tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/public/hal_secretkeeper.te
David Drysdale 8d1876b4f6 Allow for ISecretkeeper/default 
Test: VtsAidlAuthGraphSessionTest
Bug: 306364873
Change-Id: I788d6cd67c2b6dfa7b5f14bc66444d18e3fd35d3
2023-12-05 14:33:47 +00:00

12 lines
562 B
Text
Raw Blame History

# Domains for the Secretkeeper HAL, which provides secure (tamper evident, rollback protected)
# storage of secrets guarded by DICE policies.
binder_call(hal_secretkeeper_client, hal_secretkeeper_server)
hal_attribute_service(hal_secretkeeper, hal_secretkeeper_service)
binder_use(hal_secretkeeper_server)
binder_use(hal_secretkeeper_client)
# The Secretkeeper HAL service needs to communicate with a trusted application running
# in the TEE, which is represented by the tee_device permission.
allow hal_secretkeeper_server tee_device:chr_file rw_file_perms;
Reference in a new issue View git blame Copy permalink