diff options
| author | Jinyoung Jeong <jinjeong@google.com> | 2023-05-02 12:35:24 +0000 |
|---|---|---|
| committer | Jin Jeong <jinjeong@google.com> | 2023-05-02 14:49:23 +0000 |
| commit | 729e4528c7bd14c91da828a5f0ae667f39521844 (patch) | |
| tree | b900963926dd94de0bcb88441cd0f350eda55c68 | |
| parent | 9127496b3d7b2535f620bfe9a19ab6a3a7e26627 (diff) | |
| download | redbull-sepolicy-729e4528c7bd14c91da828a5f0ae667f39521844.tar.gz | |
[Redfin] Fix SeLinux error
Bug: 280376211
Test: http://fusion2/8fed7e54-7273-49c0-b023-801dd1ba71bb
Ignore-AOSP-First: Will merge in AOSP (aosp/2575592)
Change-Id: I16f298a088725745758312bc0bf0541f8b818614
| -rw-r--r-- | private/property.te | 8 | ||||
| -rw-r--r-- | private/property_contexts | 3 | ||||
| -rw-r--r-- | vendor/google/certs/EuiccGoogle.x509.pem | 23 | ||||
| -rw-r--r-- | vendor/google/euicc_app.te | 13 | ||||
| -rw-r--r-- | vendor/google/keys.conf | 2 | ||||
| -rw-r--r-- | vendor/google/mac_permissions.xml | 3 | ||||
| -rw-r--r-- | vendor/google/seapp_contexts | 2 |
7 files changed, 54 insertions, 0 deletions
diff --git a/private/property.te b/private/property.te new file mode 100644 index 0000000..a6bee3b --- /dev/null +++ b/private/property.te @@ -0,0 +1,8 @@ +product_restricted_prop(masterclear_esim_prop) +product_restricted_prop(euicc_seamless_transfer_prop) + +neverallow { domain -init } masterclear_esim_prop:property_service set; +neverallow { domain -init } euicc_seamless_transfer_prop:property_service set; + +get_prop(appdomain, masterclear_esim_prop) +get_prop(appdomain, euicc_seamless_transfer_prop) diff --git a/private/property_contexts b/private/property_contexts new file mode 100644 index 0000000..aaabea7 --- /dev/null +++ b/private/property_contexts @@ -0,0 +1,3 @@ +#eSIM +masterclear.allow_retain_esim_profiles_after_fdr u:object_r:masterclear_esim_prop:s0 exact bool +euicc.seamless_transfer_enabled_in_non_qs u:object_r:euicc_seamless_transfer_prop:s0 exact bool diff --git a/vendor/google/certs/EuiccGoogle.x509.pem b/vendor/google/certs/EuiccGoogle.x509.pem new file mode 100644 index 0000000..be6c715 --- /dev/null +++ b/vendor/google/certs/EuiccGoogle.x509.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIJAOZ2d46ckK9JMA0GCSqGSIb3DQEBCwUAMHgxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW +aWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEUMBIG +A1UEAwwLRXVpY2NHb29nbGUwHhcNMTYxMjE3MDEyMTEzWhcNNDQwNTA0MDEyMTEz +WjB4MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN +TW91bnRhaW4gVmlldzEUMBIGA1UECgwLR29vZ2xlIEluYy4xEDAOBgNVBAsMB0Fu +ZHJvaWQxFDASBgNVBAMMC0V1aWNjR29vZ2xlMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA1S7b8bGk4fNm3cckWJx2sbnvC39BroHNwk6am6jVP4MZAYuc +PN6QQ7/2s7hvtn91w6VbeGi2fryIMc7jXjlixheotD2Ns+/7qsPpQ+ZovfaQO5Xw +/c4J+1CfiqrLtd4TyO+4uFGTCO/vs4qhMH58QrhnYPZUqeuq0Zs1Irp0FlVFe1qm +1heU2zJy5locjb9UJXY33sVc9vfWy+sM8TLX40nWxIXGdbzJHJNyjjr/NA+0+drx +anJCtac6+evehH6o8+t8RQBU44PEZiyGkM8poNgRTAcFdRFXU8pitZXp3QZQk6HO +JsVuqqADwsfxGSdVyHFmOW7gxpkB9+IuJJEmkQIDAQABo1AwTjAdBgNVHQ4EFgQU +lVkGDn/XmF7HjP0K3ykCNnnZ8jMwHwYDVR0jBBgwFoAUlVkGDn/XmF7HjP0K3ykC +NnnZ8jMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkDOpQMXcuKwt +CPu5/tdskpfoBMrpYJOwfvpj/JwrudnXUHZXnBnH9PtHprghGtNiWPXHTbZSzKUS +Aojpo1Lev7DtowFILA54oY6d1NqbCIJy+Knwt3W5H7Rg8u8LqvzkpX5CBKAhRwkQ +0t3yrlEkI7kx805vg484gAe+AXyBx0dGe6ov4/yrzv9E+1jhIgP7tF/f+x8zX6Tr +mDCjzz4mgKahMbmsHQg430wlbZczrciMMfPiRc3xEHKLUqGL0ARtE01hJiJ4TY/X +iL/8QUA3nBcpUyEwHFwUao40Gjca9xteKd7MtmiZ6BM2JJSQ4nSNkcwQW8PU/7Qb +0QMwPRPLbQ== +-----END CERTIFICATE----- diff --git a/vendor/google/euicc_app.te b/vendor/google/euicc_app.te new file mode 100644 index 0000000..2e36435 --- /dev/null +++ b/vendor/google/euicc_app.te @@ -0,0 +1,13 @@ +type euicc_app, domain; +app_domain(euicc_app) +net_domain(euicc_app) + +allow euicc_app app_api_service:service_manager find; +allow euicc_app radio_service:service_manager find; +allow euicc_app cameraserver_service:service_manager find; + +get_prop(euicc_app, camera_config_prop) +get_prop(euicc_app, setupwizard_esim_prop) +get_prop(euicc_app, bootloader_prop) +get_prop(euicc_app, exported_default_prop) +get_prop(euicc_app, vendor_modem_prop) diff --git a/vendor/google/keys.conf b/vendor/google/keys.conf index 26cd79f..1d8e9e2 100644 --- a/vendor/google/keys.conf +++ b/vendor/google/keys.conf @@ -10,3 +10,5 @@ ALL : device/google/redbull-sepolicy/vendor/google/certs/com_google_mds.x509.pem [@EUICCSUPPORTPIXEL] ALL : device/google/redbull-sepolicy/vendor/google/certs/EuiccSupportPixel.x509.pem +[@EUICCGOOGLE] +ALL : device/google/gs201-sepolicy/whitechapel_pro/certs/EuiccGoogle.x509.pem diff --git a/vendor/google/mac_permissions.xml b/vendor/google/mac_permissions.xml index 070982f..16b5ff0 100644 --- a/vendor/google/mac_permissions.xml +++ b/vendor/google/mac_permissions.xml @@ -33,4 +33,7 @@ <signer signature="@EUICCSUPPORTPIXEL" > <seinfo value="EuiccSupportPixel" /> </signer> + <signer signature="@EUICCGOOGLE" > + <seinfo value="EuiccGoogle" /> + </signer> </policy> diff --git a/vendor/google/seapp_contexts b/vendor/google/seapp_contexts index feda6f8..9ba0889 100644 --- a/vendor/google/seapp_contexts +++ b/vendor/google/seapp_contexts @@ -32,3 +32,5 @@ user=_app seinfo=platform name=com.google.android.iphealthmonitor domain=ip_heal # Domain for EuiccSupportPixel user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all +# Domain for EuiccGoogle +user=_app isPrivApp=true seinfo=EuiccGoogle name=com.google.android.euicc domain=euicc_app type=app_data_file levelFrom=all |