tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add policy for property ro.android.security.keystore2.enable

Browse source 
Bug: 171563717
Bug: 171305684
Test: N/A
Change-Id: I323081fd2ce2fee80951c3d1e19b9935e4596705
This commit is contained in:
Janis Danisevskis 2020-10-23 11:16:34 -07:00
parent 45ac6e8400
commit 202e8636ac
5 changed files with 25 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
private/property.te
View file

@ -20,6 +20,9 @@ system_internal_prop(traced_perf_enabled_prop)
system_internal_prop(userspace_reboot_log_prop)
system_internal_prop(userspace_reboot_test_prop)
# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
system_internal_prop(keystore2_enable_prop)
###
### Neverallow rules
###
@ -470,3 +473,12 @@ neverallow {
} {
lower_kptr_restrict_prop
}:property_service set;
# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
neverallow {
-init
-dumpstate
-system_app
-system_server
-zygote
} keystore2_enable_prop:file no_rw_file_perms;

4
private/property_contexts
View file

@ -920,3 +920,7 @@ power.battery_input.suspended u:object_r:power_debug_prop:s0 exact bool
# zygote config property
zygote.critical_window.minute u:object_r:zygote_config_prop:s0 exact int
# Enable Keystore 2.0.
# TODO remove this propertye when Keystore 2.0 migration is complete b/171563717
ro.android.security.keystore2.enable u:object_r:keystore2_enable_prop:s0 exact bool

3
private/system_app.te
View file

@ -164,6 +164,9 @@ allow system_app system_server:udp_socket {
# Settings app reads ro.oem_unlock_supported
get_prop(system_app, oem_unlock_prop)
# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
get_prop(system_app, keystore2_enable_prop)
###
### Neverallow rules
###

3
private/system_server.te
View file

@ -1202,6 +1202,9 @@ neverallow {
# Read/Write /proc/pressure/memory
allow system_server proc_pressure_mem:file rw_file_perms;
# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
get_prop(system_server, keystore2_enable_prop)
# dexoptanalyzer is currently used only for secondary dex files which
# system_server should never access.
neverallow system_server dexoptanalyzer_exec:file no_x_file_perms;

3
private/zygote.te
View file

@ -209,6 +209,9 @@ get_prop(zygote, packagemanager_config_prop)
# Allow zygote to read /apex/apex-info-list.xml
allow zygote apex_info_file:file r_file_perms;
# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
get_prop(zygote, keystore2_enable_prop)
###
### neverallow rules
###