From 5fb066e1438406dc399c76ad362b5bb550ff67ea Mon Sep 17 00:00:00 2001 From: Joseph Jang Date: Wed, 23 Feb 2022 05:45:43 +0000 Subject: [PATCH] identity: Add sepolicy permission for hal_identity_citadel to find hal_remotelyprovisionedcomponent_service log: SELinux : avc: denied { find } for pid=885 uid=9999 name=android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox scontext=u:r:hal_identity_citadel:s0 tcontext=u:object_r:hal_remotelyprovisionedcomponent_service:s0 tclass=service_manager permissive=0 Bug: 218613398 Change-Id: I124ea5898609a3f68bee13b6db931878252d4081 --- dauntless/hal_identity_citadel.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dauntless/hal_identity_citadel.te b/dauntless/hal_identity_citadel.te index e29310c3..c181e27c 100644 --- a/dauntless/hal_identity_citadel.te +++ b/dauntless/hal_identity_citadel.te @@ -4,6 +4,8 @@ type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type; vndbinder_use(hal_identity_citadel) binder_call(hal_identity_citadel, citadeld) allow hal_identity_citadel citadeld_service:service_manager find; +allow hal_identity_citadel hal_keymint_citadel:binder call; hal_server_domain(hal_identity_citadel, hal_identity) +hal_server_domain(hal_identity_citadel, hal_keymint) init_daemon_domain(hal_identity_citadel)