tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sepolicy(nfc): Changing selinux policy for signed NFC APK

Browse source 
NFC stack is becoming an unbundled apex which embeds the existing NFC
APK. Unbundling requires the apex & apk to be signed by non-platform
certificates, hence adding new seapp_contexts rule for the NFC stack.

The old rule is also left behing to support `-next` config builds where
we are still using the platform signed NFC APK.

Ignore-AOSP-First: All of the NFC mainline work is only present in
internal master. Will cherry-pick this CL once we cherry-pick all its
dependencies.

Bug: 320583956
Test: Bootup test with signed NFC APK (within NFC apex)
Merged-In: I1d4d6370cce558c8dcc0ec73a7ce47c2b5495a33

Change-Id: I1d4d6370cce558c8dcc0ec73a7ce47c2b5495a33
This commit is contained in:
Roshan Pius 2023-11-03 17:39:43 -07:00
parent b09d3d4210
commit 23a929df62
3 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
private/keys.conf
View file

@ -23,6 +23,9 @@ ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/media.x509.pem
[@NETWORK_STACK]
ALL : $MAINLINE_SEPOLICY_DEV_CERTIFICATES/networkstack.x509.pem
[@NFC]
ALL : $MAINLINE_SEPOLICY_DEV_CERTIFICATES/nfc.x509.pem
[@SHARED]
ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/shared.x509.pem

5
private/mac_permissions.xml
View file

@ -69,4 +69,9 @@
<signer signature="@NETWORK_STACK" >
<seinfo value="network_stack" />
</signer>
<!-- NFC key in AOSP -->
<signer signature="@NFC" >
<seinfo value="nfc" />
</signer>
</policy>

2
private/seapp_contexts
View file

@ -184,7 +184,9 @@ user=system seinfo=platform domain=system_app type=system_app_data_file
user=system seinfo=platform isPrivApp=true name=com.android.DeviceAsWebcam domain=device_as_webcam type=system_app_data_file levelFrom=all
user=bluetooth seinfo=bluetooth domain=bluetooth type=bluetooth_data_file
user=network_stack seinfo=network_stack domain=network_stack type=radio_data_file
# NFC stack signed with platform cert needed for maintaining backwards comptibility for -next release config.
user=nfc seinfo=platform domain=nfc type=nfc_data_file
user=nfc seinfo=nfc domain=nfc type=nfc_data_file
user=secure_element seinfo=platform domain=secure_element levelFrom=all
user=radio seinfo=platform domain=radio type=radio_data_file
user=shared_relro domain=shared_relro levelFrom=all