Allow platform_app access to keystore.

Encountered when certinstaller tries to talk to keystore: ComponentInfo{com.android.certinstaller/com.android.certinstaller.CertInstaller}: java.lang.NullPointerException: Attempt to invoke interface method 'int android.security.IKeystoreService.test()' on a null object reference Address the following denial: avc: denied { find } for service=android.security.keystore scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:keystore_service:s0 tclass=service_manager Bug: 19347232 Change-Id: I35b46da3c78b384cf04216be937c6b5bfa86452d
2015-03-02 10:59:05 -08:00 · 2015-03-02 10:59:05 -08:00 · 6a2451b580
commit 6a2451b580
parent e4da594d9d
4 changed files with 1 additions and 3 deletions
--- a/bluetooth.te
+++ b/bluetooth.te
@ -50,7 +50,6 @@ allow bluetooth pan_result_prop:property_service set;
 allow bluetooth ctl_dhcp_pan_prop:property_service set;

 allow bluetooth bluetooth_service:service_manager find;
-allow bluetooth keystore_service:service_manager find;
 allow bluetooth mediaserver_service:service_manager find;
 allow bluetooth radio_service:service_manager find;
 allow bluetooth surfaceflinger_service:service_manager find;
--- a/system_app.te
+++ b/system_app.te
@ -48,7 +48,6 @@ allow system_app anr_data_file:file create_file_perms;
 # Settings need to access app name and icon from asec
 allow system_app asec_apk_file:file r_file_perms;

-allow system_app keystore_service:service_manager find;
 allow system_app mediaserver_service:service_manager find;
 allow system_app nfc_service:service_manager find;
 allow system_app radio_service:service_manager find;
--- a/1
+++ b/1
@ -336,6 +336,7 @@ define(`use_keystore', `
  allow keystore $1:dir search;
  allow keystore $1:file { read open };
  allow keystore $1:process getattr;
+  allow $1 keystore_service:service_manager find;
  binder_call($1, keystore)
 ')

--- a/untrusted_app.te
+++ b/untrusted_app.te
@ -64,7 +64,6 @@ allow untrusted_app cache_file:dir create_dir_perms;
 allow untrusted_app cache_file:file create_file_perms;

 allow untrusted_app drmserver_service:service_manager find;
-allow untrusted_app keystore_service:service_manager find;
 allow untrusted_app mediaserver_service:service_manager find;
 allow untrusted_app nfc_service:service_manager find;
 allow untrusted_app radio_service:service_manager find;