Snap for 10196304 from 6f8bcc95aa827e31e8bd3e53a5abba6ff82010e0 to udc-release

Change-Id: I1e371d8b793c83fb30be0703fc593a194fed1707

12 files changed, 17 insertions, 45 deletions

diff --git a/private/property.te b/private/property.te
deleted file mode 100644
index a6bee3b3..00000000
--- a/private/property.te
+++ /dev/null
@@ -1,8 +0,0 @@
-product_restricted_prop(masterclear_esim_prop)
-product_restricted_prop(euicc_seamless_transfer_prop)
-
-neverallow { domain -init } masterclear_esim_prop:property_service set;
-neverallow { domain -init } euicc_seamless_transfer_prop:property_service set;
-
-get_prop(appdomain, masterclear_esim_prop)
-get_prop(appdomain, euicc_seamless_transfer_prop)
diff --git a/private/property_contexts b/private/property_contexts
deleted file mode 100644
index 843f2976..00000000
--- a/private/property_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-masterclear.allow_retain_esim_profiles_after_fdr u:object_r:masterclear_esim_prop:s0 exact bool
-euicc.seamless_transfer_enabled_in_non_qs u:object_r:euicc_seamless_transfer_prop:s0 exact bool
diff --git a/whitechapel/vendor/google/euicc_app.te b/system_ext/private/euicc_app.te
index 2e36435b..842f1ec7 100644
--- a/whitechapel/vendor/google/euicc_app.te
+++ b/system_ext/private/euicc_app.te
@@ -1,13 +1,13 @@
-type euicc_app, domain;
+type euicc_app, domain, coredomain;
 app_domain(euicc_app)
 net_domain(euicc_app)
+bluetooth_domain(euicc_app)
 
 allow euicc_app app_api_service:service_manager find;
 allow euicc_app radio_service:service_manager find;
 allow euicc_app cameraserver_service:service_manager find;
 
 get_prop(euicc_app, camera_config_prop)
-get_prop(euicc_app, setupwizard_esim_prop)
 get_prop(euicc_app, bootloader_prop)
 get_prop(euicc_app, exported_default_prop)
-get_prop(euicc_app, vendor_modem_prop)
+get_prop(euicc_app, esim_modem_prop)
diff --git a/system_ext/private/property.te b/system_ext/private/property.te
new file mode 100644
index 00000000..714108b1
--- /dev/null
+++ b/system_ext/private/property.te
@@ -0,0 +1,5 @@
+neverallow {
+  domain
+  -init
+  -vendor_init
+} esim_modem_prop:property_service set;
diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts
index 9cf97280..790ba63b 100644
--- a/system_ext/private/property_contexts
+++ b/system_ext/private/property_contexts
@@ -6,3 +6,6 @@ persist.bootanim.color1     u:object_r:bootanim_system_prop:s0     exact    int
 persist.bootanim.color2     u:object_r:bootanim_system_prop:s0     exact    int
 persist.bootanim.color3     u:object_r:bootanim_system_prop:s0     exact    int
 persist.bootanim.color4     u:object_r:bootanim_system_prop:s0     exact    int
+
+# Properties for euicc
+persist.modem.esim_profiles_exist            u:object_r:esim_modem_prop:s0    exact    string
diff --git a/system_ext/private/seapp_contexts b/system_ext/private/seapp_contexts
new file mode 100644
index 00000000..8c2178a8
--- /dev/null
+++ b/system_ext/private/seapp_contexts
@@ -0,0 +1,2 @@
+# Domain for EuiccGoogle
+user=_app isPrivApp=true  name=com.google.android.euicc domain=euicc_app type=privapp_data_file levelFrom=user
diff --git a/system_ext/public/property.te b/system_ext/public/property.te
index 8908e485..bb07d927 100644
--- a/system_ext/public/property.te
+++ b/system_ext/public/property.te
@@ -1,2 +1,5 @@
 # Fingerprint (UDFPS) GHBM/LHBM toggle
 system_vendor_config_prop(fingerprint_ghbm_prop)
+
+# eSIM properties
+system_vendor_config_prop(esim_modem_prop)
diff --git a/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem b/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem
deleted file mode 100644
index be6c715c..00000000
--- a/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDwzCCAqugAwIBAgIJAOZ2d46ckK9JMA0GCSqGSIb3DQEBCwUAMHgxCzAJBgNV
-BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW
-aWV3MRQwEgYDVQQKDAtHb29nbGUgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEUMBIG
-A1UEAwwLRXVpY2NHb29nbGUwHhcNMTYxMjE3MDEyMTEzWhcNNDQwNTA0MDEyMTEz
-WjB4MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
-TW91bnRhaW4gVmlldzEUMBIGA1UECgwLR29vZ2xlIEluYy4xEDAOBgNVBAsMB0Fu
-ZHJvaWQxFDASBgNVBAMMC0V1aWNjR29vZ2xlMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA1S7b8bGk4fNm3cckWJx2sbnvC39BroHNwk6am6jVP4MZAYuc
-PN6QQ7/2s7hvtn91w6VbeGi2fryIMc7jXjlixheotD2Ns+/7qsPpQ+ZovfaQO5Xw
-/c4J+1CfiqrLtd4TyO+4uFGTCO/vs4qhMH58QrhnYPZUqeuq0Zs1Irp0FlVFe1qm
-1heU2zJy5locjb9UJXY33sVc9vfWy+sM8TLX40nWxIXGdbzJHJNyjjr/NA+0+drx
-anJCtac6+evehH6o8+t8RQBU44PEZiyGkM8poNgRTAcFdRFXU8pitZXp3QZQk6HO
-JsVuqqADwsfxGSdVyHFmOW7gxpkB9+IuJJEmkQIDAQABo1AwTjAdBgNVHQ4EFgQU
-lVkGDn/XmF7HjP0K3ykCNnnZ8jMwHwYDVR0jBBgwFoAUlVkGDn/XmF7HjP0K3ykC
-NnnZ8jMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkDOpQMXcuKwt
-CPu5/tdskpfoBMrpYJOwfvpj/JwrudnXUHZXnBnH9PtHprghGtNiWPXHTbZSzKUS
-Aojpo1Lev7DtowFILA54oY6d1NqbCIJy+Knwt3W5H7Rg8u8LqvzkpX5CBKAhRwkQ
-0t3yrlEkI7kx805vg484gAe+AXyBx0dGe6ov4/yrzv9E+1jhIgP7tF/f+x8zX6Tr
-mDCjzz4mgKahMbmsHQg430wlbZczrciMMfPiRc3xEHKLUqGL0ARtE01hJiJ4TY/X
-iL/8QUA3nBcpUyEwHFwUao40Gjca9xteKd7MtmiZ6BM2JJSQ4nSNkcwQW8PU/7Qb
-0QMwPRPLbQ==
------END CERTIFICATE-----
diff --git a/whitechapel/vendor/google/keys.conf b/whitechapel/vendor/google/keys.conf
index d609a05d..fb6e52b6 100644
--- a/whitechapel/vendor/google/keys.conf
+++ b/whitechapel/vendor/google/keys.conf
@@ -6,6 +6,3 @@ ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/com_qorvo_uwb
 
 [@EUICCSUPPORTPIXEL]
 ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/EuiccSupportPixel.x509.pem
-
-[@EUICCGOOGLE]
-ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/EuiccGoogle.x509.pem
diff --git a/whitechapel/vendor/google/mac_permissions.xml b/whitechapel/vendor/google/mac_permissions.xml
index e4658cc5..6cb7113c 100644
--- a/whitechapel/vendor/google/mac_permissions.xml
+++ b/whitechapel/vendor/google/mac_permissions.xml
@@ -30,7 +30,4 @@
     <signer signature="@EUICCSUPPORTPIXEL" >
         <seinfo value="EuiccSupportPixel" />
     </signer>
-    <signer signature="@EUICCGOOGLE" >
-      <seinfo value="EuiccGoogle" />
-    </signer>
 </policy>
diff --git a/whitechapel/vendor/google/seapp_contexts b/whitechapel/vendor/google/seapp_contexts
index e84832b6..e724de28 100644
--- a/whitechapel/vendor/google/seapp_contexts
+++ b/whitechapel/vendor/google/seapp_contexts
@@ -52,8 +52,5 @@ user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_
 # Domain for EuiccSupportPixel
 user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
 
-# Domain for EuiccGoogle
-user=_app isPrivApp=true seinfo=EuiccGoogle name=com.google.android.euicc domain=euicc_app type=app_data_file levelFrom=all
-
 # CccDkTimeSyncService
 user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all
diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te
index 1707ef8b..b03c7bb5 100644
--- a/whitechapel/vendor/google/vendor_init.te
+++ b/whitechapel/vendor/google/vendor_init.te
@@ -13,6 +13,7 @@ set_prop(vendor_init, vendor_ro_config_default_prop)
 get_prop(vendor_init, vendor_touchpanel_prop)
 set_prop(vendor_init, vendor_tcpdump_log_prop)
 set_prop(vendor_init, vendor_logger_prop)
+set_prop(vendor_init, esim_modem_prop)
 
 allow vendor_init proc_dirty:file w_file_perms;
 allow vendor_init proc_sched:file write;