Merge "Move list permission from keystore2_key to keystore class."

2020-10-01 16:49:33 +00:00 · 2020-10-01 16:49:33 +00:00 · 7736979337
commit 7736979337
parent d2acfb0f9c ed96f5c518
7 changed files with 4 additions and 7 deletions
--- a/private/access_vectors
+++ b/private/access_vectors
@ -716,6 +716,7 @@ class keystore2
 	add_auth
 	clear_ns
 	get_state
+	list
 	lock
 	reset
 	unlock
@ -727,7 +728,6 @@ class keystore2_key
 	gen_unique_id
 	get_info
 	grant
-	list
 	manage_blob
 	rebind
 	req_forced_op
--- a/private/binderservicedomain.te
+++ b/private/binderservicedomain.te
@ -19,6 +19,6 @@ allow binderservicedomain permission_service:service_manager find;

 allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
 allow binderservicedomain keystore:keystore2 { get_state };
-allow binderservicedomain keystore:keystore2_key { delete get_info list rebind use };
+allow binderservicedomain keystore:keystore2_key { delete get_info rebind use };

 use_keystore(binderservicedomain)
--- a/private/shell.te
+++ b/private/shell.te
@ -152,4 +152,4 @@ userdebug_or_eng(`
 allow shell keystore2_key_contexts_file:file r_file_perms;

 # Allow shell to access the keystore2_key namespace shell_key. Mainly used for native tests.
-allow shell shell_key:keystore2_key { delete rebind use get_info list update };
+allow shell shell_key:keystore2_key { delete rebind use get_info update };
--- a/private/system_app.te
+++ b/private/system_app.te
@ -139,7 +139,6 @@ allow system_app keystore:keystore2_key {
    delete
    get_info
    grant
-    list
    rebind
    update
    use
--- a/private/system_server.te
+++ b/private/system_server.te
@ -837,7 +837,6 @@ allow system_server keystore:keystore2_key {
 	use_dev_id
 	grant
 	get_info
-	list
 	rebind
 	update
 	use
--- a/private/vold.te
+++ b/private/vold.te
@ -37,7 +37,6 @@ set_prop(vold, boottime_public_prop)
 allow vold vold_key:keystore2_key {
    delete
    get_info
-    list
    manage_blob
    rebind
    req_forced_op
--- a/public/app.te
+++ b/public/app.te
@ -295,7 +295,7 @@ control_logd({ appdomain -ephemeral_app })
 allow appdomain zygote:unix_dgram_socket write;

 allow { appdomain -isolated_app -ephemeral_app } keystore:keystore_key { get_state get insert delete exist list sign verify };
-allow { appdomain -isolated_app -ephemeral_app } keystore:keystore2_key { delete use get_info list rebind update };
+allow { appdomain -isolated_app -ephemeral_app } keystore:keystore2_key { delete use get_info rebind update };

 use_keystore({ appdomain -isolated_app -ephemeral_app })