Allow virtualizationserver->ISecretkeeper am: 3242c6a271 am: d63c142e10 Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2967566 Change-Id: I5c4f5de0553fa7d1d4c3c3ad934cfbaad07dfc0e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: 4aa156fa1a528e148cf7882dc9504563f9e1ff69 [log] [tgz]
author: David Drysdale <drysdale@google.com> Tue Feb 20 09:43:03 2024 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Tue Feb 20 09:43:03 2024 +0000
tree: fc73827d9000e7815f26de977e74dd7462b0d455
parent: fbe80ab16c55b7c4728f625676855f8715c79bb6 [diff]
parent: d63c142e1049e943a5026e68f2bd98ec312c65bc [diff]
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 972f376..fcc7304 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -33,6 +33,9 @@
 binder_call(virtualizationservice, remote_provisioning_service)
 allow virtualizationservice remote_provisioning_service:service_manager find;
 
+# Allow virtualizationservice to manage VM secrets via Secretkeeper.
+hal_client_domain(virtualizationservice, hal_secretkeeper)
+
 # Let virtualizationservice remove memlock rlimit of virtualizationmanager. This is necessary
 # to mlock VM memory and page tables.
 allow virtualizationservice self:capability sys_resource;
commit	4aa156fa1a528e148cf7882dc9504563f9e1ff69	[log] [tgz]
author	David Drysdale <drysdale@google.com>	Tue Feb 20 09:43:03 2024 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Tue Feb 20 09:43:03 2024 +0000
tree	fc73827d9000e7815f26de977e74dd7462b0d455
parent	fbe80ab16c55b7c4728f625676855f8715c79bb6 [diff]
parent	d63c142e1049e943a5026e68f2bd98ec312c65bc [diff]