Merge "Allow platform_app access to keystore."
diff --git a/bluetooth.te b/bluetooth.te
index 35a4774..4d9b4ab 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -50,7 +50,6 @@
allow bluetooth ctl_dhcp_pan_prop:property_service set;
allow bluetooth bluetooth_service:service_manager find;
-allow bluetooth keystore_service:service_manager find;
allow bluetooth mediaserver_service:service_manager find;
allow bluetooth radio_service:service_manager find;
allow bluetooth surfaceflinger_service:service_manager find;
diff --git a/system_app.te b/system_app.te
index 2ea621c..ea936aa 100644
--- a/system_app.te
+++ b/system_app.te
@@ -48,7 +48,6 @@
# Settings need to access app name and icon from asec
allow system_app asec_apk_file:file r_file_perms;
-allow system_app keystore_service:service_manager find;
allow system_app mediaserver_service:service_manager find;
allow system_app nfc_service:service_manager find;
allow system_app radio_service:service_manager find;
diff --git a/te_macros b/te_macros
index de3f9f5..35dfb4d 100644
--- a/te_macros
+++ b/te_macros
@@ -336,6 +336,7 @@
allow keystore $1:dir search;
allow keystore $1:file { read open };
allow keystore $1:process getattr;
+ allow $1 keystore_service:service_manager find;
binder_call($1, keystore)
')
diff --git a/untrusted_app.te b/untrusted_app.te
index ae65719..bb93526 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -64,7 +64,6 @@
allow untrusted_app cache_file:file create_file_perms;
allow untrusted_app drmserver_service:service_manager find;
-allow untrusted_app keystore_service:service_manager find;
allow untrusted_app mediaserver_service:service_manager find;
allow untrusted_app nfc_service:service_manager find;
allow untrusted_app radio_service:service_manager find;
