tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add convert_storage_key_to_ephemeral to keystore2_key access vector

Browse source 
Introduce the convert_storage_key_to_ephemeral permission to the
keystore2_key access vector and give vold permission to use it. This
permission must be checked when a caller wants to get a per-boot
ephemeral key from a long lived wrapped storage key.

Bug: 181806377
Bug: 181910578
Change-Id: I542c084a8fab5153bc98212af64234e62e9ad032
This commit is contained in:
Satya Tangirala 2021-03-08 09:48:42 -08:00
parent 158db41e21
commit 0653374e71
2 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/access_vectors
View file

@ -731,6 +731,7 @@ class keystore2
class keystore2_key
{
convert_storage_key_to_ephemeral
delete
gen_unique_id
get_info

1
private/vold.te
View file

@ -35,6 +35,7 @@ set_prop(vold, boottime_public_prop)
# Vold will use Keystore instead of using Keymint directly. But it still needs
# to manage its Keymint blobs. This is why it needs the `manage_blob` permission.
allow vold vold_key:keystore2_key {
convert_storage_key_to_ephemeral
delete
get_info
manage_blob