Move legacy app config to tracking_denials

Bug: 312143882
Test: make selinux_policy
Change-Id: Id9203ada3b6364f517a0251eed139ad793fbb94f

legacy/whitechapel_pro/keys.conf

@@ -1,5 +0,0 @@
-[@UWB]
-ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem
-
-[@EUICCSUPPORTPIXEL]
-ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem

legacy/whitechapel_pro/mac_permissions.xml

@@ -1,30 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<policy>
-
-<!--
-
-    * A signature is a hex encoded X.509 certificate or a tag defined in
-      keys.conf and is required for each signer tag.
-    * A signer tag may contain a seinfo tag and multiple package stanzas.
-    * A default tag is allowed that can contain policy for all apps not signed with a
-      previously listed cert. It may not contain any inner package stanzas.
-    * Each signer/default/package tag is allowed to contain one seinfo tag. This tag
-      represents additional info that each app can use in setting a SELinux security
-      context on the eventual process.
-    * When a package is installed the following logic is used to determine what seinfo
-      value, if any, is assigned.
-      - All signatures used to sign the app are checked first.
-      - If a signer stanza has inner package stanzas, those stanza will be checked
-        to try and match the package name of the app. If the package name matches
-        then that seinfo tag is used. If no inner package matches then the outer
-        seinfo tag is assigned.
-      - The default tag is consulted last if needed.
--->
-    <!-- google apps key -->
-    <signer signature="@UWB" >
-        <seinfo value="uwb" />
-    </signer>
-    <signer signature="@EUICCSUPPORTPIXEL" >
-        <seinfo value="EuiccSupportPixel" />
-    </signer>
-</policy>

legacy/zuma/vendor/keys.conf

@@ -1,11 +0,0 @@
-[@GOOGLE]
-ALL : device/google/zumapro-sepolicy/legacy/zuma/vendor/certs/app.x509.pem
-
-[@CAMERAENG]
-ALL : device/google/zumapro-sepolicy/legacy/zuma/vendor/certs/camera_eng.x509.pem
-
-[@CAMERAFISHFOOD]
-ALL : device/google/zumapro-sepolicy/legacy/zuma/vendor/certs/camera_fishfood.x509.pem
-
-[@CAMERASERVICES]
-ALL : device/google/zumapro-sepolicy/legacy/zuma/vendor/certs/com_google_android_apps_camera_services.x509.pem

tracking_denials/keys.conf

@@ -0,0 +1,17 @@
+[@GOOGLE]
+ALL : device/google/zumapro-sepolicy/tracking_denials/certs/app.x509.pem
+
+[@CAMERAENG]
+ALL : device/google/zumapro-sepolicy/tracking_denials/certs/camera_eng.x509.pem
+
+[@CAMERAFISHFOOD]
+ALL : device/google/zumapro-sepolicy/tracking_denials/certs/camera_fishfood.x509.pem
+
+[@CAMERASERVICES]
+ALL : device/google/zumapro-sepolicy/tracking_denials/certs/com_google_android_apps_camera_services.x509.pem
+
+[@UWB]
+ALL : device/google/zumapro-sepolicy/tracking_denials/certs/com_qorvo_uwb.x509.pem
+
+[@EUICCSUPPORTPIXEL]
+ALL : device/google/zumapro-sepolicy/tracking_denials/certs/EuiccSupportPixel.x509.pem

tracking_denials/mac_permissions.xml

@@ -33,4 +33,10 @@
     <signer signature="@CAMERASERVICES" >
       <seinfo value="CameraServices" />
     </signer>
+    <signer signature="@UWB" >
+        <seinfo value="uwb" />
+    </signer>
+    <signer signature="@EUICCSUPPORTPIXEL" >
+        <seinfo value="EuiccSupportPixel" />
+    </signer>
 </policy>

tracking_denials/seapp_contexts

@@ -8,7 +8,6 @@ user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_d
 user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
 
 # Qorvo UWB system app
-# TODO(b/222204912): Should this run under uwb user?
 user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
 
 # CccDkTimeSyncService