Merge "[Zuma] Fix SeLinux error" into udc-d1-dev am: e22788ae78 am: 53cfab53be am: 077bfe327c

Original change: https://googleplex-android-review.googlesource.com/c/device/google/zuma-sepolicy/+/22984822

Change-Id: I1cdf145a6810a3754b7cbd3e2b44471366db1ebd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

private/property.te

@@ -0,0 +1,8 @@
+product_restricted_prop(masterclear_esim_prop)
+product_restricted_prop(euicc_seamless_transfer_prop)
+
+neverallow { domain -init } masterclear_esim_prop:property_service set;
+neverallow { domain -init } euicc_seamless_transfer_prop:property_service set;
+
+get_prop(appdomain, masterclear_esim_prop)
+get_prop(appdomain, euicc_seamless_transfer_prop)

private/property_contexts

@@ -0,0 +1,3 @@
+#eSIM
+masterclear.allow_retain_esim_profiles_after_fdr     u:object_r:masterclear_esim_prop:s0     exact     bool
+euicc.seamless_transfer_enabled_in_non_qs     u:object_r:euicc_seamless_transfer_prop:s0     exact     bool

vendor/certs/EuiccGoogle.x509.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIJAOZ2d46ckK9JMA0GCSqGSIb3DQEBCwUAMHgxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW
+aWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEUMBIG
+A1UEAwwLRXVpY2NHb29nbGUwHhcNMTYxMjE3MDEyMTEzWhcNNDQwNTA0MDEyMTEz
+WjB4MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
+TW91bnRhaW4gVmlldzEUMBIGA1UECgwLR29vZ2xlIEluYy4xEDAOBgNVBAsMB0Fu
+ZHJvaWQxFDASBgNVBAMMC0V1aWNjR29vZ2xlMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA1S7b8bGk4fNm3cckWJx2sbnvC39BroHNwk6am6jVP4MZAYuc
+PN6QQ7/2s7hvtn91w6VbeGi2fryIMc7jXjlixheotD2Ns+/7qsPpQ+ZovfaQO5Xw
+/c4J+1CfiqrLtd4TyO+4uFGTCO/vs4qhMH58QrhnYPZUqeuq0Zs1Irp0FlVFe1qm
+1heU2zJy5locjb9UJXY33sVc9vfWy+sM8TLX40nWxIXGdbzJHJNyjjr/NA+0+drx
+anJCtac6+evehH6o8+t8RQBU44PEZiyGkM8poNgRTAcFdRFXU8pitZXp3QZQk6HO
+JsVuqqADwsfxGSdVyHFmOW7gxpkB9+IuJJEmkQIDAQABo1AwTjAdBgNVHQ4EFgQU
+lVkGDn/XmF7HjP0K3ykCNnnZ8jMwHwYDVR0jBBgwFoAUlVkGDn/XmF7HjP0K3ykC
+NnnZ8jMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkDOpQMXcuKwt
+CPu5/tdskpfoBMrpYJOwfvpj/JwrudnXUHZXnBnH9PtHprghGtNiWPXHTbZSzKUS
+Aojpo1Lev7DtowFILA54oY6d1NqbCIJy+Knwt3W5H7Rg8u8LqvzkpX5CBKAhRwkQ
+0t3yrlEkI7kx805vg484gAe+AXyBx0dGe6ov4/yrzv9E+1jhIgP7tF/f+x8zX6Tr
+mDCjzz4mgKahMbmsHQg430wlbZczrciMMfPiRc3xEHKLUqGL0ARtE01hJiJ4TY/X
+iL/8QUA3nBcpUyEwHFwUao40Gjca9xteKd7MtmiZ6BM2JJSQ4nSNkcwQW8PU/7Qb
+0QMwPRPLbQ==
+-----END CERTIFICATE-----

vendor/euicc_app.te

@@ -0,0 +1,13 @@
+type euicc_app, domain;
+app_domain(euicc_app)
+net_domain(euicc_app)
+
+allow euicc_app app_api_service:service_manager find;
+allow euicc_app radio_service:service_manager find;
+allow euicc_app cameraserver_service:service_manager find;
+
+get_prop(euicc_app, camera_config_prop)
+get_prop(euicc_app, setupwizard_esim_prop)
+get_prop(euicc_app, bootloader_prop)
+get_prop(euicc_app, exported_default_prop)
+get_prop(euicc_app, vendor_modem_prop)

vendor/keys.conf

@@ -6,3 +6,6 @@ ALL : device/google/zuma-sepolicy/vendor/certs/camera_eng.x509.pem
 
 [@CAMERAFISHFOOD]
 ALL : device/google/zuma-sepolicy/vendor/certs/camera_fishfood.x509.pem
+
+[@EUICCGOOGLE]
+ALL : device/google/zuma-sepolicy/vendor/certs/EuiccGoogle.x509.pem

vendor/mac_permissions.xml

@@ -30,4 +30,7 @@
     <signer signature="@CAMERAFISHFOOD" >
       <seinfo value="CameraFishFood" />
     </signer>
+    <signer signature="@EUICCGOOGLE" >
+      <seinfo value="EuiccGoogle" />
+    </signer>
 </policy>

vendor/seapp_contexts

@@ -33,3 +33,5 @@ user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor
 user=_app seinfo=platform name=com.android.systemui domain=systemui_app type=app_data_file levelFrom=all
 user=_app seinfo=platform name=com.android.systemui:* domain=systemui_app type=app_data_file levelFrom=all
 
+# Domain for EuiccGoogle
+user=_app isPrivApp=true seinfo=EuiccGoogle name=com.google.android.euicc domain=euicc_app type=app_data_file levelFrom=all