NFC stack is becoming an unbundled apex which embeds the existing NFC
APK. Unbundling requires the apex & apk to be signed by non-platform
certificates, hence adding new seapp_contexts rule for the NFC stack.
The old rule is also left behing to support `-next` config builds where
we are still using the platform signed NFC APK.
Ignore-AOSP-First: All of the NFC mainline work is only present in
internal master. Will cherry-pick this CL once we cherry-pick all its
dependencies.
Bug: 320583956
Test: Bootup test with signed NFC APK (within NFC apex)
Merged-In: I1d4d6370cce558c8dcc0ec73a7ce47c2b5495a33
Change-Id: I1d4d6370cce558c8dcc0ec73a7ce47c2b5495a33
Using DEFAULT_SYSTEM_DEV_CERTIFICATE didn't work (supplemental process
was running under platform_app) domain. Changing to
MAINLINE_SEPOLICY_DEV_CERTIFICATES (this also aligns with network stack
configuration) seems to fix this.
Ignore-AOSP-First: Feature is developed in internal branch
Bug: 204989872
Test: Run manual e2e test for supplemental process
Test: adb shell ps -Z | grep sup
Test: verify that process is running under supplemental_process domain
Change-Id: Ibf478466e5d6ab0ee08fca4da3b4bae974a82db0
Allows apps to be signed with the supplemental key
Bug: 203670791
Test: Make, device boots
Ignore-AOSP-First: Feature is developed in internal branch
Change-Id: I2215ffe74e0fa19ff936e90c08c4ebfd177e5258
Relax the requirement to have both seinfo and name specified for
privapps. The original reason for requiring both was because, normally,
a package can only be uniquely specified by both name and signature,
otherwise package squatting could occur. However, privapps are
pre-installed, so the concerns about the potential for package squatting
are eliminated. This change will drastically simplify sepolicy
configuration for priv-apps.
Bug: 142672293
Test: Flashed a device with this build and verified
com.google.android.permissioncontroller still runs in the
permissioncontroller_app domain.
Change-Id: I5bb2bf84b9db616c4492bd1402550821c70fdd07
This creates an SELinux domain for permissioncontroller and moves it out of the
priv_app SELinux domain.
Bug: 142672293
Test: Flashed a device with this build and verified
com.google.android.permissioncontroller runs in the
permissioncontroller_app domain.
Change-Id: Ieb2e4cb806d18aaeb2e5c458e138975d1d5b64fe
DEFAULT_SYSTEM_DEV_CERTIFICATE is not appropriate as some OEMs may need
to change only the certificates used to generate
plat_mac_permissions.xml for mainline modules.
Test: m, checked output plat_mac_permissions.xml
Bug: 138097611
Bug: 134995443
Change-Id: Ie19130a243db043f432039c54c379f06e60ab6c6
Update the seinfo to the new network_stack seinfo, as the network stack
is now using its own certificate.
Remove the hard-coded package name, which may differ depending on
devices, and specify (uid, signature, priv-app) instead.
Bug: 124033493
Test: m
Change-Id: If3bbc21cf83f5d17406e9615833ee43011c9c9bc
Divide policy into public and private components. This is the first
step in splitting the policy creation for platform and non-platform
policies. The policy in the public directory will be exported for use
in non-platform policy creation. Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.
Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal. For now, almost all types and
avrules are left in public.
Test: Tested by building policy and running on device.
Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
