From 821f3f5be787a278a629ce51b790b8af84f407b9 Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Fri, 21 Jul 2023 14:39:48 +0900 Subject: Move coredomain seapp contexts to system_ext Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble violation. Bug: 280547417 Test: TH Change-Id: Iecce441a8fbd98b0e7f2bd3febb7aaa9d16a9e37 --- system_ext/private/seapp_contexts | 24 ++++++++++++++++++++++++ vendor/google/seapp_contexts | 18 ------------------ vendor/qcom/common/seapp_contexts | 3 --- vendor/verizon/seapp_contexts | 3 --- 4 files changed, 24 insertions(+), 24 deletions(-) create mode 100644 system_ext/private/seapp_contexts delete mode 100644 vendor/verizon/seapp_contexts diff --git a/system_ext/private/seapp_contexts b/system_ext/private/seapp_contexts new file mode 100644 index 0000000..934937f --- /dev/null +++ b/system_ext/private/seapp_contexts @@ -0,0 +1,24 @@ +# Use a custom domain for GoogleCamera, to allow for Hexagon DSP access +user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all + +# Also allow GoogleCameraNext, the dogfood beta version, the same access as GoogleCamera +user=_app seinfo=googlepulse name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all + +# Domain for DeviceDropMonitor service +user=_app seinfo=platform name=com.google.android.devicedropmonitor domain=device_drop_monitor type=app_data_file levelFrom=all + +# Domain for Display +user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all + +# Domain for IpHealthMonitor service +user=_app seinfo=platform name=com.google.android.iphealthmonitor domain=ip_health_monitor type=app_data_file levelFrom=all + +# Domain for UvExposureReporter service +user=_app isPrivApp=true name=com.google.android.uvexposurereporter domain=uv_exposure_reporter type=app_data_file levelFrom=all + +# Domain for connectivity monitor +user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all + +# Verizon for OBDM tool +user=_app seinfo=verizon name=com.verizon.obdm domain=obdm_app type=app_data_file levelFrom=all +user=_app seinfo=verizon name=com.verizon.obdm:background domain=obdm_app type=app_data_file levelFrom=all diff --git a/vendor/google/seapp_contexts b/vendor/google/seapp_contexts index feda6f8..680d4e6 100644 --- a/vendor/google/seapp_contexts +++ b/vendor/google/seapp_contexts @@ -11,24 +11,6 @@ user=_app seinfo=mds name=com.google.mds domain=modem_diagnostic_app type=app_da # Domain for GoogleCBRS app user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user -# Use a custom domain for GoogleCamera, to allow for Hexagon DSP access -user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all - -# Also allow GoogleCameraNext, the dogfood beta version, the same access as GoogleCamera -user=_app seinfo=googlepulse name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all - -# Domain for Display -user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all - -# Domain for UvExposureReporter service -user=_app isPrivApp=true name=com.google.android.uvexposurereporter domain=uv_exposure_reporter type=app_data_file levelFrom=all - -# Domain for DeviceDropMonitor service -user=_app seinfo=platform name=com.google.android.devicedropmonitor domain=device_drop_monitor type=app_data_file levelFrom=all - -# Domain for IpHealthMonitor service -user=_app seinfo=platform name=com.google.android.iphealthmonitor domain=ip_health_monitor type=app_data_file levelFrom=all - # Domain for EuiccSupportPixel user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts index b899748..7360124 100644 --- a/vendor/qcom/common/seapp_contexts +++ b/vendor/qcom/common/seapp_contexts @@ -9,9 +9,6 @@ user=radio isPrivApp=true seinfo=platform name=com.google.RilConfigService domai user=_app seinfo=platform name=.qtidataservices domain=qtidataservices_app type=app_data_file levelFrom=all -# Domain for connectivity monitor -user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all - #Domain for omadm user=_app isPrivApp=true seinfo=platform name=com.android.omadm.service domain=omadm_app type=app_data_file levelFrom=all diff --git a/vendor/verizon/seapp_contexts b/vendor/verizon/seapp_contexts deleted file mode 100644 index 951fef3..0000000 --- a/vendor/verizon/seapp_contexts +++ /dev/null @@ -1,3 +0,0 @@ -# Verizon for OBDM tool -user=_app seinfo=verizon name=com.verizon.obdm domain=obdm_app type=app_data_file levelFrom=all -user=_app seinfo=verizon name=com.verizon.obdm:background domain=obdm_app type=app_data_file levelFrom=all -- cgit v1.2.3