From a7e7e139ed9cfbcb7922079a0f816cc8a605889a Mon Sep 17 00:00:00 2001 From: Ranjith Kagathi Ananda Date: Thu, 3 Aug 2017 10:29:06 -0700 Subject: [PATCH] sepolicy: Rename com.google.arcore to com.google.ar.core Rename com.google.arcore to com.google.ar.core and add arcore app keys BUG=64121848 Test: Basic sanity Change-Id: I7e0d6b3072da1b20177e43071598742d24b3bb5b --- sepolicy/vendor/certs/arcore.x509.pem | 23 ++++++++++++++++++ sepolicy/vendor/certs/arcore_release.x509.pem | 24 +++++++++++++++++++ sepolicy/vendor/certs/arcore_userdev.x509.pem | 23 ++++++++++++++++++ sepolicy/vendor/keys.conf | 8 +++++++ sepolicy/vendor/mac_permissions.xml | 6 +++++ sepolicy/vendor/seapp_contexts | 5 ++-- 6 files changed, 86 insertions(+), 3 deletions(-) create mode 100644 sepolicy/vendor/certs/arcore.x509.pem create mode 100644 sepolicy/vendor/certs/arcore_release.x509.pem create mode 100644 sepolicy/vendor/certs/arcore_userdev.x509.pem diff --git a/sepolicy/vendor/certs/arcore.x509.pem b/sepolicy/vendor/certs/arcore.x509.pem new file mode 100644 index 00000000..df83d5e9 --- /dev/null +++ b/sepolicy/vendor/certs/arcore.x509.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDvzCCAqegAwIBAgIJAMl7uSdzNfUbMA0GCSqGSIb3DQEBCwUAMHYxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW +aWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDESMBAG +A1UEAwwJdnJfYXJjb3JlMB4XDTE3MDgwNDE2NTQ1OFoXDTQ0MTIyMDE2NTQ1OFow +djELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxFDASBgNVBAoMC0dvb2dsZSBJbmMuMRAwDgYDVQQLDAdBbmRy +b2lkMRIwEAYDVQQDDAl2cl9hcmNvcmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC95hqS8Gj3DVcufC0jbwtlB7wyY2eBf1s3Ftj3ZpUCbD+ra1MZIMU8 +Y/sV3xzuyGbbx3r0W/ZqK1c8xO0xDR/03QJ2XKpaEHzRHZnWSyLSYsmq5Qe4XEuE +s7Q6v7OorTxbfBTLpWm83Gq2z0a2DDN6y9FMeIY7UxSw0ty1hZDDGRKbqsEyfhYq +/CDOSsBTdmYzMrNY57ANxm2Ap7F7xZAMrF8Fs6VRi/jHhaL8fgHC3sT5Ql3vhy+Z +vOihZi7Al8mcV0jyzIzV5TtafSBFu5fMxb5dbMKG4EfgsIh7aobFmRhF1gi1jsJT +NL1bwsPzl+TGZDRR5vSONY5aMUiBrbx1AgMBAAGjUDBOMB0GA1UdDgQWBBST4+Xw +yTxGQMN8QvNf7f2Ew/5euTAfBgNVHSMEGDAWgBST4+XwyTxGQMN8QvNf7f2Ew/5e +uTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBBcjzoaU9GDOYpDQI2 +mD1/C5kdD9Y8UXP+jKUGPvBgFXBzdaNxyclClI30EiabwMOYQW06Ckn+QvRmESAt +WJqt9PxsRRNKWmJ+A/irGAjJyQsiVVzfryeUg44Q+yRErL8wAV/kfHjVF44ZiUoq +FCpErxjSNNLjtBGbaZid+gsBARnrUWrol6Zcuj1DWKUoCZHW6gTu86/GfgTJKHwV +ABe+D89U4pI8RoykmWOTIcpWZZhrDFjJrIXnOqG/T9O3DK+sDigBPv1UhKJI6ucd +dCDLQK3lmP+vvj/sXnxUU7zqrUSj6dyKJwCz4i8rXx9XijsX13J+JMtk23iJFeOo +XjFY +-----END CERTIFICATE----- diff --git a/sepolicy/vendor/certs/arcore_release.x509.pem b/sepolicy/vendor/certs/arcore_release.x509.pem new file mode 100644 index 00000000..de39c3d7 --- /dev/null +++ b/sepolicy/vendor/certs/arcore_release.x509.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIDxzCCAq+gAwIBAgIVANwoa0O06hIDmVigCmZV64RyDkbJMA0GCSqGSIb3DQEB +CwUAMHQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH +Ew1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMH +QW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDAeFw0xNzA4MDQxNjUzMzdaFw00NzA4 +MDQxNjUzMzdaMHQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYw +FAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4G +A1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAImYZG9H/DM9sJZEwwMQTtGD6QTjURUqpmpgO3f2M4nU +XW/P+uPJT63x8oA44mXWl/6jRzJ/kIGn8LkHTVsUjbW/NXxhGnf4f4RKFQaIGL3N +WyHRh+k/olUWdhcO7c4EoVDDXsCnke71B/qbQGVzw29vIHdkhC5Wd+NaKBpCJlnp +HibrT+z7BTtck20JdsN/h1ettXo3lT2lhE6jUGlYVNNDphrTQbY6HEJdIoVa9+v+ +4Bjhc2zumFNr5bmUfyiOKib5nrn5G13pP+zFEwGdLpDxKzhhDR8C6qgd7KTOkcGc +vONtbDAlziQys9F4YWvq+vQ3wIRRvEaca8b0UXpxSlsCAwEAAaNQME4wDAYDVR0T +BAUwAwEB/zAdBgNVHQ4EFgQUGahkwPJhjGfIA6I9qQm8cFIfJpswHwYDVR0jBBgw +FoAUGahkwPJhjGfIA6I9qQm8cFIfJpswDQYJKoZIhvcNAQELBQADggEBAFQD/Fb9 +78RAN2oDN4FQArlqFb/8L+Qt5sWPUvrk2AZS43BEVbiFQJ7vgf+7TETboQS2uOJM +ni4OegQzjuc7qltxv7RIj44EvvPQ6vfUOqQrA7J4wzzB8N04AlcWJLqhYdhR+rN9 +tLySuQlLaIXf9itADs2B8GnVahvh20bYGYxQyWKM2244aG72QP04Z3X1A3b5V+JO +pF7RlClo8gyC8Ylgf9si8Rz9/Qdgp3pgzrNBbPs/SPE/n4Pzg0oBABdQp8eLwf2B +8LU6fEHcup9aARglnQg8Mrueu4TWRdb2ucMZI9ircOfwollA7Mn0lFFEQZ+G6MQh +07mXdPS489CSYuc= +-----END CERTIFICATE----- + diff --git a/sepolicy/vendor/certs/arcore_userdev.x509.pem b/sepolicy/vendor/certs/arcore_userdev.x509.pem new file mode 100644 index 00000000..8128ed29 --- /dev/null +++ b/sepolicy/vendor/certs/arcore_userdev.x509.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDmTCCAoGgAwIBAgIEXT5J7jANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJV +UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU +MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxGTAXBgNVBAMM +EGFyY29yZV91c2VyYnVpbGQwHhcNMTcwODA4MjIyMzUzWhcNNDQxMjI0MjIyMzUz +WjB9MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN +TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0Fu +ZHJvaWQxGTAXBgNVBAMMEGFyY29yZV91c2VyYnVpbGQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDI+9aEC0Zg3Bjid1Pa/PWmC1tmyKx57QJIN/8kPq9b +p3qH1fOVkCsNQq7lzmd4jT4m3weZPtwNCYWFQDnTzeywm6/1+kFg52ilPkKQiLc/ +Ew3YcJ5aSfACECP7GMwr3WpL/jsuVR11X2I98tvUJ0aOjwS1u25Z8AMscpZNOvE6 +MRcfmE/mcFKMqwFo5hGiAwirQznAykOcHZIwANAGiQMQkiidSvTMq/fDF6iP9giH +xGvJqaLs55aNSTweMGLWGPjiNERxhA9bBo3vwMyMR6zM6PSPnYHhy/Xm7NwGVLBU +gkHomhpQpGioaAnQes6mTvdR8SA+MpYQDNEoXbHx2eOpAgMBAAGjITAfMB0GA1Ud +DgQWBBSdLVDMs0DfeLCiHxL07bCyNub7wzANBgkqhkiG9w0BAQUFAAOCAQEAggrm +iZBZ8hpbN4IUaSy6HEiLuiQZoLXE8cegAGJGXg4Y95dtk+8tUQu3fSXY+RNbc0JZ +FaYJN2deD3zRFC7nLjIMiHdo6+JE7W9s4omrLvm7rEs7tXszP2/JR3dvS+5III62 +9CrPf4DdAHYffeZJWXsGUmP+wBKb4TsVSO+8pcqM69178A9IvQ3EnLYRCZ0YDnwz +IBDSBANEkAqTxDUMSi909ziusiAmHINcKelxAB8DhE6PuU0tcAfpqFOeZdh0T7hF +fEwhLK6lklnP6DyEPgJiBYHsIP4jycc26Pa5OKDSv7kho/MvWLhCzDeTyOIg7LVu +MgY5FIrpuaqIowB/4A== +-----END CERTIFICATE----- + diff --git a/sepolicy/vendor/keys.conf b/sepolicy/vendor/keys.conf index 9f189070..2b72a8b4 100644 --- a/sepolicy/vendor/keys.conf +++ b/sepolicy/vendor/keys.conf @@ -11,3 +11,11 @@ ALL : device/google/wahoo/sepolicy/vendor/certs/app.x509.pem [@EASEL] ALL : device/google/wahoo/sepolicy/vendor/certs/easel.x509.pem + +[@ARCORE] +ALL : device/google/wahoo/sepolicy/vendor/certs/arcore_release.x509.pem + +[@ARCORE_DEV] +ENG : device/google/wahoo/sepolicy/vendor/certs/arcore.x509.pem +USERDEBUG : device/google/wahoo/sepolicy/vendor/certs/arcore.x509.pem +USER : device/google/wahoo/sepolicy/vendor/certs/arcore_userdev.x509.pem diff --git a/sepolicy/vendor/mac_permissions.xml b/sepolicy/vendor/mac_permissions.xml index 401dc836..95feba7b 100644 --- a/sepolicy/vendor/mac_permissions.xml +++ b/sepolicy/vendor/mac_permissions.xml @@ -33,4 +33,10 @@ + + + + + + diff --git a/sepolicy/vendor/seapp_contexts b/sepolicy/vendor/seapp_contexts index cad27de0..d13ddad6 100644 --- a/sepolicy/vendor/seapp_contexts +++ b/sepolicy/vendor/seapp_contexts @@ -11,9 +11,8 @@ user=system seinfo=platform name=com.qualcomm.telephony domain=qtelephony type=s user=system seinfo=platform name=.dataservices domain=dataservice_app type=system_app_data_file # The default domain for tango_core / arcore process -user=_app seinfo=tango name=com.google.tango domain=tango_core type=app_data_file levelFrom=user -user=_app seinfo=tango name=com.google.tango.* domain=tango_core type=app_data_file levelFrom=user -user=_app seinfo=tango name=com.google.arcore* domain=tango_core type=app_data_file levelFrom=user +user=_app seinfo=tango name=com.google.tango* domain=tango_core type=app_data_file levelFrom=user +user=_app seinfo=arcore name=com.google.ar.core* domain=tango_core type=app_data_file levelFrom=user # A fallback in case tango_core is missing something critical that untrusted_app provides user=_app seinfo=tango name=com.google.tango:app domain=untrusted_app type=app_data_file levelFrom=user