From 248e8a998fb99e54bf3aef0d9eb1fa7f4bb8b5ac Mon Sep 17 00:00:00 2001
From: Andrew Scull <ascull@google.com>
Date: Sun, 30 Jan 2022 22:42:38 +0000
Subject: [PATCH] Allow the microdroid app to use diced

Bug: 214231981
Test: atest MicrodroidTestApp
Change-Id: I9672d678c7b698d15a0efa8dab567dbc2696ca81
---
 microdroid/system/private/microdroid_app.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/microdroid/system/private/microdroid_app.te b/microdroid/system/private/microdroid_app.te
index b71ae8d2f..de5832635 100644
--- a/microdroid/system/private/microdroid_app.te
+++ b/microdroid/system/private/microdroid_app.te
@@ -11,3 +11,7 @@ type microdroid_app_exec, exec_type, file_type, system_file_type;
 
 # Talk to binder services (for diced)
 binder_use(microdroid_app);
+
+allow microdroid_app dice_node_service:service_manager find;
+binder_call(microdroid_app, diced);
+allow microdroid_app diced:diced { get_attestation_chain derive };