Changing selinux policy for privapps for new certs.

Bug: 220807590
Test: build and boot
Change-Id: Ib24fed5e4980b0c8bb4df658a961346c5b4730ad

private/keys.conf

@@ -14,6 +14,9 @@ ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/platform.x509.pem
 [@SDK_SANDBOX]
 ALL : $MAINLINE_SEPOLICY_DEV_CERTIFICATES/sdk_sandbox.x509.pem
 
+[@BLUETOOTH]
+ALL : $MAINLINE_SEPOLICY_DEV_CERTIFICATES/bluetooth.x509.pem
+
 [@MEDIA]
 ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/media.x509.pem
 

private/mac_permissions.xml

@@ -56,6 +56,11 @@
       <seinfo value="sdk_sandbox" />
     </signer>
 
+    <!-- Bluetooth key in AOSP -->
+    <signer signature="@BLUETOOTH" >
+      <seinfo value="bluetooth" />
+    </signer>
+
     <!-- Media key in AOSP -->
     <signer signature="@MEDIA" >
       <seinfo value="media" />

private/seapp_contexts

@@ -144,7 +144,7 @@ neverallow name=com.android.sdksandbox domain=((?!sdk_sandbox).)*
 user=_app seinfo=platform name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all
 user=_app isPrivApp=true name=com.android.remoteprovisioner domain=remote_prov_app type=app_data_file levelFrom=all
 user=system seinfo=platform domain=system_app type=system_app_data_file
-user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
+user=bluetooth seinfo=bluetooth domain=bluetooth type=bluetooth_data_file
 user=network_stack seinfo=network_stack domain=network_stack type=radio_data_file
 user=nfc seinfo=platform domain=nfc type=nfc_data_file
 user=secure_element seinfo=platform domain=secure_element levelFrom=all