platform_system_sepolicy/public/credstore.te

# credstore daemon
type credstore, domain;
type credstore_exec, system_file_type, exec_type, file_type;

# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.
Minimize public policy Ideally, public should only contain APIs (types / attributes) for vendor. The other statements like allow/neverallow/typeattributes are regarded as implementation detail for platform and should be in private. Bug: 232023812 Test: m selinux_policy Test: diff <(git diff --staged \| grep "^-" \| cut -b2- \| sort) \ <(git diff --staged \| grep "^+" \| cut -b2- \| sort) Test: remove comments on plat_sepolicy.cil, replace base_typeattr_* to base_typeattr and then compare old and new plat_sepolicy.cil Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12 2024-03-27 09:18:41 +01:00			`# credstore daemon`
Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL. The credstore service is a system service which backs the android.security.identity.* Framework APIs. It essentially calls into the Identity Credential HAL while providing persistent storage for credentials. Bug: 111446262 Test: atest android.security.identity.cts Test: VtsHalIdentityTargetTest Test: android.hardware.identity-support-lib-test Change-Id: I5cd9a6ae810e764326355c0842e88c490f214c60 2020-01-17 22:47:53 +01:00			`type credstore, domain;`
			`type credstore_exec, system_file_type, exec_type, file_type;`
Add "DO NOT ADD statements" comments to public For visibility Bug: 232023812 Test: N/A Change-Id: I0bc6dc568210b81ba1f52acb18afd4bcc454ea1c 2024-03-28 02:37:28 +01:00
			`# system/sepolicy/public is for vendor-facing type and attribute definitions.`
			`# DO NOT ADD allow, neverallow, or dontaudit statements here.`
			`# Instead, add such policy rules to system/sepolicy/private/*.te.`