restart deomains

Bug: 254378739
Test: boot to home
Change-Id: I0ba59f5781d50ac4e9d8f501792a74187eda864e

legacy/whitechapel_pro/con_monitor.te

@@ -1,10 +0,0 @@
-# ConnectivityMonitor app
-type con_monitor_app, domain, coredomain;
-
-app_domain(con_monitor_app)
-
-set_prop(con_monitor_app, radio_prop)
-allow con_monitor_app app_api_service:service_manager find;
-allow con_monitor_app radio_service:service_manager find;
-allow con_monitor_app radio_vendor_data_file:dir rw_dir_perms;
-allow con_monitor_app radio_vendor_data_file:file create_file_perms;

legacy/whitechapel_pro/file_contexts

@@ -13,7 +13,6 @@
 /vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel             u:object_r:hal_graphics_composer_default_exec:s0
 /vendor/bin/hw/samsung\.hardware\.media\.c2@1\.2-service                    u:object_r:mediacodec_samsung_exec:s0
 /vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service                     u:object_r:mediacodec_google_exec:s0
-/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto           u:object_r:hal_secure_element_st54spi_exec:s0
 /vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service          u:object_r:hal_secure_element_uicc_exec:s0
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix  u:object_r:hal_fingerprint_default_exec:s0
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix   u:object_r:hal_fingerprint_default_exec:s0

legacy/whitechapel_pro/hal_secure_element_st54spi.te

@@ -1,8 +0,0 @@
-type hal_secure_element_st54spi, domain;
-hal_server_domain(hal_secure_element_st54spi, hal_secure_element)
-type hal_secure_element_st54spi_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_secure_element_st54spi)
-allow hal_secure_element_st54spi st54spi_device:chr_file rw_file_perms;
-allow hal_secure_element_st54spi nfc_device:chr_file rw_file_perms;
-set_prop(hal_secure_element_st54spi, vendor_secure_element_prop)
-

legacy/whitechapel_pro/ofl_app.te

@@ -1,20 +0,0 @@
-# OFLBasicAgent app
-
-type ofl_app, domain;
-
-userdebug_or_eng(`
-  app_domain(ofl_app)
-  net_domain(ofl_app)
-
-  allow ofl_app app_api_service:service_manager find;
-  allow ofl_app nfc_service:service_manager find;
-  allow ofl_app radio_service:service_manager find;
-  allow ofl_app surfaceflinger_service:service_manager find;
-
-  # Access to directly update firmware on st54spi_device
-  typeattribute st54spi_device mlstrustedobject;
-  allow ofl_app st54spi_device:chr_file rw_file_perms;
-  # Access to directly update firmware on st33spi_device
-  typeattribute st33spi_device mlstrustedobject;
-  allow ofl_app st33spi_device:chr_file rw_file_perms;
-')

legacy/whitechapel_pro/seapp_contexts

@@ -1,15 +1,9 @@
 # coredump/ramdump
 user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
 
-# Domain for OFLBasicAgentApp to support NFC/eSIM fw upgrade
-user=_app isPrivApp=true  seinfo=platform name=com.thales.device.ofl.app.basicagent domain=ofl_app type=app_data_file levelFrom=user
-
 # HbmSVManager
 user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all
 
-# Domain for connectivity monitor
-user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
-
 # Qorvo UWB system app
 # TODO(b/222204912): Should this run under uwb user?
 user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all

tracking_denials/permissive.te

@@ -18,4 +18,7 @@ userdebug_or_eng(`
   permissive hal_contexthub_default;
   permissive hal_sensors_default;
   permissive recovery;
+  permissive con_monitor_app;
+  permissive hal_secure_element_st54spi;
+  permissive ofl_app;
 ')

vendor/con_monitor_app.te

@@ -0,0 +1,3 @@
+# ConnectivityMonitor app
+type con_monitor_app, domain;
+

vendor/file_contexts

@@ -4,6 +4,7 @@
 /vendor/bin/hw/android\.hardware\.boot@1\.2-service-zuma                    u:object_r:hal_bootctl_default_exec:s0
 /vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging          u:object_r:gxp_logging_exec:s0
 /vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel               u:object_r:hal_power_stats_default_exec:s0
+/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto           u:object_r:hal_secure_element_st54spi_exec:s0
 
 # Vendor Firmwares
 /vendor/firmware(/.*)?                                                      u:object_r:vendor_fw_file:s0

vendor/hal_secure_element_st54spi.te

@@ -0,0 +1,4 @@
+type hal_secure_element_st54spi, domain;
+type hal_secure_element_st54spi_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_secure_element_st54spi)
+

vendor/ofl_app.te

@@ -0,0 +1,3 @@
+# OFLBasicAgent app
+type ofl_app, domain;
+

vendor/seapp_contexts

@@ -1,5 +1,11 @@
 # Domain for EuiccSupportPixel
 user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
 
+# Domain for OFLBasicAgentApp to support NFC/eSIM fw upgrade
+user=_app isPrivApp=true  seinfo=platform name=com.thales.device.ofl.app.basicagent domain=ofl_app type=app_data_file levelFrom=user
+
+# Domain for connectivity monitor
+user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
+
 # CccDkTimeSyncService
 user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all