Add eSIM directory and disable bootstrap when bootloader is unlocked in user build

Allow vendor_init to set setupwizard prop Allow priv_app and gmscore_app to get setupwizard prop <11>[ 7.276992][ T329] init: Unable to set property 'setupwizard.feature.provisioning_profile_mode' from uid:0 gid:0 pid:330: SELinux permission check failed 08-28 15:35:42.536 10156 5884 5884 W oid.setupwizard: type=1400 audit(0.0:63): avc: denied { read } for name="u:object_r:setupwizard_feature_prop:s0" dev="tmpfs" ino=335 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:setupwizard_feature_prop:s0 tclass=file permissive=0 app=com.google.android.setupwizard 08-28 15:11:52.015 10185 6915 6915 W highpool[8]: type=1400 audit(0.0:17): avc: denied { read } for name="u:object_r:setupwizard_feature_prop:s0" dev="tmpfs" ino=339 scontext=u:r:gmscore_app:s0:c512,c768 tcontext=u:object_r:setupwizard_feature_prop:s0 tclass=file permissive=0 app=com.google.android.gms Bug: 349592724 Test: m Change-Id: I8330c9f6f9efd215ec4ea1f7d3d6ff5596773e21 Flag: NONE disabling a feature just in factory
2024-08-22 09:33:40 -07:00 · 2024-08-22 09:33:40 -07:00 · 69797e03ca
commit 69797e03ca
parent 805f6b577c
9 changed files with 34 additions and 0 deletions
--- a/esim/Android.bp
+++ b/esim/Android.bp
@ -0,0 +1,10 @@
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+prebuilt_etc {
+    name: "init.esim-gs.rc",
+    src: "init.esim-gs.rc",
+    vendor: true,
+    sub_dir: "init",
+}
--- a/esim/OWNERS
+++ b/esim/OWNERS
@ -0,0 +1,2 @@
+kiwonp@google.com
+mewan@google.com
--- a/esim/esim.mk
+++ b/esim/esim.mk
@ -0,0 +1,5 @@
+PRODUCT_PACKAGES += init.esim-gs.rc
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/esim/sepolicy/vendor
+# system_ext
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/esim/sepolicy/system_ext/public
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/esim/sepolicy/system_ext/private
--- a/esim/init.esim-gs.rc
+++ b/esim/init.esim-gs.rc
@ -0,0 +1,7 @@
+# Disable bootstrap when bootloader is unlocked in user build
+on property:ro.build.type=user && property:ro.boot.flash.locked=0
+    setprop setupwizard.feature.provisioning_profile_mode false
+
+# Disable bootstrap for DVT devices shipping to non-US carriers
+on property:ro.boot.warranty.sku=BOF
+    setprop setupwizard.feature.provisioning_profile_mode false
--- a/esim/sepolicy/system_ext/private/gmscore_app.te
+++ b/esim/sepolicy/system_ext/private/gmscore_app.te
@ -0,0 +1,2 @@
+# Allow to read setupwizard_feature_prop
+get_prop(priv_app, setupwizard_feature_prop)
--- a/esim/sepolicy/system_ext/private/priv_app.te
+++ b/esim/sepolicy/system_ext/private/priv_app.te
@ -0,0 +1,2 @@
+# Allow to read setupwizard_feature_prop
+get_prop(priv_app, setupwizard_feature_prop)
--- a/esim/sepolicy/system_ext/private/property_contexts
+++ b/esim/sepolicy/system_ext/private/property_contexts
@ -0,0 +1,2 @@
+# setupwizard
+setupwizard.feature.provisioning_profile_mode    u:object_r:setupwizard_feature_prop:s0
--- a/esim/sepolicy/system_ext/public/property.te
+++ b/esim/sepolicy/system_ext/public/property.te
@ -0,0 +1,2 @@
+# setupwizard
+system_public_prop(setupwizard_feature_prop)
--- a/esim/sepolicy/vendor/vendor_init.te
+++ b/esim/sepolicy/vendor/vendor_init.te
@ -0,0 +1,2 @@
+# setupwizard
+set_prop(vendor_init, setupwizard_feature_prop)