Modify SELinux rules to allow vold to use the keymaster HAL directly. am: b1c857c824 am: 769bbce026 am: d3db89de5b Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2929772 Change-Id: Ib0af68b1877fd3e4a49fa5ce71b8d57ce1f3645c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: 038885a77ce3d4bf0b104dc78f534b9126f8816a [log] [tgz]
author: Peter Lee <ligs0324@thundersoft.com> Thu Feb 01 23:48:34 2024 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Feb 01 23:48:34 2024 +0000
tree: 8359f71fda7810b4dd986a2b128b99b33ae48238
parent: f6477f4f03218bd6ab26f647fadc0c7b4d59138b [diff]
parent: d3db89de5b7a4d5943f0146738a32a498eaef4f6 [diff]
diff --git a/prebuilts/api/33.0/public/vold.te b/prebuilts/api/33.0/public/vold.te
index 53b2c49..b49f25f 100644
--- a/prebuilts/api/33.0/public/vold.te
+++ b/prebuilts/api/33.0/public/vold.te

@@ -328,6 +328,7 @@
 neverallow vold {
   domain
   -hal_health_storage_server
+  -hal_keymaster_server
   -system_suspend_server
   -hal_bootctl_server
   -hwservicemanager

diff --git a/public/vold.te b/public/vold.te
index c0fdf50..ad6ef83 100644
--- a/public/vold.te
+++ b/public/vold.te

@@ -338,6 +338,7 @@
 neverallow vold {
   domain
   -hal_health_storage_server
+  -hal_keymaster_server
   -system_suspend_server
   -hal_bootctl_server
   -hwservicemanager
commit	038885a77ce3d4bf0b104dc78f534b9126f8816a	[log] [tgz]
author	Peter Lee <ligs0324@thundersoft.com>	Thu Feb 01 23:48:34 2024 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Thu Feb 01 23:48:34 2024 +0000
tree	8359f71fda7810b4dd986a2b128b99b33ae48238
parent	f6477f4f03218bd6ab26f647fadc0c7b4d59138b [diff]
parent	d3db89de5b7a4d5943f0146738a32a498eaef4f6 [diff]