am cdf54ba7: Merge "Confine keystore, but leave it permissive for now."
* commit 'cdf54ba7f8846aac62350ee47867ddc85d9e64d1': Confine keystore, but leave it permissive for now.
This commit is contained in:
Nick Kralevich
Android Git Automerger
commit
57cc77ffca
1 changed files with 8 additions and 1 deletions
|
|
@ -1,6 +1,13 @@
|
|||
type keystore, domain;
|
||||
permissive keystore;
|
||||
type keystore_exec, exec_type, file_type;
|
||||
|
||||
# keystore daemon
|
||||
init_daemon_domain(keystore)
|
||||
unconfined_domain(keystore)
|
||||
typeattribute keystore mlstrustedsubject;
|
||||
binder_use(keystore)
|
||||
binder_service(keystore)
|
||||
allow keystore keystore_data_file:dir create_dir_perms;
|
||||
allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
|
||||
allow keystore keystore_exec:file { getattr };
|
||||
allow keystore tee_device:chr_file rw_file_perms;
|
||||
|
|
|
|||
Loading…
Reference in a new issue