tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Revert "Allow vold to deleteAllKeys in Keystore"" into sc-dev am: 9de6c0e94c am: e752bb5937

Browse source 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/15536475

Change-Id: I6d3ea4b89d17cae81e528ab2d6663ae1ff7b8054
This commit is contained in:
Shawn Willden 2021-08-12 01:57:03 +00:00 committed by Automerger Merge Worker
commit e0dec2c372
6 changed files with 2 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
prebuilts/api/31.0/private/access_vectors
View file

@ -730,7 +730,6 @@ class keystore2
report_off_body
reset
unlock
delete_all_keys
}
class keystore2_key

1
prebuilts/api/31.0/private/property_contexts
View file

@ -499,7 +499,6 @@ ro.crypto.allow_encrypt_override u:object_r:vold_config_prop:s0 e
ro.crypto.dm_default_key.options_format.version u:object_r:vold_config_prop:s0 exact int
ro.crypto.fde_algorithm u:object_r:vold_config_prop:s0 exact string
ro.crypto.fde_sector_size u:object_r:vold_config_prop:s0 exact int
ro.crypto.metadata_init_delete_all_keys.enabled u:object_r:vold_config_prop:s0 exact bool
ro.crypto.scrypt_params u:object_r:vold_config_prop:s0 exact string
ro.crypto.set_dun u:object_r:vold_config_prop:s0 exact bool
ro.crypto.volume.contents_mode u:object_r:vold_config_prop:s0 exact string

3
prebuilts/api/31.0/private/vold.te
View file

@ -53,9 +53,8 @@ allow vold keystore:binder call;
allow vold keystore_service:service_manager find;
allow vold keystore_maintenance_service:service_manager find;
# vold needs to be able to call earlyBootEnded() and deleteAllKeys()
# vold needs to be able to call earlyBootEnded()
allow vold keystore:keystore2 early_boot_ended;
allow vold keystore:keystore2 delete_all_keys;
neverallow {
domain

1
private/access_vectors
View file

@ -730,7 +730,6 @@ class keystore2
report_off_body
reset
unlock
delete_all_keys
}
class keystore2_key

1
private/property_contexts
View file

@ -499,7 +499,6 @@ ro.crypto.allow_encrypt_override u:object_r:vold_config_prop:s0 e
ro.crypto.dm_default_key.options_format.version u:object_r:vold_config_prop:s0 exact int
ro.crypto.fde_algorithm u:object_r:vold_config_prop:s0 exact string
ro.crypto.fde_sector_size u:object_r:vold_config_prop:s0 exact int
ro.crypto.metadata_init_delete_all_keys.enabled u:object_r:vold_config_prop:s0 exact bool
ro.crypto.scrypt_params u:object_r:vold_config_prop:s0 exact string
ro.crypto.set_dun u:object_r:vold_config_prop:s0 exact bool
ro.crypto.volume.contents_mode u:object_r:vold_config_prop:s0 exact string

3
private/vold.te
View file

@ -53,9 +53,8 @@ allow vold keystore:binder call;
allow vold keystore_service:service_manager find;
allow vold keystore_maintenance_service:service_manager find;
# vold needs to be able to call earlyBootEnded() and deleteAllKeys()
# vold needs to be able to call earlyBootEnded()
allow vold keystore:keystore2 early_boot_ended;
allow vold keystore:keystore2 delete_all_keys;
neverallow {
domain