tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private/keystore.te
Alice Wang e79bbf9cf8 Revert^4 "[avf][rkp] Allow virtualizationservice to register RKP HAL" 
Revert submission 2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK

Reason for revert: Relands the original topic:
https://r.android.com/q/topic:%22expose-avf-rkp-hal%22

Changes from the reverted cl aosp/2812455:
 - The AIDL service type has been renamed from avf_* to hal_* to be
   consistent with the others.

 - The new AIDL service type, hal_remotelyprovisionedcomponent_avf_service,
   for the IRPC/avf service, has been set up with the server/client model
   for AIDL Hal. The virtualizationservice is declared as server and
   RKPD is declared as client to access the service instead of raw
   service permission setup as in the reverted cl. This is aligned
   with the AIDL Hal configuration recommendation.

 - Since the existing type for IRPC hal_remotelyprovisionedcomponent is
   already associated with keymint server/client and has specific
   permission requirements, and some of the keymint clients might not
   need the AVF Hal. We decided to create a new AIDL service type
   instead of reusing the exisiting keymint service type.

Reverted changes: /q/submissionid:2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK

Bug: 312427637
Bug: 310744536
Bug: 299257581
Test: atest MicrodroidHostTests librkp_support_test
Change-Id: Id37764b5f98e3c30c0c63601560697cf1c02c0ad
2023-11-22 08:21:27 +00:00

50 lines
1.7 KiB
Text
Raw Blame History

typeattribute keystore coredomain;
init_daemon_domain(keystore)
# talk to keymaster
hal_client_domain(keystore, hal_keymaster)
# talk to confirmationui
hal_client_domain(keystore, hal_confirmationui)
# talk to keymint
hal_client_domain(keystore, hal_keymint)
# Ignore keystore attempts to access the AVF RKP Hal but keystore is not suppose to
# access it.
# TODO(b/312427637): Investigate the reason and fix the denial.
dontaudit keystore hal_remotelyprovisionedcomponent_avf_service:service_manager { find };
# This is used for the ConfirmationUI async callback.
allow keystore platform_app:binder call;
# Allow to check whether security logging is enabled.
get_prop(keystore, device_logging_prop)
# Allow keystore to check if the system is rkp only.
get_prop(keystore, remote_prov_prop)
# Allow keystore to check rkpd feature flags
get_prop(keystore, device_config_remote_key_provisioning_native_prop)
# Allow keystore to write to statsd.
unix_socket_send(keystore, statsdw, statsd)
# Keystore need access to the keystore2_key_contexts file to load the keystore key backend.
allow keystore keystore2_key_contexts_file:file r_file_perms;
# Allow keystore to listen to changing boot levels
get_prop(keystore, keystore_listen_prop)
# Keystore needs to transfer binder references to vold so that it
# can call keystore methods on those references.
allow keystore vold:binder transfer;
# Only keystore can set keystore.crash_count system property. Since init is allowed to set any
# system property, an exception is added for init as well.
set_prop(keystore, keystore_crash_prop)
neverallow { domain -keystore -init } keystore_crash_prop:property_service set;
# keystore is using apex_info via libvintf
use_apex_info(keystore)
Reference in a new issue View git blame Copy permalink