Merge "gs-common: add rules for euiccpixel_app" into main
This commit is contained in:
Welly Hsu
Android (Google) Code Review
commit
d2c239970b
9 changed files with 101 additions and 0 deletions
3
euiccpixel_app/euiccpixel_app_st54.mk
Normal file
3
euiccpixel_app/euiccpixel_app_st54.mk
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/euiccpixel_app/sepolicy/common
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/euiccpixel_app/sepolicy/st54
|
||||
PRODUCT_PACKAGES += EuiccSupportPixel-P23
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIF2zCCA8OgAwIBAgIVAIFP2e+Gh4wn4YFsSI7fRB6AXjIsMA0GCSqGSIb3DQEBCwUAMH4xCzAJ
|
||||
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
|
||||
EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEaMBgGA1UEAxMRRXVpY2NTdXBw
|
||||
b3J0UGl4ZWwwHhcNMTkwMjI4MTkyMjE4WhcNNDkwMjI4MTkyMjE4WjB+MQswCQYDVQQGEwJVUzET
|
||||
MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29v
|
||||
Z2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxGjAYBgNVBAMTEUV1aWNjU3VwcG9ydFBpeGVsMIIC
|
||||
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqklePqeltzqnyXVch9eJRXFBRQQIBIJWhcXb
|
||||
WIP/kZ28ISnQ2SrZisdxqtvRIeInxb7lU1rRQDfqCFSp/vMZ3l25Ryn6OVLFP4bxV1vO797t7Ef/
|
||||
amYA1mFKBsD4KLaIGj0/2RpGesneCOb0jWl2yRgIO2Ez7Y4YgWU/IoickZDLp1u6/7e7E/Qq9OXK
|
||||
aXvtBSzooGrYC7eyKn7O21FOfz5cQRo4BipjJqXG5Ez8Vi+m/dL1IFRZheYttEf3v390vBcb0oJ0
|
||||
oYPzLxmnb1LchjZC3yLAknRA0hNt8clvJ3tjXFjtzCGKsQsT4rnvvGFFABJTCf3EdEiwBNS5U4ho
|
||||
+9+EtH7PpuoC+uVv2rLv/Gb7stlGQGx32KmK2CfKED3PdNqoT7WRx6nvVjCk3i7afdUcxQxcS9td
|
||||
5r80CB1bQEhS2sWLWB21PJrfMugWUJO5Bwz6u0es8dP+4FAHojIaF6iwB5ZYIuHGcEaOviHm4jOK
|
||||
rrGMlLqTwuEhq2aVIP55u7XRV98JLs2hlE5DJOWCIsPxybUDiddFvR+yzi/4FimsxJlEmaQAQcki
|
||||
uJ9DceVP03StPzFJSDRlqa4yF6xkZW5piNoANQ4MyI67V2Qf8g/L1UPYAi4hUMxQGo7Clw2hBRag
|
||||
ZTm65Xc7+ovBYxl5YaXAmNoJbss34Lw8tdrn4EECAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNV
|
||||
HQ4EFgQU+hQdFrOGuCDI+bbebssw9TL5FcYwHwYDVR0jBBgwFoAU+hQdFrOGuCDI+bbebssw9TL5
|
||||
FcYwDQYJKoZIhvcNAQELBQADggIBAGmyZHXddei/zUUMowiyi/MTtqXf9hKDEN4zhAXkuiuHxqA9
|
||||
Ii0J1Sxz2dd5NkqMmtePKYFSGA884yVm1KAne/uoCWj57IK3jswiRYnKhXa293DxA/K9wY27IGbp
|
||||
ulSuuxbpjjV2tqGUuoNQGKX7Oy6s0GcibyZFc+LpD7ttGk5QoLC9qQdpXZgUv/yG2B99ERSXLCaL
|
||||
EWMNP/oVZQOCQGfsFM1fPLn3X0ZuCOQg9bljxFf3jTl+H6PIAhpCjKeeUQYLc41eQkCyR/f67aRB
|
||||
GvO4YDpXLn9eH23B+26rjPyFiVtMJ/jJZ7UEPeJ3XBj1COS/X7p9gGRS5rtfr9z7XxuMxvG0JU9U
|
||||
XA+bMfOOfCqflvw6IyUg+oxjBFIhgiP4fxna51+BqpctvB0OeRwUm6y4nN06AwqtD8SteQrEn0b0
|
||||
IDWOKlVeh0lJWrDDEHr55dXSF+CbOPUDmMxmGoulOEOy/qSWIQi8BfvdX+e88CmracNRYVffLuQj
|
||||
pRYN3TeiCJd+6/X9/x1Q8VLW7vOAb6uRyE2lOjX40DYBxK3xSq6J7Vp38f6z0vtQm2sAAQ4xqqon
|
||||
A9tB5p+nJlYHgSxXOZx3C13Rs/eMmiGCKkSpCTnGCgBC7PfJDdMK6SLw5Gn4oyGoZo4fXbADuHrU
|
||||
0JD1T1qdCm3aUSEmFgEA4rOL/0K3
|
||||
-----END CERTIFICATE-----
|
||||
27
euiccpixel_app/sepolicy/common/euiccpixel_app.te
Normal file
27
euiccpixel_app/sepolicy/common/euiccpixel_app.te
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
# Euiccpixel_app
|
||||
type euiccpixel_app, domain;
|
||||
app_domain(euiccpixel_app)
|
||||
|
||||
allow euiccpixel_app activity_service:service_manager find;
|
||||
allow euiccpixel_app netstats_service:service_manager find;
|
||||
allow euiccpixel_app content_capture_service:service_manager find;
|
||||
allow euiccpixel_app activity_task_service:service_manager find;
|
||||
allow euiccpixel_app gpu_service:service_manager find;
|
||||
allow euiccpixel_app voiceinteraction_service:service_manager find;
|
||||
allow euiccpixel_app autofill_service:service_manager find;
|
||||
allow euiccpixel_app sensitive_content_protection_service:service_manager find;
|
||||
allow euiccpixel_app hint_service:service_manager find;
|
||||
allow euiccpixel_app audio_service:service_manager find;
|
||||
allow euiccpixel_app batterystats_service:service_manager find;
|
||||
allow euiccpixel_app batteryproperties_service:service_manager find;
|
||||
allow euiccpixel_app permission_checker_service:service_manager find;
|
||||
allow euiccpixel_app radio_service:service_manager find;
|
||||
allow euiccpixel_app nfc_service:service_manager find;
|
||||
|
||||
set_prop(euiccpixel_app, vendor_secure_element_prop)
|
||||
set_prop(euiccpixel_app, vendor_modem_prop)
|
||||
get_prop(euiccpixel_app, dck_prop)
|
||||
|
||||
# b/265286368 framework UI rendering properties and file access
|
||||
dontaudit euiccpixel_app default_prop:file { read };
|
||||
dontaudit euiccpixel_app sysfs_gpu_uevent:file { read open getattr };
|
||||
2
euiccpixel_app/sepolicy/common/file.te
Normal file
2
euiccpixel_app/sepolicy/common/file.te
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
# type for gpu uevent
|
||||
type sysfs_gpu_uevent, sysfs_type, fs_type;
|
||||
1
euiccpixel_app/sepolicy/common/genfs_contexts
Normal file
1
euiccpixel_app/sepolicy/common/genfs_contexts
Normal file
|
|
@ -0,0 +1 @@
|
|||
genfscon sysfs /devices/platform/34f00000.gpu0/uevent u:object_r:sysfs_gpu_uevent:s0
|
||||
2
euiccpixel_app/sepolicy/common/keys.conf
Normal file
2
euiccpixel_app/sepolicy/common/keys.conf
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
[@EUICCSUPPORTPIXEL]
|
||||
ALL : device/google/gs-common/euiccpixel_app/sepolicy/common/certs/EuiccSupportPixel.x509.pem
|
||||
27
euiccpixel_app/sepolicy/common/mac_permissions.xml
Normal file
27
euiccpixel_app/sepolicy/common/mac_permissions.xml
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<policy>
|
||||
|
||||
<!--
|
||||
|
||||
* A signature is a hex encoded X.509 certificate or a tag defined in
|
||||
keys.conf and is required for each signer tag.
|
||||
* A signer tag may contain a seinfo tag and multiple package stanzas.
|
||||
* A default tag is allowed that can contain policy for all apps not signed with a
|
||||
previously listed cert. It may not contain any inner package stanzas.
|
||||
* Each signer/default/package tag is allowed to contain one seinfo tag. This tag
|
||||
represents additional info that each app can use in setting a SELinux security
|
||||
context on the eventual process.
|
||||
* When a package is installed the following logic is used to determine what seinfo
|
||||
value, if any, is assigned.
|
||||
- All signatures used to sign the app are checked first.
|
||||
- If a signer stanza has inner package stanzas, those stanza will be checked
|
||||
to try and match the package name of the app. If the package name matches
|
||||
then that seinfo tag is used. If no inner package matches then the outer
|
||||
seinfo tag is assigned.
|
||||
- The default tag is consulted last if needed.
|
||||
-->
|
||||
<!-- google apps key -->
|
||||
<signer signature="@EUICCSUPPORTPIXEL" >
|
||||
<seinfo value="EuiccSupportPixel" />
|
||||
</signer>
|
||||
</policy>
|
||||
2
euiccpixel_app/sepolicy/common/seapp_contexts
Normal file
2
euiccpixel_app/sepolicy/common/seapp_contexts
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
# Domain for EuiccSupportPixel
|
||||
user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
|
||||
8
euiccpixel_app/sepolicy/st54/euiccpixel_app.te
Normal file
8
euiccpixel_app/sepolicy/st54/euiccpixel_app.te
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
# euiccpixel requires st54spi for firmware upgrade
|
||||
userdebug_or_eng(`
|
||||
net_domain(euiccpixel_app)
|
||||
|
||||
# Access to directly upgrade firmware on st54spi_device used for engineering devices
|
||||
typeattribute st54spi_device mlstrustedobject;
|
||||
allow euiccpixel_app st54spi_device:chr_file rw_file_perms;
|
||||
')
|
||||
Loading…
Add table
Add a link
Reference in a new issue