From d569008b77d108dcdde0156ca5958d318159bd92 Mon Sep 17 00:00:00 2001 From: Jin Jeong Date: Fri, 12 May 2023 04:18:25 +0000 Subject: [PATCH 1/2] Revert "Fix LPA crash due to selinux denial" Revert submission 22955599-euicc_selinux_fix2 Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules Bug: 279988311 Reverted changes: /q/submissionid:22955599-euicc_selinux_fix2 Change-Id: I6421319ba280fb11d05f2e107754449e54e5afa4 --- whitechapel/vendor/google/euicc_app.te | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/whitechapel/vendor/google/euicc_app.te b/whitechapel/vendor/google/euicc_app.te index 2e36435b..d7259159 100644 --- a/whitechapel/vendor/google/euicc_app.te +++ b/whitechapel/vendor/google/euicc_app.te @@ -1,12 +1,14 @@ type euicc_app, domain; app_domain(euicc_app) -net_domain(euicc_app) -allow euicc_app app_api_service:service_manager find; +allow euicc_app activity_service:service_manager find; allow euicc_app radio_service:service_manager find; -allow euicc_app cameraserver_service:service_manager find; +allow euicc_app content_capture_service:service_manager find; +allow euicc_app virtual_device_service:service_manager find; +allow euicc_app game_service:service_manager find; +allow euicc_app netstats_service:service_manager find; +allow euicc_app registry_service:service_manager find; -get_prop(euicc_app, camera_config_prop) get_prop(euicc_app, setupwizard_esim_prop) get_prop(euicc_app, bootloader_prop) get_prop(euicc_app, exported_default_prop) From 15e18323961765f09824e43decbf5bfff50b18da Mon Sep 17 00:00:00 2001 From: Jin Jeong Date: Fri, 12 May 2023 04:17:26 +0000 Subject: [PATCH 2/2] Revert "Fix SELinux error for com.google.android.euicc" Revert submission 22899490-euicc_selinux_fix Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules Bug: 279988311 Reverted changes: /q/submissionid:22899490-euicc_selinux_fix Change-Id: I72da756853a540d6251e074313b1880c9c9038e8 --- private/property.te | 8 ------- private/property_contexts | 2 -- .../vendor/google/certs/EuiccGoogle.x509.pem | 23 ------------------- whitechapel/vendor/google/euicc_app.te | 15 ------------ whitechapel/vendor/google/keys.conf | 3 --- whitechapel/vendor/google/mac_permissions.xml | 3 --- whitechapel/vendor/google/seapp_contexts | 3 --- 7 files changed, 57 deletions(-) delete mode 100644 private/property.te delete mode 100644 private/property_contexts delete mode 100644 whitechapel/vendor/google/certs/EuiccGoogle.x509.pem delete mode 100644 whitechapel/vendor/google/euicc_app.te diff --git a/private/property.te b/private/property.te deleted file mode 100644 index a6bee3b3..00000000 --- a/private/property.te +++ /dev/null @@ -1,8 +0,0 @@ -product_restricted_prop(masterclear_esim_prop) -product_restricted_prop(euicc_seamless_transfer_prop) - -neverallow { domain -init } masterclear_esim_prop:property_service set; -neverallow { domain -init } euicc_seamless_transfer_prop:property_service set; - -get_prop(appdomain, masterclear_esim_prop) -get_prop(appdomain, euicc_seamless_transfer_prop) diff --git a/private/property_contexts b/private/property_contexts deleted file mode 100644 index 843f2976..00000000 --- a/private/property_contexts +++ /dev/null @@ -1,2 +0,0 @@ -masterclear.allow_retain_esim_profiles_after_fdr u:object_r:masterclear_esim_prop:s0 exact bool -euicc.seamless_transfer_enabled_in_non_qs u:object_r:euicc_seamless_transfer_prop:s0 exact bool diff --git a/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem b/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem deleted file mode 100644 index be6c715c..00000000 --- a/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIJAOZ2d46ckK9JMA0GCSqGSIb3DQEBCwUAMHgxCzAJBgNV -BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW -aWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEUMBIG -A1UEAwwLRXVpY2NHb29nbGUwHhcNMTYxMjE3MDEyMTEzWhcNNDQwNTA0MDEyMTEz -WjB4MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN -TW91bnRhaW4gVmlldzEUMBIGA1UECgwLR29vZ2xlIEluYy4xEDAOBgNVBAsMB0Fu -ZHJvaWQxFDASBgNVBAMMC0V1aWNjR29vZ2xlMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA1S7b8bGk4fNm3cckWJx2sbnvC39BroHNwk6am6jVP4MZAYuc -PN6QQ7/2s7hvtn91w6VbeGi2fryIMc7jXjlixheotD2Ns+/7qsPpQ+ZovfaQO5Xw -/c4J+1CfiqrLtd4TyO+4uFGTCO/vs4qhMH58QrhnYPZUqeuq0Zs1Irp0FlVFe1qm -1heU2zJy5locjb9UJXY33sVc9vfWy+sM8TLX40nWxIXGdbzJHJNyjjr/NA+0+drx -anJCtac6+evehH6o8+t8RQBU44PEZiyGkM8poNgRTAcFdRFXU8pitZXp3QZQk6HO -JsVuqqADwsfxGSdVyHFmOW7gxpkB9+IuJJEmkQIDAQABo1AwTjAdBgNVHQ4EFgQU -lVkGDn/XmF7HjP0K3ykCNnnZ8jMwHwYDVR0jBBgwFoAUlVkGDn/XmF7HjP0K3ykC -NnnZ8jMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkDOpQMXcuKwt -CPu5/tdskpfoBMrpYJOwfvpj/JwrudnXUHZXnBnH9PtHprghGtNiWPXHTbZSzKUS -Aojpo1Lev7DtowFILA54oY6d1NqbCIJy+Knwt3W5H7Rg8u8LqvzkpX5CBKAhRwkQ -0t3yrlEkI7kx805vg484gAe+AXyBx0dGe6ov4/yrzv9E+1jhIgP7tF/f+x8zX6Tr -mDCjzz4mgKahMbmsHQg430wlbZczrciMMfPiRc3xEHKLUqGL0ARtE01hJiJ4TY/X -iL/8QUA3nBcpUyEwHFwUao40Gjca9xteKd7MtmiZ6BM2JJSQ4nSNkcwQW8PU/7Qb -0QMwPRPLbQ== ------END CERTIFICATE----- diff --git a/whitechapel/vendor/google/euicc_app.te b/whitechapel/vendor/google/euicc_app.te deleted file mode 100644 index d7259159..00000000 --- a/whitechapel/vendor/google/euicc_app.te +++ /dev/null @@ -1,15 +0,0 @@ -type euicc_app, domain; -app_domain(euicc_app) - -allow euicc_app activity_service:service_manager find; -allow euicc_app radio_service:service_manager find; -allow euicc_app content_capture_service:service_manager find; -allow euicc_app virtual_device_service:service_manager find; -allow euicc_app game_service:service_manager find; -allow euicc_app netstats_service:service_manager find; -allow euicc_app registry_service:service_manager find; - -get_prop(euicc_app, setupwizard_esim_prop) -get_prop(euicc_app, bootloader_prop) -get_prop(euicc_app, exported_default_prop) -get_prop(euicc_app, vendor_modem_prop) diff --git a/whitechapel/vendor/google/keys.conf b/whitechapel/vendor/google/keys.conf index d609a05d..fb6e52b6 100644 --- a/whitechapel/vendor/google/keys.conf +++ b/whitechapel/vendor/google/keys.conf @@ -6,6 +6,3 @@ ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/com_qorvo_uwb [@EUICCSUPPORTPIXEL] ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/EuiccSupportPixel.x509.pem - -[@EUICCGOOGLE] -ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem diff --git a/whitechapel/vendor/google/mac_permissions.xml b/whitechapel/vendor/google/mac_permissions.xml index e4658cc5..6cb7113c 100644 --- a/whitechapel/vendor/google/mac_permissions.xml +++ b/whitechapel/vendor/google/mac_permissions.xml @@ -30,7 +30,4 @@ - - - diff --git a/whitechapel/vendor/google/seapp_contexts b/whitechapel/vendor/google/seapp_contexts index e84832b6..e724de28 100644 --- a/whitechapel/vendor/google/seapp_contexts +++ b/whitechapel/vendor/google/seapp_contexts @@ -52,8 +52,5 @@ user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_ # Domain for EuiccSupportPixel user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all -# Domain for EuiccGoogle -user=_app isPrivApp=true seinfo=EuiccGoogle name=com.google.android.euicc domain=euicc_app type=app_data_file levelFrom=all - # CccDkTimeSyncService user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all