a999004528
Vold needs to be able to search for keystore2 and keystore2 maintenance services, and call methods provided by those services. Bug: 181910578 Change-Id: I6e336c3bfaabe158b850dc175b6c9a942dd717be
31 lines
961 B
Text
31 lines
961 B
Text
typeattribute keystore coredomain;
|
|
|
|
init_daemon_domain(keystore)
|
|
|
|
# talk to keymaster
|
|
hal_client_domain(keystore, hal_keymaster)
|
|
|
|
# talk to confirmationui
|
|
hal_client_domain(keystore, hal_confirmationui)
|
|
|
|
# talk to keymint
|
|
hal_client_domain(keystore, hal_keymint)
|
|
|
|
# This is used for the ConfirmationUI async callback.
|
|
allow keystore platform_app:binder call;
|
|
|
|
# Allow to check whether security logging is enabled.
|
|
get_prop(keystore, device_logging_prop)
|
|
|
|
# Allow keystore to write to statsd.
|
|
unix_socket_send(keystore, statsdw, statsd)
|
|
|
|
# Keystore need access to the keystore_key context files to load the keystore key backend.
|
|
allow keystore keystore2_key_contexts_file:file r_file_perms;
|
|
|
|
get_prop(keystore, keystore_listen_prop)
|
|
|
|
# Keystore needs to transfer binder references to vold and wait_for_keymaster so that they
|
|
# can call keystore methods on those references.
|
|
allow keystore vold:binder transfer;
|
|
allow keystore wait_for_keymaster:binder transfer;
|