Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 1f87fbd9fa1bdfb7183cc8da83d6058b84ef5861 / . / microdroid / system / private / compos.te
blob: a126a022dddcda5b1a11c66916c2671ed396a128 [file] [log] [blame]
Inseob Kim7560aed2021-07-20 09:57:57 +0000[diff] [blame]1# TODO(b/193504816): move this to compos APEX
Inseob Kim1f87fbd2021-07-26 05:56:31 +0000[diff] [blame^]2type compos, domain, coredomain, microdroid_payload;
Inseob Kim7560aed2021-07-20 09:57:57 +0000[diff] [blame]3type compos_exec, exec_type, file_type, system_file_type;
4
5type compos_key_cmd, domain, coredomain;
6type compos_key_cmd_exec, exec_type, file_type, system_file_type;
7
Inseob Kim7560aed2021-07-20 09:57:57 +0000[diff] [blame]8allow compos self:vsock_socket { create_socket_perms_no_ioctl listen accept };
9
Inseob Kim1f87fbd2021-07-26 05:56:31 +0000[diff] [blame^]10# Talk to binder services (for keystore)
11binder_use(compos);
Inseob Kim7560aed2021-07-20 09:57:57 +0000[diff] [blame]12
Inseob Kim1f87fbd2021-07-26 05:56:31 +0000[diff] [blame^]13# Allow payloads to use keystore
14use_keystore(compos);
15
16# Allow payloads to use and manage their keys
17allow compos vm_payload_key:keystore2_key {
18 delete
19 get_info
20 manage_blob
21 rebind
22 use
23};