typeattribute keystore coredomain; init_daemon_domain(keystore) # talk to keymaster hal_client_domain(keystore, hal_keymaster) # talk to confirmationui hal_client_domain(keystore, hal_confirmationui) # talk to keymint hal_client_domain(keystore, hal_keymint) # This is used for the ConfirmationUI async callback. allow keystore platform_app:binder call; # Allow to check whether security logging is enabled. get_prop(keystore, device_logging_prop) # Allow keystore to write to statsd. unix_socket_send(keystore, statsdw, statsd) # Allow keystore to register callbacks with statsd. allow keystore stats_service:service_manager find; binder_call(keystore, statsd); # Keystore need access to the keystore_key context files to load the keystore key backend. allow keystore keystore2_key_contexts_file:file r_file_perms; get_prop(keystore, keystore_listen_prop) # Keystore needs to transfer binder references to vold and wait_for_keymaster so that they # can call keystore methods on those references. allow keystore vold:binder transfer; allow keystore wait_for_keymaster:binder transfer;