From d9478e1c21bcff60f25d605c25df71f11ac5792d Mon Sep 17 00:00:00 2001
From: Inseob Kim <inseob@google.com>
Date: Fri, 21 Jul 2023 14:46:14 +0900
Subject: [PATCH] Move coredomain seapp contexts to system_ext

Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble
violation.

Bug: 280547417
Test: TH
Change-Id: I68d6564ca9e5ba77d3562b6c73b32cd1713001f7
---
 ambient/seapp_contexts                   | 2 --
 system_ext/private/seapp_contexts        | 9 +++++++++
 whitechapel/vendor/google/seapp_contexts | 6 ------
 3 files changed, 9 insertions(+), 8 deletions(-)
 delete mode 100644 ambient/seapp_contexts

diff --git a/ambient/seapp_contexts b/ambient/seapp_contexts
deleted file mode 100644
index 8024688c..00000000
--- a/ambient/seapp_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# Domain for Exo app
-user=_app seinfo=platform name=com.google.pixel.exo domain=exo_app type=app_data_file levelFrom=all
diff --git a/system_ext/private/seapp_contexts b/system_ext/private/seapp_contexts
index 8c2178a8..234cccaf 100644
--- a/system_ext/private/seapp_contexts
+++ b/system_ext/private/seapp_contexts
@@ -1,2 +1,11 @@
 # Domain for EuiccGoogle
 user=_app isPrivApp=true  name=com.google.android.euicc domain=euicc_app type=privapp_data_file levelFrom=user
+
+# Domain for Exo app
+user=_app seinfo=platform name=com.google.pixel.exo domain=exo_app type=app_data_file levelFrom=all
+
+# Domain for connectivity monitor
+user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
+
+# HbmSVManager
+user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all
diff --git a/whitechapel/vendor/google/seapp_contexts b/whitechapel/vendor/google/seapp_contexts
index e724de28..7711c447 100644
--- a/whitechapel/vendor/google/seapp_contexts
+++ b/whitechapel/vendor/google/seapp_contexts
@@ -24,18 +24,12 @@ user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_d
 # grilservice
 user=_app isPrivApp=true name=com.google.android.grilservice domain=grilservice_app levelFrom=all
 
-# HbmSVManager
-user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all
-
 # Domain for omadm
 user=_app isPrivApp=true seinfo=platform name=com.android.omadm.service domain=omadm_app type=app_data_file levelFrom=all
 
 # Modem Diagnostic System
 user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user
 
-# Domain for connectivity monitor
-user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
-
 # RIL Config Service
 user=radio isPrivApp=true seinfo=platform name=com.google.RilConfigService domain=ril_config_service_app type=app_data_file