identity: Add sepolicy permission for hal_identity_citadel to find hal_remotelyprovisionedcomponent_service

log: SELinux : avc: denied { find } for pid=885 uid=9999 name=android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox scontext=u:r:hal_identity_citadel:s0 tcontext=u:object_r:hal_remotelyprovisionedcomponent_service:s0 tclass=service_manager permissive=0 Bug: 218613398 Change-Id: I124ea5898609a3f68bee13b6db931878252d4081
2022-02-23 05:45:43 +00:00 · 2022-02-23 05:45:43 +00:00 · 5fb066e143
commit 5fb066e143
parent 97a25bf259
1 changed files with 2 additions and 0 deletions
--- a/dauntless/hal_identity_citadel.te
+++ b/dauntless/hal_identity_citadel.te
@ -4,6 +4,8 @@ type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type;
 vndbinder_use(hal_identity_citadel)
 binder_call(hal_identity_citadel, citadeld)
 allow hal_identity_citadel citadeld_service:service_manager find;
+allow hal_identity_citadel hal_keymint_citadel:binder call;

 hal_server_domain(hal_identity_citadel, hal_identity)
+hal_server_domain(hal_identity_citadel, hal_keymint)
 init_daemon_domain(hal_identity_citadel)