 2020 +0800
committer	Yo Chiang <yochiang@google.com>	Fri Oct 23 20:30:00 2020 +0800
tree	2190ea147a8938ea845913a149ff5d8a837392cd
parent	c1eb80e302f3a23c9dbbea8ab1fa8a972ff8bf30 [diff]