private/mini_keyctl.te - LeafOS-Project/android_system_sepolicy - Gitiles

 type mini-keyctl, domain, coredomain;
 type mini-keyctl_exec, exec_type, file_type, system_file_type;

 init_daemon_domain(mini-keyctl)

 allow mini-keyctl proc_keys:file r_file_perms;

 # Kernel only prints the keys that can be accessed and only kernel keyring is needed here.
 dontaudit mini-keyctl init:key view;
 dontaudit mini-keyctl vold:key view;
 allow mini-keyctl kernel:key { view search write };
 allow mini-keyctl mini-keyctl:key { view search write };

 # When kernel requests an algorithm, the crypto API first looks for an
 # already registered algorithm with that name. If it fails, the kernel creates
 # an implementation of the algorithm from templates.
 dontaudit mini-keyctl kernel:system module_request;
	type mini-keyctl, domain, coredomain;
	type mini-keyctl_exec, exec_type, file_type, system_file_type;

	init_daemon_domain(mini-keyctl)

	allow mini-keyctl proc_keys:file r_file_perms;

	# Kernel only prints the keys that can be accessed and only kernel keyring is needed here.
	dontaudit mini-keyctl init:key view;
	dontaudit mini-keyctl vold:key view;
	allow mini-keyctl kernel:key { view search write };
	allow mini-keyctl mini-keyctl:key { view search write };

	# When kernel requests an algorithm, the crypto API first looks for an
	# already registered algorithm with that name. If it fails, the kernel creates
	# an implementation of the algorithm from templates.
	dontaudit mini-keyctl kernel:system module_request;