diff options
| author | Riley Spahn <rileyspahn@google.com> | 2014-06-17 14:58:52 -0700 |
|---|---|---|
| committer | Riley Spahn <rileyspahn@google.com> | 2014-06-26 08:53:10 -0700 |
| commit | 1196d2a5763c9a99be99ba81a4a29d938a83cc06 (patch) | |
| tree | 03e20d5f1505006c66a8ffa3e60aa87c8ef50e91 /binderservicedomain.te | |
| parent | 8c6552acfba677442d565a0c7f8e44f5f2af57f2 (diff) | |
| download | android_external_sepolicy-1196d2a5763c9a99be99ba81a4a29d938a83cc06.tar.gz android_external_sepolicy-1196d2a5763c9a99be99ba81a4a29d938a83cc06.tar.bz2 android_external_sepolicy-1196d2a5763c9a99be99ba81a4a29d938a83cc06.zip | |
Adding policies for KeyStore MAC.
Add keystore_key class and an action for each action supported
by keystore. Add policies that replicate the access control that
already exists in keystore. Add auditallow rules for actions
not known to be used frequently. Add macro for those domains
wishing to access keystore.
Change-Id: Iddd8672b9e9b72b45ee208e6eda608cc9dc61edc
Diffstat (limited to 'binderservicedomain.te')
| -rw-r--r-- | binderservicedomain.te | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/binderservicedomain.te b/binderservicedomain.te index 2533fbe..3190b6b 100644 --- a/binderservicedomain.te +++ b/binderservicedomain.te @@ -16,3 +16,8 @@ allow binderservicedomain appdomain:fifo_file write; # Allow binderservicedomain to add services by default. allow binderservicedomain service_manager_type:service_manager add; auditallow binderservicedomain default_android_service:service_manager add; + +allow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify }; +auditallow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify }; + +use_keystore(binderservicedomain) |