tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow compos to use diced

Browse source 
Bug: 214233409
Test: composd_cmd dice
Change-Id: I82b4bd87db879f378d2fafb6e2db7e2544fef5de
This commit is contained in:
Alan Stokes 2022-01-17 13:50:16 +00:00
parent f3ec0742ed
commit 50d2195cab
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
microdroid/system/private/compos.te
View file

@ -2,13 +2,19 @@
type compos, domain, coredomain, microdroid_payload;
type compos_exec, exec_type, file_type, system_file_type;
# Expose RPC Binder service over vsock
allow compos self:vsock_socket { create_socket_perms_no_ioctl listen accept };
# Allow using keystore and authfs_service binder services
# Allow using various binder services
binder_use(compos);
use_keystore(compos);
allow compos authfs_binder_service:service_manager find;
allow compos {
authfs_binder_service
dice_node_service
}:service_manager find;
binder_call(compos, authfs_service);
binder_call(compos, diced);
allow compos diced:diced { get_attestation_chain use_sign };
# Allow payloads to use and manage their keys
allow compos vm_payload_key:keystore2_key {