From b6d74a5196dfeab2d34a6d55ee8d3d3fb00a21d1 Mon Sep 17 00:00:00 2001
From: Jinyoung Jeong <jinjeong@google.com>
Date: Mon, 15 May 2023 10:18:11 +0000
Subject: [PATCH] [GS101][eSIM] Add system properties rule

Bug: 279988311
Test: https://fusion2.corp.google.com/d517f34a-3242-40b1-adf6-acb6035ff2cb , b/282901698
Change-Id: I6caed744d2bba7882f80f8ace229f6c4b4133c65
---
 system_ext/private/euicc_app.te      | 13 +++++++++++++
 system_ext/private/property.te       |  5 +++++
 system_ext/private/property_contexts |  3 +++
 system_ext/private/seapp_contexts    |  2 ++
 system_ext/public/property.te        |  3 +++
 5 files changed, 26 insertions(+)
 create mode 100644 system_ext/private/euicc_app.te
 create mode 100644 system_ext/private/property.te
 create mode 100644 system_ext/private/seapp_contexts

diff --git a/system_ext/private/euicc_app.te b/system_ext/private/euicc_app.te
new file mode 100644
index 00000000..842f1ec7
--- /dev/null
+++ b/system_ext/private/euicc_app.te
@@ -0,0 +1,13 @@
+type euicc_app, domain, coredomain;
+app_domain(euicc_app)
+net_domain(euicc_app)
+bluetooth_domain(euicc_app)
+
+allow euicc_app app_api_service:service_manager find;
+allow euicc_app radio_service:service_manager find;
+allow euicc_app cameraserver_service:service_manager find;
+
+get_prop(euicc_app, camera_config_prop)
+get_prop(euicc_app, bootloader_prop)
+get_prop(euicc_app, exported_default_prop)
+get_prop(euicc_app, esim_modem_prop)
diff --git a/system_ext/private/property.te b/system_ext/private/property.te
new file mode 100644
index 00000000..714108b1
--- /dev/null
+++ b/system_ext/private/property.te
@@ -0,0 +1,5 @@
+neverallow {
+  domain
+  -init
+  -vendor_init
+} esim_modem_prop:property_service set;
diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts
index 9cf97280..790ba63b 100644
--- a/system_ext/private/property_contexts
+++ b/system_ext/private/property_contexts
@@ -6,3 +6,6 @@ persist.bootanim.color1     u:object_r:bootanim_system_prop:s0     exact    int
 persist.bootanim.color2     u:object_r:bootanim_system_prop:s0     exact    int
 persist.bootanim.color3     u:object_r:bootanim_system_prop:s0     exact    int
 persist.bootanim.color4     u:object_r:bootanim_system_prop:s0     exact    int
+
+# Properties for euicc
+persist.modem.esim_profiles_exist            u:object_r:esim_modem_prop:s0    exact    string
diff --git a/system_ext/private/seapp_contexts b/system_ext/private/seapp_contexts
new file mode 100644
index 00000000..8c2178a8
--- /dev/null
+++ b/system_ext/private/seapp_contexts
@@ -0,0 +1,2 @@
+# Domain for EuiccGoogle
+user=_app isPrivApp=true  name=com.google.android.euicc domain=euicc_app type=privapp_data_file levelFrom=user
diff --git a/system_ext/public/property.te b/system_ext/public/property.te
index 8908e485..bb07d927 100644
--- a/system_ext/public/property.te
+++ b/system_ext/public/property.te
@@ -1,2 +1,5 @@
 # Fingerprint (UDFPS) GHBM/LHBM toggle
 system_vendor_config_prop(fingerprint_ghbm_prop)
+
+# eSIM properties
+system_vendor_config_prop(esim_modem_prop)