As per discussion default permissions are the correct ones.
Note that since we use logon keys, they cannot be read outside
the kernel.
Note also that we limit who can read/write keys in selinux policy.
Bug:
18151196
Change-Id: Icc916f430a70eff22e6b74c20ec361c8f3789c1c
SLOGI("Added key %d (%s) to keyring %d in process %d",
key_id, ref.c_str(), device_keyring, getpid());
- // ext4enc:TODO set correct permissions
- long result = keyctl_setperm(key_id, 0x3f3f3f3f);
- if (result) {
- SLOGE("KEYCTL_SETPERM failed with error %ld", result);
- return -1;
- }
-
// Save reference to key so we can set policy later
if (!props.Set(properties::ref, raw_ref)) {
SLOGE("Cannot save key reference");