As part of the keystore2 requirement, we give the keys used for
resume on reboot a separate context in keystore. And grant system
server the permission to generate, use and delete it.
Bug: 172780686
Test: resume on reboot works after using keystore2
Change-Id: I6b47625a0864a4aa87b815c6d2009cc19ad151a0
Add the wifi namespace to sepolicy and allow system_app (Settings) and
wifi_supplicant to manage/use the keys in that namespace
Test: N/A
Bug: 171305388
Change-Id: Ib6af8656b18288a1116c241c2e76d9aea421a889
And introduce a new SELinux key domain solely for use by the
on-device signing daemon.
Bug: 165630556
Test: no denials on boot
Change-Id: If0f6797d7326e98f169639169adec6460689f5ca
Add a keystore2_key namespace that can be used by `shell` for testing.
Bug: 158500146
Bug: 162265751
Test: keystore2_test
Change-Id: I78b9b285969dd503a09609f7bcb02552b24d1a6b
Merged-In: I78b9b285969dd503a09609f7bcb02552b24d1a6b
Add a keystore2_key namespace that can be used by `su` for testing.
Test: keystore2_test
Bug: 158500146
Bug: 160623310
Bug: 159466840
Change-Id: I017a10ad8c7fce28e8bc921b764e65c49bae5107
Merged-In: I017a10ad8c7fce28e8bc921b764e65c49bae5107
Allow vold to access its namespace using raw Keymint blobs.
Test: keystore2_test runs some tests against this policy.
Bug: 160623310
Bug: 158500146
Change-Id: Iaf338f1ac48dd56ef6e1b73cb3b8634a91e8bf9f
Merged-In: Iaf338f1ac48dd56ef6e1b73cb3b8634a91e8bf9f
We add a new back end for SELinux based keystore2_key namespaces.
This patch adds the rump policy and build system infrastructure
for installing keystore2_key context files on the target devices.
Bug: 158500146
Bug: 159466840
Test: None
Change-Id: I423c9e68ad259926e4a315d052dfda97fa502106
Merged-In: I423c9e68ad259926e4a315d052dfda97fa502106
