Move uwb to system_ext am: 5e75eaa1a5 am: a7fd020e52
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24660422 Change-Id: Ie0e020624f04ee835d414ff467ff937a6e7783bb Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Wilson Sung
Automerger Merge Worker
commit
212bd9a779
12 changed files with 52 additions and 22 deletions
29
system_ext/private/certs/com_qorvo_uwb.x509.pem
Normal file
29
system_ext/private/certs/com_qorvo_uwb.x509.pem
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIF1TCCA72gAwIBAgIVALSpAFqvtr1ntTS7YgB0Y5R6WqEtMA0GCSqGSIb3DQEBCwUAMHoxCzAJ
|
||||
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
|
||||
EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEWMBQGA1UEAwwNY29tX3FvcnZv
|
||||
X3V3YjAgFw0yMTA1MDQwNTAyMDlaGA8yMDUxMDUwNDA1MDIwOVowejELMAkGA1UEBhMCVVMxEzAR
|
||||
BgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dvb2ds
|
||||
ZSBJbmMuMRAwDgYDVQQLEwdBbmRyb2lkMRYwFAYDVQQDDA1jb21fcW9ydm9fdXdiMIICIjANBgkq
|
||||
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyoe1/UDAyMZd5iWqaKPDKN0cCESsWBTTkuLFpzMfcTEa
|
||||
IyMORaIYriuAxvWhNzidPQvvRPyw0XQbl7GZLjXLF004G5xPTXFHIdtWv/scuC53INqTerppcHeW
|
||||
fP4hfJPbZMQNcDB9EHa2bhA0wPdfoJD4cz8T7sgQcbRirdR8KoiOVWYe5UTSdk0df2IbiMZav2DJ
|
||||
KhFql323emi4QHoDeUMAYy35mTh5vhfJ8NrCRAUwMh0zlw6LwZw/Dr8AbzDXl4Mo6Ij2pTn3/1zW
|
||||
BPNkJonvONiMvuUUDl6LnP/41qhxYSg9RBp3wBJLknmfD/hEaXxTSLdkJyF43t61sU12mDQbLu4s
|
||||
ZoiQKeKMJ0VpC56gUzkpnx3pzusq+/bAlTXf8Tfqrm7nizwR/69kntNYp8iaUJnvQQzlChc2lg2X
|
||||
QNzf6zShPptpPqJIgmWawH6DL8JPHgkpguWyz47dWHCLnTfp8miEZPrQkPKL13SCMYCwxmlNYNWG
|
||||
gUFPX5UJfnNVH4y2gPpXssROyKQKp/ArZkWb2zURrC1RUvNFADvvFt+hb2iXXVnfVeEtKAkSdhOj
|
||||
RHwXhc/EtraSMMYUeO/uhUiPmPFR0FVLxCIm6i91/xqgWhKgRN0uatornO3lSNgzk4c7b0JCncEn
|
||||
iArWJ516/nqWIvEdYjcqIBDAdSx8S1sCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU
|
||||
EGKtCMO6w0UKLbAmd/laZERZZrkwHwYDVR0jBBgwFoAUEGKtCMO6w0UKLbAmd/laZERZZrkwDQYJ
|
||||
KoZIhvcNAQELBQADggIBAIRowmuGiFeZdyDsbYi0iYISNW2HID4uLM3Pp8CEx5swlntJu1Z19R9t
|
||||
fzzY9lvcMgdbdVJYnGrHzUGUCVqbhfDH7GxP9ybg1QUqYxi6AvZU3wrRqjoUoDw7HlecNBXFZI6z
|
||||
0f2J3XSzST3kq5lCuUaEKGHkU8jVgwqVGMcz1foLGzBXQhMgIKl966c5DWoXsLToBCXrNgDokkHe
|
||||
cj9tI1ufsWrSxl5/AT0/DMjHkcBmZk78RiTcGJtSZU8YwqNIQa+U2hpDE34iy2LC6YEqMKggjCm0
|
||||
6nOBbIH0EXnrr0iBX3YJmDM8O4a9eDpI7FSjabPx9YvfQne08pNwYkExOMafibyAwt7Du0cpxNkg
|
||||
NE3xeDZ+TVr+4I10HF1gKpJ+rQsBOIYVTWLKATO4TMQxLNLY9oy2gt12PcsCdkOIThX4bAHXq1eY
|
||||
ulAxoA7Hba2xq/wnh2JH5VZIjz3yZBJXX/GyFeHkqv7wFRVrx4DjZC1s5uTdqDh6y8pfM49w9/Zp
|
||||
BKtz5B+37bC9FmM+ux39MElqx+kbsITzBDtDWa2Q8onWQR0R4WHI43n1mJSvW4cdR6Xf/a1msPXh
|
||||
NHc3XCJYq4WvlMuXWEGVka20LPJXIjiuU3sB088YpjAG1+roSn//CL8N9iDWHCRXy+UKElIbhWLz
|
||||
lHV8gmlwBAuAx9ITcTJr
|
||||
-----END CERTIFICATE-----
|
||||
2
system_ext/private/file.te
Normal file
2
system_ext/private/file.te
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
|
||||
type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type;
|
||||
3
system_ext/private/keys.conf
Normal file
3
system_ext/private/keys.conf
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
[@UWB]
|
||||
ALL : device/google/gs201-sepolicy/system_ext/private/certs/com_qorvo_uwb.x509.pem
|
||||
|
||||
27
system_ext/private/mac_permissions.xml
Normal file
27
system_ext/private/mac_permissions.xml
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<policy>
|
||||
|
||||
<!--
|
||||
|
||||
* A signature is a hex encoded X.509 certificate or a tag defined in
|
||||
keys.conf and is required for each signer tag.
|
||||
* A signer tag may contain a seinfo tag and multiple package stanzas.
|
||||
* A default tag is allowed that can contain policy for all apps not signed with a
|
||||
previously listed cert. It may not contain any inner package stanzas.
|
||||
* Each signer/default/package tag is allowed to contain one seinfo tag. This tag
|
||||
represents additional info that each app can use in setting a SELinux security
|
||||
context on the eventual process.
|
||||
* When a package is installed the following logic is used to determine what seinfo
|
||||
value, if any, is assigned.
|
||||
- All signatures used to sign the app are checked first.
|
||||
- If a signer stanza has inner package stanzas, those stanza will be checked
|
||||
to try and match the package name of the app. If the package name matches
|
||||
then that seinfo tag is used. If no inner package matches then the outer
|
||||
seinfo tag is assigned.
|
||||
- The default tag is consulted last if needed.
|
||||
-->
|
||||
<!-- google apps key -->
|
||||
<signer signature="@UWB" >
|
||||
<seinfo value="uwb" />
|
||||
</signer>
|
||||
</policy>
|
||||
|
|
@ -3,3 +3,8 @@ user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymon
|
|||
|
||||
# HbmSVManager
|
||||
user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all
|
||||
|
||||
# Qorvo UWB system app
|
||||
# TODO(b/222204912): Should this run under uwb user?
|
||||
user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
|
||||
|
||||
|
|
|
|||
12
system_ext/private/uwb_vendor_app.te
Normal file
12
system_ext/private/uwb_vendor_app.te
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
app_domain(uwb_vendor_app)
|
||||
|
||||
not_recovery(`
|
||||
|
||||
allow uwb_vendor_app app_api_service:service_manager find;
|
||||
allow uwb_vendor_app nfc_service:service_manager find;
|
||||
allow uwb_vendor_app radio_service:service_manager find;
|
||||
|
||||
allow uwb_vendor_app uwb_vendor_data_file:file create_file_perms;
|
||||
allow uwb_vendor_app uwb_vendor_data_file:dir create_dir_perms;
|
||||
|
||||
')
|
||||
2
system_ext/public/uwb_vendor_app.te
Normal file
2
system_ext/public/uwb_vendor_app.te
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
type uwb_vendor_app, domain;
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue