d3451f88be
Add a keystore2_key namespace that can be used by `su` for testing. Test: keystore2_test Bug: 158500146 Bug: 160623310 Bug: 159466840 Change-Id: I017a10ad8c7fce28e8bc921b764e65c49bae5107 Merged-In: I017a10ad8c7fce28e8bc921b764e65c49bae5107
27 lines
882 B
Text
27 lines
882 B
Text
userdebug_or_eng(`
|
|
typeattribute su coredomain;
|
|
|
|
domain_auto_trans(shell, su_exec, su)
|
|
# Allow dumpstate to call su on userdebug / eng builds to collect
|
|
# additional information.
|
|
domain_auto_trans(dumpstate, su_exec, su)
|
|
|
|
# Make sure that dumpstate runs the same from the "su" domain as
|
|
# from the "init" domain.
|
|
domain_auto_trans(su, dumpstate_exec, dumpstate)
|
|
|
|
# Put the incident command into its domain so it is the same on user, userdebug and eng.
|
|
domain_auto_trans(su, incident_exec, incident)
|
|
|
|
# Put the perfetto command into its domain so it is the same on user, userdebug and eng.
|
|
domain_auto_trans(su, perfetto_exec, perfetto)
|
|
|
|
# su is also permissive to permit setenforce.
|
|
permissive su;
|
|
|
|
app_domain(su)
|
|
|
|
# Do not audit accesses to keystore2 namespace for the su domain.
|
|
dontaudit su keystore2_key_type:{ keystore2 keystore2_key } *;
|
|
|
|
')
|