Merge "Revert "sepolicy: remove hal_light_severice exception""
diff --git a/prebuilts/api/30.0/private/keystore.te b/prebuilts/api/30.0/private/keystore.te
index ee6dbdf..81b6dfb 100644
--- a/prebuilts/api/30.0/private/keystore.te
+++ b/prebuilts/api/30.0/private/keystore.te
@@ -13,3 +13,6 @@
# Allow to check whether security logging is enabled.
get_prop(keystore, device_logging_prop)
+
+# Allow keystore to write to statsd.
+unix_socket_send(keystore, statsdw, statsd)
diff --git a/private/file_contexts b/private/file_contexts
index 08e9e2f..c76ff3d 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -259,6 +259,7 @@
/system/bin/art_apex_boot_integrity u:object_r:art_apex_boot_integrity_exec:s0
/system/bin/credstore u:object_r:credstore_exec:s0
/system/bin/keystore u:object_r:keystore_exec:s0
+/system/bin/keystore2 u:object_r:keystore_exec:s0
/system/bin/fingerprintd u:object_r:fingerprintd_exec:s0
/system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0
/system/bin/tombstoned u:object_r:tombstoned_exec:s0
diff --git a/private/keystore.te b/private/keystore.te
index 492ce77..a36926e 100644
--- a/private/keystore.te
+++ b/private/keystore.te
@@ -16,3 +16,6 @@
# Keystore need access to the keystore_key context files to load the keystore key backend.
allow keystore keystore2_key_contexts_file:file r_file_perms;
+
+# Allow keystore to write to statsd.
+unix_socket_send(keystore, statsdw, statsd)
diff --git a/private/service_contexts b/private/service_contexts
index 51161c0..808edcc 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -16,6 +16,7 @@
android.os.UpdateEngineStableService u:object_r:update_engine_stable_service:s0
android.security.identity u:object_r:credstore_service:s0
android.security.keystore u:object_r:keystore_service:s0
+android.security.keystore2 u:object_r:keystore_service:s0
android.service.gatekeeper.IGateKeeperService u:object_r:gatekeeper_service:s0
app_binding u:object_r:app_binding_service:s0
app_integrity u:object_r:app_integrity_service:s0
