e1c49f5524
We need to separate out the feature flags in use by remote key provisioning daemon (RKPD). For this, I have set up a new namespace remote_key_provisioning_native. This change adds the SELinux policies to make sure appropriate permissions are present when accessing the feature flag for read/write. Change-Id: I9e73a623f847a058b6236dd0aa370a7f9a9e6da7 Test: TreeHugger
15 lines
375 B
Text
15 lines
375 B
Text
# Policies for Remote Key Provisioning Daemon (rkpd)
|
|
type rkpd, domain;
|
|
type rkpd_exec, system_file_type, exec_type, file_type;
|
|
|
|
typeattribute rkpd coredomain;
|
|
|
|
binder_use(rkpd)
|
|
binder_service(rkpd)
|
|
|
|
init_daemon_domain(rkpd)
|
|
|
|
add_service(rkpd, rkpd_registrar_service)
|
|
add_service(rkpd, rkpd_refresh_service)
|
|
|
|
get_prop(rkpd, device_config_remote_key_provisioning_native_prop)
|