platform_system_sepolicy/public/credstore.te
David Zeuthen 02bf814aa2 Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL.
The credstore service is a system service which backs the
android.security.identity.* Framework APIs. It essentially calls into
the Identity Credential HAL while providing persistent storage for
credentials.

Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I5cd9a6ae810e764326355c0842e88c490f214c60
2020-02-19 13:46:45 -05:00

16 lines
512 B
Text

type credstore, domain;
type credstore_exec, system_file_type, exec_type, file_type;
# credstore daemon
binder_use(credstore)
binder_service(credstore)
binder_call(credstore, system_server)
allow credstore credstore_data_file:dir create_dir_perms;
allow credstore credstore_data_file:file create_file_perms;
add_service(credstore, credstore_service)
allow credstore sec_key_att_app_id_provider_service:service_manager find;
allow credstore dropbox_service:service_manager find;
r_dir_file(credstore, cgroup)