| Alex Klyubin | f5446eb | 2017-03-23 14:27:32 -0700 | [diff] [blame] | 1 | typeattribute keystore coredomain; |
| 2 | |
| dcashman | cc39f63 | 2016-07-22 13:13:11 -0700 | [diff] [blame] | 3 | init_daemon_domain(keystore) |
| Alex Klyubin | 53656c1 | 2017-04-13 19:05:27 -0700 | [diff] [blame] | 4 | |
| 5 | # talk to keymaster |
| 6 | hal_client_domain(keystore, hal_keymaster) |
| 7 | |
| Janis Danisevskis | 97c56bd | 2018-01-09 17:42:53 -0500 | [diff] [blame] | 8 | # talk to confirmationui |
| 9 | hal_client_domain(keystore, hal_confirmationui) |
| 10 | |
| Janis Danisevskis | bd464a9 | 2020-08-24 07:52:32 -0700 | [diff] [blame] | 11 | # talk to keymint |
| 12 | hal_client_domain(keystore, hal_keymint) |
| 13 | |
| Janis Danisevskis | 97c56bd | 2018-01-09 17:42:53 -0500 | [diff] [blame] | 14 | # This is used for the ConfirmationUI async callback. |
| 15 | allow keystore platform_app:binder call; |
| 16 | |
| Pavel Grafov | c5b3330 | 2018-01-24 19:49:18 +0000 | [diff] [blame] | 17 | # Allow to check whether security logging is enabled. |
| 18 | get_prop(keystore, device_logging_prop) |
| Janis Danisevskis | c40681f | 2020-07-25 13:02:29 -0700 | [diff] [blame] | 19 | |
| Max Bires | aaacfdb | 2022-02-01 21:15:44 -0800 | [diff] [blame] | 20 | # Allow keystore to check if the system is rkp only. |
| 21 | get_prop(keystore, remote_prov_prop) |
| 22 | |
| Hasini Gunasinghe | 0112daa | 2020-06-10 23:34:41 +0000 | [diff] [blame] | 23 | # Allow keystore to write to statsd. |
| 24 | unix_socket_send(keystore, statsdw, statsd) |
| Xin Li | 11da9e6 | 2020-08-29 01:45:24 -0700 | [diff] [blame] | 25 | |
| Janis Danisevskis | c40681f | 2020-07-25 13:02:29 -0700 | [diff] [blame] | 26 | # Keystore need access to the keystore_key context files to load the keystore key backend. |
| 27 | allow keystore keystore2_key_contexts_file:file r_file_perms; |
| Hasini Gunasinghe | 83e1f14 | 2020-06-10 21:10:02 +0000 | [diff] [blame] | 28 | |
| Paul Crowley | 283aef2 | 2022-08-22 09:00:25 -0700 | [diff] [blame] | 29 | # Allow keystore to listen to changing boot levels |
| Paul Crowley | b0c5571 | 2021-02-23 08:40:05 -0800 | [diff] [blame] | 30 | get_prop(keystore, keystore_listen_prop) |
| Satya Tangirala | a999004 | 2021-03-01 02:53:46 -0800 | [diff] [blame] | 31 | |
| Paul Crowley | 4a79452 | 2021-06-13 09:56:33 -0700 | [diff] [blame] | 32 | # Keystore needs to transfer binder references to vold so that it |
| Satya Tangirala | a999004 | 2021-03-01 02:53:46 -0800 | [diff] [blame] | 33 | # can call keystore methods on those references. |
| 34 | allow keystore vold:binder transfer; |
| Hasini Gunasinghe | 4fa6b1a | 2021-07-02 23:14:50 +0000 | [diff] [blame] | 35 | |
| 36 | # Only keystore can set keystore.crash_count system property. Since init is allowed to set any |
| 37 | # system property, an exception is added for init as well. |
| 38 | set_prop(keystore, keystore_crash_prop) |
| 39 | neverallow { domain -keystore -init } keystore_crash_prop:property_service set; |