diff options
author | Chad Brubaker <cbrubaker@google.com> | 2015-03-31 13:03:06 -0700 |
---|---|---|
committer | Chad Brubaker <cbrubaker@google.com> | 2015-03-31 13:03:41 -0700 |
commit | 8927772caa421f1c9ccc80337527e039353d65dd (patch) | |
tree | d52f76fbc7d460dda71ed75e8c5616f6ea9eb760 /system_server.te | |
parent | 5a5b364c54bbeb2ac032dac18e378370bd35fb45 (diff) | |
download | android_external_sepolicy-8927772caa421f1c9ccc80337527e039353d65dd.tar.gz android_external_sepolicy-8927772caa421f1c9ccc80337527e039353d65dd.tar.bz2 android_external_sepolicy-8927772caa421f1c9ccc80337527e039353d65dd.zip |
Add keystore add_auth
This is for the new addAuthToken keystore method from
I7f7647d9a36ea453ec6d62fc84087ca8f76e53dd. These tokens will be used to
authorize keymaster operations. The tokens are HMAC'd and so shouldn't
be fakeable but this is still limited to system_server only.
Change-Id: I3ff46b676ecac8a878d3aa0a25ba9a8b0c5e1f47
Diffstat (limited to 'system_server.te')
-rw-r--r-- | system_server.te | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/system_server.te b/system_server.te index 36fbace..e967adb 100644 --- a/system_server.te +++ b/system_server.te @@ -455,6 +455,7 @@ allow system_server keystore:keystore_key { reset_uid sync_uid password_uid + add_auth }; # Allow system server to search and write to the persistent factory reset |