Due to the nature of RemoteProvisioner being an app, there
are many components under the hood of frameworks that make calls out to
standard app available services. This change allows remote_prov_app to
find any service labeled with app_api_service to avoid the brittleness
that has already arisen from generating SELinux denials on boot, and
avoid any potential unintended functionality consequences as a result of
those.
Test: No selinux denials
Change-Id: I95fc4d15a196646deb6b9f6040bac88ee00b2a7f
The connectivity service manager gets a reference to the tethering
service in its constructor. This causes SELinux denials when the
RemoteProvisioner app attempts to use the connectivity service manager
to figure out when a network is available in order to provision keys.
Test: No SELinux denials!
Change-Id: Icbd776a9b81ee9bb22a2ac6041198fe0a6d3a0d0
The RemoteProvisioner app builds a DeviceInfo CBOR object which is
eventually used as AAD to verify the authenticity of a signed MAC key in
the remote provisioning spec. One of those fields is vendor security
patch level, which this patch grants access for the remote_prov_app
domain to read.
Test: No denials! (atest RemoteProvisionerUnitTests)
Change-Id: Iab0426fb5ec184cda171d67451bf44cae897bf9b
This change adds the SEPolicy changes required to support the remote
provisioning flow. The notable additions are specifically labeling the
remote provisioning app and giving it access to find the remote
provisioning service which is added in keystore. It also requires
network access in order to communicate to the provisioning servers.
This functionality is extremely narrow to the point that it seems worth
it to define a separate domain for this app, rather than add this in to
the priv_app or platform_app permission files. Since this app also
communicates with the network, it also seems advantageous to limit its
permissions only to what is absolutely necessary to perform its
function.
Test: No denials!
Change-Id: I602c12365a575d914afc91f55e6a9b6aa2e14189