| typeattribute credstore coredomain; |
| |
| init_daemon_domain(credstore) |
| |
| # talk to Identity Credential |
| hal_client_domain(credstore, hal_identity) |
| |
| # talk to keymint, specifically for IRemotelyProvisionedComponent/default |
| hal_client_domain(credstore, hal_keymint) |
| |
| # credstore needs to get keys from the remotely provisioned pool |
| allow credstore remotelyprovisionedkeypool_service:service_manager find; |
| allow credstore keystore:keystore2 get_attestation_key; |
| |
| # credstore needs to get keys from the RKPD |
| get_prop(credstore, remote_prov_prop) |
| allow credstore remote_provisioning_service:service_manager find; |