Add selinux permissions for NFC/eSIM firmware upgrade and recovery
Bug: 181246088 Test: Confirm selinux permissions. Change-Id: I71c59d1afc50e273b840cd2df7600b4e806c0661
This commit is contained in:
Grace Chen
parent
7fd939fdd7
commit
4b59c5b98e
5 changed files with 60 additions and 0 deletions
29
whitechapel/vendor/google/certs/EuiccSupportPixel.x509.pem
vendored
Normal file
29
whitechapel/vendor/google/certs/EuiccSupportPixel.x509.pem
vendored
Normal file
|
|
@ -0,0 +1,29 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIF2zCCA8OgAwIBAgIVAIFP2e+Gh4wn4YFsSI7fRB6AXjIsMA0GCSqGSIb3DQEBCwUAMH4xCzAJ
|
||||||
|
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
|
||||||
|
EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEaMBgGA1UEAxMRRXVpY2NTdXBw
|
||||||
|
b3J0UGl4ZWwwHhcNMTkwMjI4MTkyMjE4WhcNNDkwMjI4MTkyMjE4WjB+MQswCQYDVQQGEwJVUzET
|
||||||
|
MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29v
|
||||||
|
Z2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxGjAYBgNVBAMTEUV1aWNjU3VwcG9ydFBpeGVsMIIC
|
||||||
|
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqklePqeltzqnyXVch9eJRXFBRQQIBIJWhcXb
|
||||||
|
WIP/kZ28ISnQ2SrZisdxqtvRIeInxb7lU1rRQDfqCFSp/vMZ3l25Ryn6OVLFP4bxV1vO797t7Ef/
|
||||||
|
amYA1mFKBsD4KLaIGj0/2RpGesneCOb0jWl2yRgIO2Ez7Y4YgWU/IoickZDLp1u6/7e7E/Qq9OXK
|
||||||
|
aXvtBSzooGrYC7eyKn7O21FOfz5cQRo4BipjJqXG5Ez8Vi+m/dL1IFRZheYttEf3v390vBcb0oJ0
|
||||||
|
oYPzLxmnb1LchjZC3yLAknRA0hNt8clvJ3tjXFjtzCGKsQsT4rnvvGFFABJTCf3EdEiwBNS5U4ho
|
||||||
|
+9+EtH7PpuoC+uVv2rLv/Gb7stlGQGx32KmK2CfKED3PdNqoT7WRx6nvVjCk3i7afdUcxQxcS9td
|
||||||
|
5r80CB1bQEhS2sWLWB21PJrfMugWUJO5Bwz6u0es8dP+4FAHojIaF6iwB5ZYIuHGcEaOviHm4jOK
|
||||||
|
rrGMlLqTwuEhq2aVIP55u7XRV98JLs2hlE5DJOWCIsPxybUDiddFvR+yzi/4FimsxJlEmaQAQcki
|
||||||
|
uJ9DceVP03StPzFJSDRlqa4yF6xkZW5piNoANQ4MyI67V2Qf8g/L1UPYAi4hUMxQGo7Clw2hBRag
|
||||||
|
ZTm65Xc7+ovBYxl5YaXAmNoJbss34Lw8tdrn4EECAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNV
|
||||||
|
HQ4EFgQU+hQdFrOGuCDI+bbebssw9TL5FcYwHwYDVR0jBBgwFoAU+hQdFrOGuCDI+bbebssw9TL5
|
||||||
|
FcYwDQYJKoZIhvcNAQELBQADggIBAGmyZHXddei/zUUMowiyi/MTtqXf9hKDEN4zhAXkuiuHxqA9
|
||||||
|
Ii0J1Sxz2dd5NkqMmtePKYFSGA884yVm1KAne/uoCWj57IK3jswiRYnKhXa293DxA/K9wY27IGbp
|
||||||
|
ulSuuxbpjjV2tqGUuoNQGKX7Oy6s0GcibyZFc+LpD7ttGk5QoLC9qQdpXZgUv/yG2B99ERSXLCaL
|
||||||
|
EWMNP/oVZQOCQGfsFM1fPLn3X0ZuCOQg9bljxFf3jTl+H6PIAhpCjKeeUQYLc41eQkCyR/f67aRB
|
||||||
|
GvO4YDpXLn9eH23B+26rjPyFiVtMJ/jJZ7UEPeJ3XBj1COS/X7p9gGRS5rtfr9z7XxuMxvG0JU9U
|
||||||
|
XA+bMfOOfCqflvw6IyUg+oxjBFIhgiP4fxna51+BqpctvB0OeRwUm6y4nN06AwqtD8SteQrEn0b0
|
||||||
|
IDWOKlVeh0lJWrDDEHr55dXSF+CbOPUDmMxmGoulOEOy/qSWIQi8BfvdX+e88CmracNRYVffLuQj
|
||||||
|
pRYN3TeiCJd+6/X9/x1Q8VLW7vOAb6uRyE2lOjX40DYBxK3xSq6J7Vp38f6z0vtQm2sAAQ4xqqon
|
||||||
|
A9tB5p+nJlYHgSxXOZx3C13Rs/eMmiGCKkSpCTnGCgBC7PfJDdMK6SLw5Gn4oyGoZo4fXbADuHrU
|
||||||
|
0JD1T1qdCm3aUSEmFgEA4rOL/0K3
|
||||||
|
-----END CERTIFICATE-----
|
||||||
21
whitechapel/vendor/google/euiccpixel_app.te
vendored
Normal file
21
whitechapel/vendor/google/euiccpixel_app.te
vendored
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
# EuiccSupportPixel app
|
||||||
|
|
||||||
|
type euiccpixel_app, domain;
|
||||||
|
app_domain(euiccpixel_app)
|
||||||
|
|
||||||
|
allow euiccpixel_app app_api_service:service_manager find;
|
||||||
|
allow euiccpixel_app radio_service:service_manager find;
|
||||||
|
allow euiccpixel_app nfc_service:service_manager find;
|
||||||
|
allow euiccpixel_app surfaceflinger_service:service_manager find;
|
||||||
|
|
||||||
|
set_prop(euiccpixel_app, vendor_secure_element_prop)
|
||||||
|
set_prop(euiccpixel_app, vendor_modem_prop)
|
||||||
|
|
||||||
|
userdebug_or_eng(`
|
||||||
|
net_domain(euiccpixel_app)
|
||||||
|
|
||||||
|
# Access to directly upgrade firmware on secure_element used for engineering devices
|
||||||
|
typeattribute secure_element_device mlstrustedobject;
|
||||||
|
allow euiccpixel_app secure_element_device:chr_file rw_file_perms;
|
||||||
|
')
|
||||||
|
|
||||||
3
whitechapel/vendor/google/keys.conf
vendored
3
whitechapel/vendor/google/keys.conf
vendored
|
|
@ -3,3 +3,6 @@ ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/com_google_md
|
||||||
|
|
||||||
[@UWB]
|
[@UWB]
|
||||||
ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/com_qorvo_uwb.x509.pem
|
ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/com_qorvo_uwb.x509.pem
|
||||||
|
|
||||||
|
[@EUICCSUPPORTPIXEL]
|
||||||
|
ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/EuiccSupportPixel.x509.pem
|
||||||
|
|
|
||||||
|
|
@ -27,4 +27,7 @@
|
||||||
<signer signature="@UWB" >
|
<signer signature="@UWB" >
|
||||||
<seinfo value="uwb" />
|
<seinfo value="uwb" />
|
||||||
</signer>
|
</signer>
|
||||||
|
<signer signature="@EUICCSUPPORTPIXEL" >
|
||||||
|
<seinfo value="EuiccSupportPixel" />
|
||||||
|
</signer>
|
||||||
</policy>
|
</policy>
|
||||||
|
|
|
||||||
4
whitechapel/vendor/google/seapp_contexts
vendored
4
whitechapel/vendor/google/seapp_contexts
vendored
|
|
@ -44,3 +44,7 @@ user=_app isPrivApp=true seinfo=platform name=com.thales.device.ofl.app.basicag
|
||||||
|
|
||||||
# Qorvo UWB system app
|
# Qorvo UWB system app
|
||||||
user=uwb isPrivApp=true seinfo=uwb name=com.qorvo.uwb domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
|
user=uwb isPrivApp=true seinfo=uwb name=com.qorvo.uwb domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
|
||||||
|
|
||||||
|
# Domain for EuiccSupportPixel
|
||||||
|
user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue