Merge "Allow for ISecretkeeper/default" into main am: 3f63eead74 am: 98c169553f am: 42207db4cf

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2829790

Change-Id: I27acef348359e3d2fe1aadcd339dfd27db2d2355
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
David Drysdale 2023-12-06 12:44:04 +00:00 committed by Automerger Merge Worker
commit 71babc2b44
3 changed files with 6 additions and 0 deletions

View file

@ -120,6 +120,7 @@ var (
"android.hardware.security.dice.IDiceDevice/default": EXCEPTION_NO_FUZZER,
"android.hardware.security.keymint.IKeyMintDevice/default": EXCEPTION_NO_FUZZER,
"android.hardware.security.keymint.IRemotelyProvisionedComponent/default": EXCEPTION_NO_FUZZER,
"android.hardware.security.secretkeeper.ISecretkeeper/default": EXCEPTION_NO_FUZZER,
"android.hardware.security.secretkeeper.ISecretkeeper/nonsecure": EXCEPTION_NO_FUZZER,
"android.hardware.security.secureclock.ISecureClock/default": EXCEPTION_NO_FUZZER,
"android.hardware.security.sharedsecret.ISharedSecret/default": EXCEPTION_NO_FUZZER,

View file

@ -125,6 +125,7 @@ android.hardware.secure_element.ISecureElement/eSE3 u:object_r:
android.hardware.secure_element.ISecureElement/SIM1 u:object_r:hal_secure_element_service:s0
android.hardware.secure_element.ISecureElement/SIM2 u:object_r:hal_secure_element_service:s0
android.hardware.secure_element.ISecureElement/SIM3 u:object_r:hal_secure_element_service:s0
android.hardware.security.secretkeeper.ISecretkeeper/default u:object_r:hal_secretkeeper_service:s0
android.hardware.security.secretkeeper.ISecretkeeper/nonsecure u:object_r:hal_secretkeeper_service:s0
android.system.keystore2.IKeystoreService/default u:object_r:keystore_service:s0
android.system.net.netd.INetd/default u:object_r:system_net_netd_service:s0

View file

@ -6,3 +6,7 @@ hal_attribute_service(hal_secretkeeper, hal_secretkeeper_service)
binder_use(hal_secretkeeper_server)
binder_use(hal_secretkeeper_client)
# The Secretkeeper HAL service needs to communicate with a trusted application running
# in the TEE, which is represented by the tee_device permission.
allow hal_secretkeeper_server tee_device:chr_file rw_file_perms;