tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
45629 commits 1 branch 0 tags 50 MiB
Commit graph

9 commits

Author SHA1 Message Date
Eric Biggers
cc5cb431ee Stop granting permissions on keystore_key class 
When keystore was replaced with keystore2 in Android 12, the SELinux
class of keystore keys was changed from keystore_key to keystore2_key.
However, the rules that granted access to keystore_key were never
removed.  This CL removes them, as they are no longer needed.

Don't actually remove the class and its permissions from
private/security_classes and private/access_vectors.  That would break
the build because they're referenced by rules in prebuilts/.

Bug: 171305684
Test: atest CtsKeystoreTestCases
Flag: exempt, removing obsolete code
Change-Id: I35d9ea22c0d069049a892def15a18696c4f287a3
 2023-10-16 22:22:54 +00:00
Janis Danisevskis
79d167704e Add keystore2 namespace for LocksettingsService. 
Bug: 184664830
Test: N/A
Change-Id: Ie04186eddaae689b968690b2bb0d3692c81ac645
 2021-04-14 16:03:13 -07:00
Tianjie
21ab75279a Give resume_on_reboot key as separate context 
As part of the keystore2 requirement, we give the keys used for
resume on reboot a separate context in keystore. And grant system
server the permission to generate, use and delete it.

Bug: 172780686
Test: resume on reboot works after using keystore2
Change-Id: I6b47625a0864a4aa87b815c6d2009cc19ad151a0
 2021-03-04 12:20:19 -08:00
Janis Danisevskis
df31f20dfe Keystore 2.0: Add wifi namespace to sepolicy. 
Add the wifi namespace to sepolicy and allow system_app (Settings) and
wifi_supplicant to manage/use the keys in that namespace

Test: N/A
Bug: 171305388
Change-Id: Ib6af8656b18288a1116c241c2e76d9aea421a889
 2021-02-09 08:28:45 -08:00
Martijn Coenen
ca5699b877 Allow on-device signing daemon to talk to keystore. 
And introduce a new SELinux key domain solely for use by the
on-device signing daemon.

Bug: 165630556
Test: no denials on boot
Change-Id: If0f6797d7326e98f169639169adec6460689f5ca
 2021-02-04 11:56:24 +01:00
Janis Danisevskis
47f3761cc8 Add keystore2_key namespace shell_key for shell. 
Add a keystore2_key namespace that can be used by `shell` for testing.

Bug: 158500146
Bug: 162265751
Test: keystore2_test
Change-Id: I78b9b285969dd503a09609f7bcb02552b24d1a6b
Merged-In: I78b9b285969dd503a09609f7bcb02552b24d1a6b
 2020-08-05 21:58:04 +00:00
Janis Danisevskis
d3451f88be Add su_key, a keystore2_key namespace for su. 
Add a keystore2_key namespace that can be used by `su` for testing.

Test: keystore2_test
Bug: 158500146
Bug: 160623310
Bug: 159466840
Change-Id: I017a10ad8c7fce28e8bc921b764e65c49bae5107
Merged-In: I017a10ad8c7fce28e8bc921b764e65c49bae5107
 2020-08-05 16:11:48 +00:00
Janis Danisevskis
32d7738224 Setup vold_key keystore2_key namespace. 
Allow vold to access its namespace using raw Keymint blobs.

Test: keystore2_test runs some tests against this policy.
Bug: 160623310
Bug: 158500146
Change-Id: Iaf338f1ac48dd56ef6e1b73cb3b8634a91e8bf9f
Merged-In: Iaf338f1ac48dd56ef6e1b73cb3b8634a91e8bf9f
 2020-08-05 16:11:48 +00:00
Janis Danisevskis
c40681f1b5 Add libselinux keystore_key backend. 
We add a new back end for SELinux based keystore2_key namespaces.
This patch adds the rump policy and build system infrastructure
for installing keystore2_key context files on the target devices.

Bug: 158500146
Bug: 159466840
Test: None
Change-Id: I423c9e68ad259926e4a315d052dfda97fa502106
Merged-In: I423c9e68ad259926e4a315d052dfda97fa502106
 2020-08-05 16:11:48 +00:00