tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add get_auth_token permission to allow credstore to call keystore2.

Browse source 
This CL adds a new keystore2 permission "get_auth_token"and grants this
permission to credstore which needs to call keystore2 to obtain
authtokens.

Bug: 159475191
Test: CtsVerifier
Change-Id: I1c02ea73afa6fe0b12a2d74e51fb4a8a94fd4baf
This commit is contained in:
Hasini Gunasinghe 2020-12-03 21:40:53 +00:00
parent c0119885d6
commit db88d1555f
2 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/access_vectors
View file

@ -718,6 +718,7 @@ class keystore2
change_user
clear_ns
clear_uid
get_auth_token
get_state
list
lock

2
public/credstore.te
View file

@ -12,6 +12,8 @@ allow credstore credstore_data_file:file create_file_perms;
add_service(credstore, credstore_service)
allow credstore sec_key_att_app_id_provider_service:service_manager find;
allow credstore dropbox_service:service_manager find;
allow credstore authorization_service:service_manager find;
allow credstore keystore:keystore2 get_auth_token;
r_dir_file(credstore, cgroup)
r_dir_file(credstore, cgroup_v2)