This change allows remote_prov_app to find mediametrics. This is a
permission that all apps have. It is now needed for remote_prov_app due
to a new feature related to provisioning Widevine through the MediaDrm
framework.
Bug: 235491155
Test: no selinux denials related to remote_prov_app
Change-Id: Id3057b036486288358a9a84100fe808eb56df5fe
Merged-In: Id3057b036486288358a9a84100fe808eb56df5fe
The properties for rkp_only are no longer read only.
This allows remote provisioner unit tests to enable/disable the remote
provisioning only mode, which is required to fully verify functionality.
Test: RemoteProvisionerUnitTests
Bug: 227306369
Change-Id: I8006712a49c4d0605f6268068414b49714bbd939
These properties are used to inform keystore2 and the RemoteProvisioner
app how they should behave in the system in the event that RKP keys are
exhausted. The usual behavior in a hybrid system is not to take any
action and fallback to the factory provisioned key if key attestation is
requested and no remotely provisioned keys are available.
However, there are instances where this could happen on a device that
was intended to be RKP only, in which case the system needs to know that
it should go ahead and attempt to remotely provision new certificates or
throw an error in the case where none are available.
Test: New properties are accessible from the two domains
Change-Id: I8d6c9e650566499bf08cfda2f71c64d5c2b26fd6
Due to the nature of RemoteProvisioner being an app, there
are many components under the hood of frameworks that make calls out to
standard app available services. This change allows remote_prov_app to
find any service labeled with app_api_service to avoid the brittleness
that has already arisen from generating SELinux denials on boot, and
avoid any potential unintended functionality consequences as a result of
those.
Test: No selinux denials
Change-Id: I95fc4d15a196646deb6b9f6040bac88ee00b2a7f
The connectivity service manager gets a reference to the tethering
service in its constructor. This causes SELinux denials when the
RemoteProvisioner app attempts to use the connectivity service manager
to figure out when a network is available in order to provision keys.
Test: No SELinux denials!
Change-Id: Icbd776a9b81ee9bb22a2ac6041198fe0a6d3a0d0
The RemoteProvisioner app builds a DeviceInfo CBOR object which is
eventually used as AAD to verify the authenticity of a signed MAC key in
the remote provisioning spec. One of those fields is vendor security
patch level, which this patch grants access for the remote_prov_app
domain to read.
Test: No denials! (atest RemoteProvisionerUnitTests)
Change-Id: Iab0426fb5ec184cda171d67451bf44cae897bf9b
This change adds the SEPolicy changes required to support the remote
provisioning flow. The notable additions are specifically labeling the
remote provisioning app and giving it access to find the remote
provisioning service which is added in keystore. It also requires
network access in order to communicate to the provisioning servers.
This functionality is extremely narrow to the point that it seems worth
it to define a separate domain for this app, rather than add this in to
the priv_app or platform_app permission files. Since this app also
communicates with the network, it also seems advantageous to limit its
permissions only to what is absolutely necessary to perform its
function.
Test: No denials!
Change-Id: I602c12365a575d914afc91f55e6a9b6aa2e14189
