tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Limit special file permissions to the keymint server domain

Browse source 
There are still some paths (potentially obsolete) on non-treble devices
where hal_keymint_client domains have the hal_keymint typeattribute
applied. In these cases, those domains also pick up the file access
permissions currently granted to hal_keymint.

Clean this up by limiting the permissions to hal_keymint_server only.

Test: VtsAidlKeyMintTargetTest
Change-Id: If1a437636824df254da245e7587df825b6963ed9
This commit is contained in:
Seth Moore 2022-11-02 21:06:57 -07:00
parent 2c818d9b32
commit 970cfa5674
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
public/hal_keymint.te
View file

@ -4,5 +4,5 @@ hal_attribute_service(hal_keymint, hal_keymint_service)
hal_attribute_service(hal_keymint, hal_remotelyprovisionedcomponent_service)
binder_call(hal_keymint_server, servicemanager)
allow hal_keymint tee_device:chr_file rw_file_perms;
allow hal_keymint ion_device:chr_file r_file_perms;
allow hal_keymint_server tee_device:chr_file rw_file_perms;
allow hal_keymint_server ion_device:chr_file r_file_perms;