type mini-keyctl, domain, coredomain;
type mini-keyctl_exec, exec_type, file_type, system_file_type;

init_daemon_domain(mini-keyctl)

allow mini-keyctl proc_keys:file r_file_perms;

# Kernel only prints the keys that can be accessed and only kernel keyring is needed here.
dontaudit mini-keyctl init:key view;
dontaudit mini-keyctl vold:key view;
allow mini-keyctl kernel:key { view search write };
allow mini-keyctl mini-keyctl:key { view search write };

# When kernel requests an algorithm, the crypto API first looks for an
# already registered algorithm with that name. If it fails, the kernel creates
# an implementation of the algorithm from templates.
dontaudit mini-keyctl kernel:system module_request;