Merge "Confine keystore, but leave it permissive for now."
This commit is contained in:
commit
cdf54ba7f8
1 changed files with 8 additions and 1 deletions
|
@ -1,6 +1,13 @@
|
|||
type keystore, domain;
|
||||
permissive keystore;
|
||||
type keystore_exec, exec_type, file_type;
|
||||
|
||||
# keystore daemon
|
||||
init_daemon_domain(keystore)
|
||||
unconfined_domain(keystore)
|
||||
typeattribute keystore mlstrustedsubject;
|
||||
binder_use(keystore)
|
||||
binder_service(keystore)
|
||||
allow keystore keystore_data_file:dir create_dir_perms;
|
||||
allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
|
||||
allow keystore keystore_exec:file { getattr };
|
||||
allow keystore tee_device:chr_file rw_file_perms;
|
||||
|
|
Loading…
Reference in a new issue