Allow system and root to access fsverity keys
Test: can add a key from Settings/CertInstaller
Test: see the key loaded from an init script in /proc/keys
Bug: 112038744
Change-Id: I72b643d88ca4c0afce8a4e3bc64fef606daf8364
diff --git a/keystore/permissions.cpp b/keystore/permissions.cpp
index 05454cb..d17fcdd 100644
--- a/keystore/permissions.cpp
+++ b/keystore/permissions.cpp
@@ -59,6 +59,8 @@
{AID_ROOT, AID_SYSTEM},
{AID_WIFI, AID_KEYSTORE},
{AID_KEYSTORE, AID_WIFI},
+ {AID_FSVERITY_CERT, AID_ROOT},
+ {AID_FSVERITY_CERT, AID_SYSTEM},
#ifdef GRANT_ROOT_ALL_PERMISSIONS
// Allow VTS tests to act on behalf of the wifi user