Add keystore add_auth

This is for the new addAuthToken keystore method from I7f7647d9a36ea453ec6d62fc84087ca8f76e53dd. These tokens will be used to authorize keymaster operations. The tokens are HMAC'd and so shouldn't be fakeable but this is still limited to system_server only. Change-Id: I3ff46b676ecac8a878d3aa0a25ba9a8b0c5e1f47
author: Chad Brubaker <cbrubaker@google.com> 2015-03-31 13:03:06 -0700
committer: Chad Brubaker <cbrubaker@google.com> 2015-03-31 13:03:41 -0700
commit: 8927772caa421f1c9ccc80337527e039353d65dd (patch)
tree: d52f76fbc7d460dda71ed75e8c5616f6ea9eb760 /system_server.te
parent: 5a5b364c54bbeb2ac032dac18e378370bd35fb45 (diff)
download: android_external_sepolicy-8927772caa421f1c9ccc80337527e039353d65dd.tar.gz
android_external_sepolicy-8927772caa421f1c9ccc80337527e039353d65dd.tar.bz2
android_external_sepolicy-8927772caa421f1c9ccc80337527e039353d65dd.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/system_server.te b/system_server.te
index 36fbace..e967adb 100644
--- a/system_server.te
+++ b/system_server.te
@@ -455,6 +455,7 @@ allow system_server keystore:keystore_key {
 	reset_uid
 	sync_uid
 	password_uid
+	add_auth
 };
 
 # Allow system server to search and write to the persistent factory reset
author	Chad Brubaker <cbrubaker@google.com>	2015-03-31 13:03:06 -0700
committer	Chad Brubaker <cbrubaker@google.com>	2015-03-31 13:03:41 -0700
commit	8927772caa421f1c9ccc80337527e039353d65dd (patch)
tree	d52f76fbc7d460dda71ed75e8c5616f6ea9eb760 /system_server.te
parent	5a5b364c54bbeb2ac032dac18e378370bd35fb45 (diff)
download	android_external_sepolicy-8927772caa421f1c9ccc80337527e039353d65dd.tar.gz android_external_sepolicy-8927772caa421f1c9ccc80337527e039353d65dd.tar.bz2 android_external_sepolicy-8927772caa421f1c9ccc80337527e039353d65dd.zip