typeattribute credstore coredomain;

init_daemon_domain(credstore)

# talk to Identity Credential
hal_client_domain(credstore, hal_identity)

# talk to keymint, specifically for IRemotelyProvisionedComponent/default
hal_client_domain(credstore, hal_keymint)

# credstore needs to get keys from the RKPD
get_prop(credstore, remote_prov_prop)
allow credstore remote_provisioning_service:service_manager find;

binder_use(credstore)
binder_service(credstore)
binder_call(credstore, system_server)

allow credstore credstore_data_file:dir create_dir_perms;
allow credstore credstore_data_file:file create_file_perms;

add_service(credstore, credstore_service)
allow credstore sec_key_att_app_id_provider_service:service_manager find;
allow credstore dropbox_service:service_manager find;
allow credstore authorization_service:service_manager find;
allow credstore keystore:keystore2 get_auth_token;

r_dir_file(credstore, cgroup)
r_dir_file(credstore, cgroup_v2)