Add keystore permission for metrics re-routing.
Keystore2 atoms need to be rounted to statsd via a proxy.
The proxy needs to have this permission in order to pull metrics from
keystore.
Ignore-AOSP-First: No mergepath to AOSP.
Bug: 188590587
Test: Statsd Testdrive script
Change-Id: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
Merged-In: Ic94f4bb19a08b6300cfd2d3ed09b31d5b7081bfd
(cherry picked from commit 61d07e7ce0)
This commit is contained in:
Hasini Gunasinghe
Joel Galenson
parent
4678660d83
commit
4334d35f01
12 changed files with 14 additions and 0 deletions
|
|
@ -726,6 +726,7 @@ class keystore2
|
|||
get_state
|
||||
list
|
||||
lock
|
||||
pull_metrics
|
||||
report_off_body
|
||||
reset
|
||||
unlock
|
||||
|
|
|
|||
|
|
@ -70,6 +70,7 @@
|
|||
hw_timeout_multiplier_prop
|
||||
keystore_compat_hal_service
|
||||
keystore_maintenance_service
|
||||
keystore_metrics_service
|
||||
keystore2_key_contexts_file
|
||||
legacy_permission_service
|
||||
legacykeystore_service
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ android.security.identity u:object_r:credstore_service:s0
|
|||
android.security.keystore u:object_r:keystore_service:s0
|
||||
android.security.legacykeystore u:object_r:legacykeystore_service:s0
|
||||
android.security.maintenance u:object_r:keystore_maintenance_service:s0
|
||||
android.security.metrics u:object_r:keystore_metrics_service:s0
|
||||
android.security.remoteprovisioning u:object_r:remoteprovisioning_service:s0
|
||||
android.service.gatekeeper.IGateKeeperService u:object_r:gatekeeper_service:s0
|
||||
app_binding u:object_r:app_binding_service:s0
|
||||
|
|
|
|||
|
|
@ -853,6 +853,7 @@ allow system_server incremental_service:service_manager find;
|
|||
allow system_server installd_service:service_manager find;
|
||||
allow system_server iorapd_service:service_manager find;
|
||||
allow system_server keystore_maintenance_service:service_manager find;
|
||||
allow system_server keystore_metrics_service:service_manager find;
|
||||
allow system_server keystore_service:service_manager find;
|
||||
allow system_server mediaserver_service:service_manager find;
|
||||
allow system_server mediametrics_service:service_manager find;
|
||||
|
|
@ -903,6 +904,7 @@ allow system_server keystore:keystore2 {
|
|||
clear_uid
|
||||
get_state
|
||||
lock
|
||||
pull_metrics
|
||||
reset
|
||||
unlock
|
||||
};
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ add_service(keystore, apc_service)
|
|||
add_service(keystore, keystore_compat_hal_service)
|
||||
add_service(keystore, authorization_service)
|
||||
add_service(keystore, keystore_maintenance_service)
|
||||
add_service(keystore, keystore_metrics_service)
|
||||
add_service(keystore, legacykeystore_service)
|
||||
|
||||
# Check SELinux permissions.
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ type installd_service, service_manager_type;
|
|||
type credstore_service, app_api_service, service_manager_type;
|
||||
type keystore_compat_hal_service, service_manager_type;
|
||||
type keystore_maintenance_service, service_manager_type;
|
||||
type keystore_metrics_service, service_manager_type;
|
||||
type keystore_service, service_manager_type;
|
||||
type legacykeystore_service, service_manager_type;
|
||||
type lpdump_service, service_manager_type;
|
||||
|
|
|
|||
|
|
@ -726,6 +726,7 @@ class keystore2
|
|||
get_state
|
||||
list
|
||||
lock
|
||||
pull_metrics
|
||||
report_off_body
|
||||
reset
|
||||
unlock
|
||||
|
|
|
|||
|
|
@ -73,6 +73,7 @@
|
|||
hw_timeout_multiplier_prop
|
||||
keystore_compat_hal_service
|
||||
keystore_maintenance_service
|
||||
keystore_metrics_service
|
||||
keystore2_key_contexts_file
|
||||
legacy_permission_service
|
||||
legacykeystore_service
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ android.security.identity u:object_r:credstore_service:s0
|
|||
android.security.keystore u:object_r:keystore_service:s0
|
||||
android.security.legacykeystore u:object_r:legacykeystore_service:s0
|
||||
android.security.maintenance u:object_r:keystore_maintenance_service:s0
|
||||
android.security.metrics u:object_r:keystore_metrics_service:s0
|
||||
android.security.remoteprovisioning u:object_r:remoteprovisioning_service:s0
|
||||
android.service.gatekeeper.IGateKeeperService u:object_r:gatekeeper_service:s0
|
||||
app_binding u:object_r:app_binding_service:s0
|
||||
|
|
|
|||
|
|
@ -853,6 +853,7 @@ allow system_server incremental_service:service_manager find;
|
|||
allow system_server installd_service:service_manager find;
|
||||
allow system_server iorapd_service:service_manager find;
|
||||
allow system_server keystore_maintenance_service:service_manager find;
|
||||
allow system_server keystore_metrics_service:service_manager find;
|
||||
allow system_server keystore_service:service_manager find;
|
||||
allow system_server mediaserver_service:service_manager find;
|
||||
allow system_server mediametrics_service:service_manager find;
|
||||
|
|
@ -903,6 +904,7 @@ allow system_server keystore:keystore2 {
|
|||
clear_uid
|
||||
get_state
|
||||
lock
|
||||
pull_metrics
|
||||
reset
|
||||
unlock
|
||||
};
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ add_service(keystore, apc_service)
|
|||
add_service(keystore, keystore_compat_hal_service)
|
||||
add_service(keystore, authorization_service)
|
||||
add_service(keystore, keystore_maintenance_service)
|
||||
add_service(keystore, keystore_metrics_service)
|
||||
add_service(keystore, legacykeystore_service)
|
||||
|
||||
# Check SELinux permissions.
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ type installd_service, service_manager_type;
|
|||
type credstore_service, app_api_service, service_manager_type;
|
||||
type keystore_compat_hal_service, service_manager_type;
|
||||
type keystore_maintenance_service, service_manager_type;
|
||||
type keystore_metrics_service, service_manager_type;
|
||||
type keystore_service, service_manager_type;
|
||||
type legacykeystore_service, service_manager_type;
|
||||
type lpdump_service, service_manager_type;
|
||||
|
|
|
|||
Loading…
Reference in a new issue