Add set property permissions to RKPD application. am: 01390087b1 am: 507df367fc

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2491884 Change-Id: I7b856bc5724c0ebc9389c57ad8c59c1bba0f8d93 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-03-16 22:33:46 +00:00 · 2023-03-16 22:33:46 +00:00 · a6c082cb8c
commit a6c082cb8c
parent 964872fbe5 507df367fc
2 changed files with 2 additions and 1 deletions
--- a/private/property.te
+++ b/private/property.te
@ -633,6 +633,7 @@ neverallow {
  -init
  -remote_prov_app
  -shell
+  -rkpdapp
 } remote_prov_prop:property_service set;

 neverallow {
--- a/private/rkpd_app.te
+++ b/private/rkpd_app.te
@ -12,7 +12,7 @@ hal_client_domain(rkpdapp, hal_keymint)

 # Grant access to certain system properties related to RKP
 get_prop(rkpdapp, device_config_remote_key_provisioning_native_prop)
-get_prop(rkpdapp, remote_prov_prop)
+set_prop(rkpdapp, remote_prov_prop)

 # Grant access to the normal services that are available to all apps
 allow rkpdapp app_api_service:service_manager find;