Allow virtualizationserver->ISecretkeeper am: 3242c6a271

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2967566 Change-Id: I4c11744bb369f0fb72869f7a74f2adda7ec40079 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-20 09:03:00 +00:00 · 2024-02-20 09:03:00 +00:00 · d63c142e10
commit d63c142e10
parent 8dae0dd2db 3242c6a271
1 changed files with 3 additions and 0 deletions
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@ -33,6 +33,9 @@ allow virtualizationservice permission_service:service_manager find;
 binder_call(virtualizationservice, remote_provisioning_service)
 allow virtualizationservice remote_provisioning_service:service_manager find;

+# Allow virtualizationservice to manage VM secrets via Secretkeeper.
+hal_client_domain(virtualizationservice, hal_secretkeeper)
+
 # Let virtualizationservice remove memlock rlimit of virtualizationmanager. This is necessary
 # to mlock VM memory and page tables.
 allow virtualizationservice self:capability sys_resource;