tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/microdroid/system/private/compos.te
Alan Stokes 80bb558584 Remove compos_key_cmd from policy 
It's a test tool which is generally run as root, and will be deleted
eventually. It doesn't need its own label; system_file works fine.

We never actually allowed it anything, nor defined a transition into
the domain.

Bug: 194474784
Test: Device boots, no denials
Test: compos_key_cmd run from root works
Change-Id: If118798086dae2faadeda658bc02b6eb6e6bf606
2021-07-28 14:36:50 +01:00

20 lines
508 B
Text
Raw Blame History

# TODO(b/193504816): move this to compos APEX
type compos, domain, coredomain, microdroid_payload;
type compos_exec, exec_type, file_type, system_file_type;
allow compos self:vsock_socket { create_socket_perms_no_ioctl listen accept };
# Talk to binder services (for keystore)
binder_use(compos);
# Allow payloads to use keystore
use_keystore(compos);
# Allow payloads to use and manage their keys
allow compos vm_payload_key:keystore2_key {
delete
get_info
manage_blob
rebind
use
};
Reference in a new issue View git blame Copy permalink