766caba5de
Add the compos_key_helper domain for the process which has access to the signing key, make sure it can't be crashdumped. Also extend that protection to diced & its HAL. Rename compos_verify_key to compos_verify, because it doesn't verify keys any more. Move exec types used by Microdroid to file.te in the host rather than their own dedicated files. Bug: 218494522 Test: atest CompOsSigningHostTest CompOsDenialHostTest Change-Id: I942667355d8ce29b3a9eb093e0b9c4f6ee0df6c1
5 lines
274 B
Text
5 lines
274 B
Text
(/.*)? u:object_r:system_file:s0
|
|
/bin/compos_key_helper u:object_r:compos_key_helper_exec:s0
|
|
/bin/compos_verify u:object_r:compos_verify_exec:s0
|
|
/bin/composd u:object_r:composd_exec:s0
|
|
/bin/compsvc u:object_r:compos_exec:s0
|