| Xiaoyong Zhou | 2ebc63b | 2019-01-29 15:27:21 -0800 | [diff] [blame] | 1 | type mini-keyctl, domain, coredomain; |
| 2 | type mini-keyctl_exec, exec_type, file_type, system_file_type; |
| 3 | |
| 4 | init_daemon_domain(mini-keyctl) |
| 5 | |
| 6 | allow mini-keyctl proc_keys:file r_file_perms; |
| 7 | |
| 8 | # Kernel only prints the keys that can be accessed and only kernel keyring is needed here. |
| 9 | dontaudit mini-keyctl init:key view; |
| 10 | dontaudit mini-keyctl vold:key view; |
| Victor Hsieh | f7bf277 | 2019-03-12 13:46:53 -0700 | [diff] [blame] | 11 | allow mini-keyctl kernel:key { view search write setattr }; |
| Xiaoyong Zhou | 2ebc63b | 2019-01-29 15:27:21 -0800 | [diff] [blame] | 12 | allow mini-keyctl mini-keyctl:key { view search write }; |
| 13 | |
| 14 | # When kernel requests an algorithm, the crypto API first looks for an |
| 15 | # already registered algorithm with that name. If it fails, the kernel creates |
| 16 | # an implementation of the algorithm from templates. |
| 17 | dontaudit mini-keyctl kernel:system module_request; |