diff --git a/system_ext/private/euicc_app.te b/system_ext/private/euicc_app.te new file mode 100644 index 00000000..842f1ec7 --- /dev/null +++ b/system_ext/private/euicc_app.te @@ -0,0 +1,13 @@ +type euicc_app, domain, coredomain; +app_domain(euicc_app) +net_domain(euicc_app) +bluetooth_domain(euicc_app) + +allow euicc_app app_api_service:service_manager find; +allow euicc_app radio_service:service_manager find; +allow euicc_app cameraserver_service:service_manager find; + +get_prop(euicc_app, camera_config_prop) +get_prop(euicc_app, bootloader_prop) +get_prop(euicc_app, exported_default_prop) +get_prop(euicc_app, esim_modem_prop) diff --git a/system_ext/private/property.te b/system_ext/private/property.te new file mode 100644 index 00000000..714108b1 --- /dev/null +++ b/system_ext/private/property.te @@ -0,0 +1,5 @@ +neverallow { + domain + -init + -vendor_init +} esim_modem_prop:property_service set; diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts index 9cf97280..790ba63b 100644 --- a/system_ext/private/property_contexts +++ b/system_ext/private/property_contexts @@ -6,3 +6,6 @@ persist.bootanim.color1 u:object_r:bootanim_system_prop:s0 exact int persist.bootanim.color2 u:object_r:bootanim_system_prop:s0 exact int persist.bootanim.color3 u:object_r:bootanim_system_prop:s0 exact int persist.bootanim.color4 u:object_r:bootanim_system_prop:s0 exact int + +# Properties for euicc +persist.modem.esim_profiles_exist u:object_r:esim_modem_prop:s0 exact string diff --git a/system_ext/private/seapp_contexts b/system_ext/private/seapp_contexts new file mode 100644 index 00000000..8c2178a8 --- /dev/null +++ b/system_ext/private/seapp_contexts @@ -0,0 +1,2 @@ +# Domain for EuiccGoogle +user=_app isPrivApp=true name=com.google.android.euicc domain=euicc_app type=privapp_data_file levelFrom=user diff --git a/system_ext/public/property.te b/system_ext/public/property.te index 8908e485..bb07d927 100644 --- a/system_ext/public/property.te +++ b/system_ext/public/property.te @@ -1,2 +1,5 @@ # Fingerprint (UDFPS) GHBM/LHBM toggle system_vendor_config_prop(fingerprint_ghbm_prop) + +# eSIM properties +system_vendor_config_prop(esim_modem_prop)