diff options
| author | Inseob Kim <inseob@google.com> | 2023-07-21 14:39:48 +0900 |
|---|---|---|
| committer | Inseob Kim <inseob@google.com> | 2023-07-21 14:41:05 +0900 |
| commit | 821f3f5be787a278a629ce51b790b8af84f407b9 (patch) | |
| tree | 9f44618ef7a8a555eef29bc05ebad87224373edd | |
| parent | ab45b47a3ae38651401c8962608dbc330c10bddb (diff) | |
| download | redbull-sepolicy-821f3f5be787a278a629ce51b790b8af84f407b9.tar.gz | |
Move coredomain seapp contexts to system_ext
Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble
violation.
Bug: 280547417
Test: TH
Change-Id: Iecce441a8fbd98b0e7f2bd3febb7aaa9d16a9e37
| -rw-r--r-- | system_ext/private/seapp_contexts | 24 | ||||
| -rw-r--r-- | vendor/google/seapp_contexts | 18 | ||||
| -rw-r--r-- | vendor/qcom/common/seapp_contexts | 3 | ||||
| -rw-r--r-- | vendor/verizon/seapp_contexts | 3 |
4 files changed, 24 insertions, 24 deletions
diff --git a/system_ext/private/seapp_contexts b/system_ext/private/seapp_contexts new file mode 100644 index 0000000..934937f --- /dev/null +++ b/system_ext/private/seapp_contexts @@ -0,0 +1,24 @@ +# Use a custom domain for GoogleCamera, to allow for Hexagon DSP access +user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all + +# Also allow GoogleCameraNext, the dogfood beta version, the same access as GoogleCamera +user=_app seinfo=googlepulse name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all + +# Domain for DeviceDropMonitor service +user=_app seinfo=platform name=com.google.android.devicedropmonitor domain=device_drop_monitor type=app_data_file levelFrom=all + +# Domain for Display +user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all + +# Domain for IpHealthMonitor service +user=_app seinfo=platform name=com.google.android.iphealthmonitor domain=ip_health_monitor type=app_data_file levelFrom=all + +# Domain for UvExposureReporter service +user=_app isPrivApp=true name=com.google.android.uvexposurereporter domain=uv_exposure_reporter type=app_data_file levelFrom=all + +# Domain for connectivity monitor +user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all + +# Verizon for OBDM tool +user=_app seinfo=verizon name=com.verizon.obdm domain=obdm_app type=app_data_file levelFrom=all +user=_app seinfo=verizon name=com.verizon.obdm:background domain=obdm_app type=app_data_file levelFrom=all diff --git a/vendor/google/seapp_contexts b/vendor/google/seapp_contexts index feda6f8..680d4e6 100644 --- a/vendor/google/seapp_contexts +++ b/vendor/google/seapp_contexts @@ -11,24 +11,6 @@ user=_app seinfo=mds name=com.google.mds domain=modem_diagnostic_app type=app_da # Domain for GoogleCBRS app user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user -# Use a custom domain for GoogleCamera, to allow for Hexagon DSP access -user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all - -# Also allow GoogleCameraNext, the dogfood beta version, the same access as GoogleCamera -user=_app seinfo=googlepulse name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all - -# Domain for Display -user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all - -# Domain for UvExposureReporter service -user=_app isPrivApp=true name=com.google.android.uvexposurereporter domain=uv_exposure_reporter type=app_data_file levelFrom=all - -# Domain for DeviceDropMonitor service -user=_app seinfo=platform name=com.google.android.devicedropmonitor domain=device_drop_monitor type=app_data_file levelFrom=all - -# Domain for IpHealthMonitor service -user=_app seinfo=platform name=com.google.android.iphealthmonitor domain=ip_health_monitor type=app_data_file levelFrom=all - # Domain for EuiccSupportPixel user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts index b899748..7360124 100644 --- a/vendor/qcom/common/seapp_contexts +++ b/vendor/qcom/common/seapp_contexts @@ -9,9 +9,6 @@ user=radio isPrivApp=true seinfo=platform name=com.google.RilConfigService domai user=_app seinfo=platform name=.qtidataservices domain=qtidataservices_app type=app_data_file levelFrom=all -# Domain for connectivity monitor -user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all - #Domain for omadm user=_app isPrivApp=true seinfo=platform name=com.android.omadm.service domain=omadm_app type=app_data_file levelFrom=all diff --git a/vendor/verizon/seapp_contexts b/vendor/verizon/seapp_contexts deleted file mode 100644 index 951fef3..0000000 --- a/vendor/verizon/seapp_contexts +++ /dev/null @@ -1,3 +0,0 @@ -# Verizon for OBDM tool -user=_app seinfo=verizon name=com.verizon.obdm domain=obdm_app type=app_data_file levelFrom=all -user=_app seinfo=verizon name=com.verizon.obdm:background domain=obdm_app type=app_data_file levelFrom=all |