1typeattribute credstore coredomain; 2 3init_daemon_domain(credstore) 4 5# talk to Identity Credential 6hal_client_domain(credstore, hal_identity) 7 8# talk to keymint, specifically for IRemotelyProvisionedComponent/default 9hal_client_domain(credstore, hal_keymint) 10 11# credstore needs to get keys from the RKPD 12get_prop(credstore, remote_prov_prop) 13allow credstore remote_provisioning_service:service_manager find; 14 15binder_use(credstore) 16binder_service(credstore) 17binder_call(credstore, system_server) 18 19allow credstore credstore_data_file:dir create_dir_perms; 20allow credstore credstore_data_file:file create_file_perms; 21 22add_service(credstore, credstore_service) 23allow credstore sec_key_att_app_id_provider_service:service_manager find; 24allow credstore dropbox_service:service_manager find; 25allow credstore authorization_service:service_manager find; 26allow credstore keystore:keystore2 get_auth_token; 27 28r_dir_file(credstore, cgroup) 29r_dir_file(credstore, cgroup_v2) 30