From 72acd6bbbe65f8d776028a4097c427fd1dad235b Mon Sep 17 00:00:00 2001
From: Robin Lee <rgl@google.com>
Date: Wed, 27 Aug 2014 21:35:34 +0100
Subject: [PATCH] Allow system reset_uid, sync_uid, password_uid

Permits the system server to change keystore passwords for users other
than primary.

(cherrypicked from commit de08be8aa006c313e5025ba5f032abf786a39f71)

Bug: 16233206
Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
---
 access_vectors   | 3 +++
 system_server.te | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/access_vectors b/access_vectors
index 659fb3632..320a1c897 100644
--- a/access_vectors
+++ b/access_vectors
@@ -914,6 +914,9 @@ class keystore_key
 	grant
 	duplicate
 	clear_uid
+	reset_uid
+	sync_uid
+	password_uid
 }
 
 class debuggerd
diff --git a/system_server.te b/system_server.te
index 006837834..438d09d58 100644
--- a/system_server.te
+++ b/system_server.te
@@ -381,6 +381,9 @@ allow system_server keystore:keystore_key {
 	grant
 	duplicate
 	clear_uid
+	reset_uid
+	sync_uid
+	password_uid
 };
 
 # Allow system server to search and write to the persistent data block device