Snap for 12378824 from d2c239970b to 24Q4-release
Change-Id: I9b6a5da156862083e0e722a299df74838e3cd5b7
This commit is contained in:
Android Build Coastguard Worker
commit
11b3ae101f
18 changed files with 111 additions and 6 deletions
3
euiccpixel_app/euiccpixel_app_st54.mk
Normal file
3
euiccpixel_app/euiccpixel_app_st54.mk
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/euiccpixel_app/sepolicy/common
|
||||||
|
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/euiccpixel_app/sepolicy/st54
|
||||||
|
PRODUCT_PACKAGES += EuiccSupportPixel-P23
|
||||||
|
|
@ -0,0 +1,29 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIF2zCCA8OgAwIBAgIVAIFP2e+Gh4wn4YFsSI7fRB6AXjIsMA0GCSqGSIb3DQEBCwUAMH4xCzAJ
|
||||||
|
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
|
||||||
|
EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEaMBgGA1UEAxMRRXVpY2NTdXBw
|
||||||
|
b3J0UGl4ZWwwHhcNMTkwMjI4MTkyMjE4WhcNNDkwMjI4MTkyMjE4WjB+MQswCQYDVQQGEwJVUzET
|
||||||
|
MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29v
|
||||||
|
Z2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxGjAYBgNVBAMTEUV1aWNjU3VwcG9ydFBpeGVsMIIC
|
||||||
|
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqklePqeltzqnyXVch9eJRXFBRQQIBIJWhcXb
|
||||||
|
WIP/kZ28ISnQ2SrZisdxqtvRIeInxb7lU1rRQDfqCFSp/vMZ3l25Ryn6OVLFP4bxV1vO797t7Ef/
|
||||||
|
amYA1mFKBsD4KLaIGj0/2RpGesneCOb0jWl2yRgIO2Ez7Y4YgWU/IoickZDLp1u6/7e7E/Qq9OXK
|
||||||
|
aXvtBSzooGrYC7eyKn7O21FOfz5cQRo4BipjJqXG5Ez8Vi+m/dL1IFRZheYttEf3v390vBcb0oJ0
|
||||||
|
oYPzLxmnb1LchjZC3yLAknRA0hNt8clvJ3tjXFjtzCGKsQsT4rnvvGFFABJTCf3EdEiwBNS5U4ho
|
||||||
|
+9+EtH7PpuoC+uVv2rLv/Gb7stlGQGx32KmK2CfKED3PdNqoT7WRx6nvVjCk3i7afdUcxQxcS9td
|
||||||
|
5r80CB1bQEhS2sWLWB21PJrfMugWUJO5Bwz6u0es8dP+4FAHojIaF6iwB5ZYIuHGcEaOviHm4jOK
|
||||||
|
rrGMlLqTwuEhq2aVIP55u7XRV98JLs2hlE5DJOWCIsPxybUDiddFvR+yzi/4FimsxJlEmaQAQcki
|
||||||
|
uJ9DceVP03StPzFJSDRlqa4yF6xkZW5piNoANQ4MyI67V2Qf8g/L1UPYAi4hUMxQGo7Clw2hBRag
|
||||||
|
ZTm65Xc7+ovBYxl5YaXAmNoJbss34Lw8tdrn4EECAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNV
|
||||||
|
HQ4EFgQU+hQdFrOGuCDI+bbebssw9TL5FcYwHwYDVR0jBBgwFoAU+hQdFrOGuCDI+bbebssw9TL5
|
||||||
|
FcYwDQYJKoZIhvcNAQELBQADggIBAGmyZHXddei/zUUMowiyi/MTtqXf9hKDEN4zhAXkuiuHxqA9
|
||||||
|
Ii0J1Sxz2dd5NkqMmtePKYFSGA884yVm1KAne/uoCWj57IK3jswiRYnKhXa293DxA/K9wY27IGbp
|
||||||
|
ulSuuxbpjjV2tqGUuoNQGKX7Oy6s0GcibyZFc+LpD7ttGk5QoLC9qQdpXZgUv/yG2B99ERSXLCaL
|
||||||
|
EWMNP/oVZQOCQGfsFM1fPLn3X0ZuCOQg9bljxFf3jTl+H6PIAhpCjKeeUQYLc41eQkCyR/f67aRB
|
||||||
|
GvO4YDpXLn9eH23B+26rjPyFiVtMJ/jJZ7UEPeJ3XBj1COS/X7p9gGRS5rtfr9z7XxuMxvG0JU9U
|
||||||
|
XA+bMfOOfCqflvw6IyUg+oxjBFIhgiP4fxna51+BqpctvB0OeRwUm6y4nN06AwqtD8SteQrEn0b0
|
||||||
|
IDWOKlVeh0lJWrDDEHr55dXSF+CbOPUDmMxmGoulOEOy/qSWIQi8BfvdX+e88CmracNRYVffLuQj
|
||||||
|
pRYN3TeiCJd+6/X9/x1Q8VLW7vOAb6uRyE2lOjX40DYBxK3xSq6J7Vp38f6z0vtQm2sAAQ4xqqon
|
||||||
|
A9tB5p+nJlYHgSxXOZx3C13Rs/eMmiGCKkSpCTnGCgBC7PfJDdMK6SLw5Gn4oyGoZo4fXbADuHrU
|
||||||
|
0JD1T1qdCm3aUSEmFgEA4rOL/0K3
|
||||||
|
-----END CERTIFICATE-----
|
||||||
27
euiccpixel_app/sepolicy/common/euiccpixel_app.te
Normal file
27
euiccpixel_app/sepolicy/common/euiccpixel_app.te
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
# Euiccpixel_app
|
||||||
|
type euiccpixel_app, domain;
|
||||||
|
app_domain(euiccpixel_app)
|
||||||
|
|
||||||
|
allow euiccpixel_app activity_service:service_manager find;
|
||||||
|
allow euiccpixel_app netstats_service:service_manager find;
|
||||||
|
allow euiccpixel_app content_capture_service:service_manager find;
|
||||||
|
allow euiccpixel_app activity_task_service:service_manager find;
|
||||||
|
allow euiccpixel_app gpu_service:service_manager find;
|
||||||
|
allow euiccpixel_app voiceinteraction_service:service_manager find;
|
||||||
|
allow euiccpixel_app autofill_service:service_manager find;
|
||||||
|
allow euiccpixel_app sensitive_content_protection_service:service_manager find;
|
||||||
|
allow euiccpixel_app hint_service:service_manager find;
|
||||||
|
allow euiccpixel_app audio_service:service_manager find;
|
||||||
|
allow euiccpixel_app batterystats_service:service_manager find;
|
||||||
|
allow euiccpixel_app batteryproperties_service:service_manager find;
|
||||||
|
allow euiccpixel_app permission_checker_service:service_manager find;
|
||||||
|
allow euiccpixel_app radio_service:service_manager find;
|
||||||
|
allow euiccpixel_app nfc_service:service_manager find;
|
||||||
|
|
||||||
|
set_prop(euiccpixel_app, vendor_secure_element_prop)
|
||||||
|
set_prop(euiccpixel_app, vendor_modem_prop)
|
||||||
|
get_prop(euiccpixel_app, dck_prop)
|
||||||
|
|
||||||
|
# b/265286368 framework UI rendering properties and file access
|
||||||
|
dontaudit euiccpixel_app default_prop:file { read };
|
||||||
|
dontaudit euiccpixel_app sysfs_gpu_uevent:file { read open getattr };
|
||||||
2
euiccpixel_app/sepolicy/common/file.te
Normal file
2
euiccpixel_app/sepolicy/common/file.te
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# type for gpu uevent
|
||||||
|
type sysfs_gpu_uevent, sysfs_type, fs_type;
|
||||||
1
euiccpixel_app/sepolicy/common/genfs_contexts
Normal file
1
euiccpixel_app/sepolicy/common/genfs_contexts
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
genfscon sysfs /devices/platform/34f00000.gpu0/uevent u:object_r:sysfs_gpu_uevent:s0
|
||||||
2
euiccpixel_app/sepolicy/common/keys.conf
Normal file
2
euiccpixel_app/sepolicy/common/keys.conf
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
[@EUICCSUPPORTPIXEL]
|
||||||
|
ALL : device/google/gs-common/euiccpixel_app/sepolicy/common/certs/EuiccSupportPixel.x509.pem
|
||||||
27
euiccpixel_app/sepolicy/common/mac_permissions.xml
Normal file
27
euiccpixel_app/sepolicy/common/mac_permissions.xml
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<policy>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
|
||||||
|
* A signature is a hex encoded X.509 certificate or a tag defined in
|
||||||
|
keys.conf and is required for each signer tag.
|
||||||
|
* A signer tag may contain a seinfo tag and multiple package stanzas.
|
||||||
|
* A default tag is allowed that can contain policy for all apps not signed with a
|
||||||
|
previously listed cert. It may not contain any inner package stanzas.
|
||||||
|
* Each signer/default/package tag is allowed to contain one seinfo tag. This tag
|
||||||
|
represents additional info that each app can use in setting a SELinux security
|
||||||
|
context on the eventual process.
|
||||||
|
* When a package is installed the following logic is used to determine what seinfo
|
||||||
|
value, if any, is assigned.
|
||||||
|
- All signatures used to sign the app are checked first.
|
||||||
|
- If a signer stanza has inner package stanzas, those stanza will be checked
|
||||||
|
to try and match the package name of the app. If the package name matches
|
||||||
|
then that seinfo tag is used. If no inner package matches then the outer
|
||||||
|
seinfo tag is assigned.
|
||||||
|
- The default tag is consulted last if needed.
|
||||||
|
-->
|
||||||
|
<!-- google apps key -->
|
||||||
|
<signer signature="@EUICCSUPPORTPIXEL" >
|
||||||
|
<seinfo value="EuiccSupportPixel" />
|
||||||
|
</signer>
|
||||||
|
</policy>
|
||||||
2
euiccpixel_app/sepolicy/common/seapp_contexts
Normal file
2
euiccpixel_app/sepolicy/common/seapp_contexts
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
# Domain for EuiccSupportPixel
|
||||||
|
user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
|
||||||
8
euiccpixel_app/sepolicy/st54/euiccpixel_app.te
Normal file
8
euiccpixel_app/sepolicy/st54/euiccpixel_app.te
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
# euiccpixel requires st54spi for firmware upgrade
|
||||||
|
userdebug_or_eng(`
|
||||||
|
net_domain(euiccpixel_app)
|
||||||
|
|
||||||
|
# Access to directly upgrade firmware on st54spi_device used for engineering devices
|
||||||
|
typeattribute st54spi_device mlstrustedobject;
|
||||||
|
allow euiccpixel_app st54spi_device:chr_file rw_file_perms;
|
||||||
|
')
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
PRODUCT_PACKAGES += vendor.google.radioext@1.0-service
|
PRODUCT_PACKAGES += vendor.google.radioext@1.0-service
|
||||||
DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/gril/aidl/2.0/compatibility_matrix.xml
|
DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/gril/aidl/2.0/compatibility_matrix.xml
|
||||||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/aidl/2.0/sepolicy
|
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/aidl/2.0/sepolicy
|
||||||
|
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/common/sepolicy
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
# allow grilservice_app to find hal_aidl_radio_ext_service
|
# allow grilservice_app to find hal_radio_ext_service
|
||||||
allow grilservice_app hal_aidl_radio_ext_service:service_manager find;
|
allow grilservice_app hal_radio_ext_service:service_manager find;
|
||||||
binder_call(grilservice_app, hal_aidl_radio_ext)
|
binder_call(grilservice_app, hal_aidl_radio_ext)
|
||||||
binder_call(grilservice_app, twoshay)
|
binder_call(grilservice_app, twoshay)
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ binder_call(hal_aidl_radio_ext, servicemanager)
|
||||||
binder_call(hal_aidl_radio_ext, grilservice_app)
|
binder_call(hal_aidl_radio_ext, grilservice_app)
|
||||||
binder_call(hal_aidl_radio_ext, hal_bluetooth_btlinux)
|
binder_call(hal_aidl_radio_ext, hal_bluetooth_btlinux)
|
||||||
|
|
||||||
add_service(hal_aidl_radio_ext, hal_aidl_radio_ext_service)
|
add_service(hal_aidl_radio_ext, hal_radio_ext_service)
|
||||||
|
|
||||||
# RW /dev/oem_ipc0
|
# RW /dev/oem_ipc0
|
||||||
allow hal_aidl_radio_ext radio_device:chr_file rw_file_perms;
|
allow hal_aidl_radio_ext radio_device:chr_file rw_file_perms;
|
||||||
|
|
|
||||||
|
|
@ -1,2 +0,0 @@
|
||||||
# Radio Ext AIDL service
|
|
||||||
type hal_aidl_radio_ext_service, hal_service_type, protected_service, service_manager_type;
|
|
||||||
|
|
@ -1,2 +1,3 @@
|
||||||
# Radio Ext AIDL service
|
# Radio Ext AIDL service
|
||||||
|
# Shared definition so a single type is referenced
|
||||||
type hal_radio_ext_service, hal_service_type, protected_service, service_manager_type;
|
type hal_radio_ext_service, hal_service_type, protected_service, service_manager_type;
|
||||||
|
|
@ -1 +1 @@
|
||||||
vendor.google.radio_ext.IRadioExt/default u:object_r:hal_aidl_radio_ext_service:s0
|
vendor.google.radio_ext.IRadioExt/default u:object_r:hal_radio_ext_service:s0
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
PRODUCT_PACKAGES += vendor.google.radioext@1.0-service
|
PRODUCT_PACKAGES += vendor.google.radioext@1.0-service
|
||||||
DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/gril/hidl/1.7/compatibility_matrix.xml
|
DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/gril/hidl/1.7/compatibility_matrix.xml
|
||||||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/hidl/1.7/sepolicy
|
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/hidl/1.7/sepolicy
|
||||||
|
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/common/sepolicy
|
||||||
|
|
|
||||||
|
|
@ -1,2 +1,4 @@
|
||||||
|
# allow grilservice_app to find hal_radio_ext_service
|
||||||
|
allow grilservice_app hal_radio_ext_service:service_manager find;
|
||||||
# allow grilservice_app to binder call hal_radioext_default
|
# allow grilservice_app to binder call hal_radioext_default
|
||||||
binder_call(grilservice_app, hal_radioext_default)
|
binder_call(grilservice_app, hal_radioext_default)
|
||||||
|
|
|
||||||
|
|
@ -3,3 +3,4 @@ PRODUCT_PACKAGES += vendor.google.radio_ext-service
|
||||||
DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/modem/radio_ext/compatibility_matrix.xml
|
DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/modem/radio_ext/compatibility_matrix.xml
|
||||||
|
|
||||||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/radio_ext/sepolicy
|
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/radio_ext/sepolicy
|
||||||
|
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/common/sepolicy
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue