sepolicy: Define key for TimeService apk

Define key for TimeService apk. Change-Id: I612120345bed56fd92d438a0a2db3db6aa919519
TheCatGang · Sep 4, 2019 · e0df12a · e0df12a
1 parent eee010c
commit e0df12a
Show file tree

Hide file tree

Showing 8 changed files with 125 additions and 6 deletions.
diff --git a/Android.mk b/Android.mk
@@ -24,6 +24,7 @@ ifeq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM)))
        $(LOCAL_PATH)/generic/vendor/common \
        $(LOCAL_PATH)/qva/vendor/common/sysmonapp \
        $(LOCAL_PATH)/qva/vendor/ssg \
+       $(LOCAL_PATH)/timeservice \
        $(LOCAL_PATH)/qva/vendor/common
 
     ifeq ($(TARGET_SEPOLICY_DIR),)
@@ -46,6 +47,7 @@ ifneq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM)))
                  $(LOCAL_PATH) \
                  $(LOCAL_PATH)/legacy/vendor/common/sysmonapp \
                  $(LOCAL_PATH)/legacy/vendor/ssg \
+                 $(LOCAL_PATH)/timeservice \
                  $(LOCAL_PATH)/legacy/vendor/common
 
     ifeq ($(TARGET_SEPOLICY_DIR),)

diff --git a/generic/vendor/common/seapp_contexts b/generic/vendor/common/seapp_contexts
@@ -27,9 +27,6 @@
 # A fallback in case tango_core is missing something critical that untrusted_app provides
 user=_app seinfo=tango name=com.google.tango:app domain=untrusted_app type=app_data_file levelFrom=user
 
-#Needed for time service apk
-user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file levelFrom=all
-
 # AtFwd app
 user=_app seinfo=platform name=com.qualcomm.telephony domain=qtelephony type=app_data_file levelFrom=all
 

diff --git a/legacy/vendor/common/seapp_contexts b/legacy/vendor/common/seapp_contexts
@@ -37,9 +37,6 @@ user=_app seinfo=platform name=com.qualcomm.telephony domain=qtelephony type=app
 #Add new domain for QDMA
 user=system seinfo=platform name=com.qualcomm.qti.qdma domain=qdma_app type=system_app_data_file
 
-# Add time service app
-user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file levelFrom=all
-
 #Add new domain for logkit services
 user=system seinfo=platform name=com.qualcomm.qti.logkit domain=qti_logkit_app type=system_app_data_file
 

diff --git a/timeservice/keys.conf b/timeservice/keys.conf
@@ -0,0 +1,29 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+[@TIMESERVICE]
+ALL : device/qcom/sepolicy/timeservice/timeservice_app_cert.x509.pem
diff --git a/timeservice/mac_permissions.xml b/timeservice/mac_permissions.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright (c) 2019, The Linux Foundation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+    * Redistributions of source code must retain the above copyright
+       notice, this list of conditions and the following disclaimer.
+     * Redistributions in binary form must reproduce the above
+       copyright notice, this list of conditions and the following
+       disclaimer in the documentation and/or other materials provided
+       with the distribution.
+     * Neither the name of The Linux Foundation nor the names of its
+       contributors may be used to endorse or promote products derived
+       from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+ WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+ ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ -->
+<policy>
+
+<!--
+See /system/sepolicy/private/mac_permissions.xml
+-->
+
+    <signer signature="@TIMESERVICE" >
+      <seinfo value="timeserviceapp" />
+    </signer>
+
+</policy>
diff --git a/timeservice/seapp_contexts b/timeservice/seapp_contexts
@@ -0,0 +1,30 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Needed for time service apk
+user=_app seinfo=timeserviceapp name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file levelFrom=all
+
diff --git a/timeservice/timeservice_app_cert.pk8 b/timeservice/timeservice_app_cert.pk8
diff --git a/timeservice/timeservice_app_cert.x509.pem b/timeservice/timeservice_app_cert.x509.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID+zCCAuOgAwIBAgIJAMg/RXpMUk2MMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYD
+VQQGEwJJTjEQMA4GA1UECAwHVW5rbm93bjEQMA4GA1UEBwwHVW5rbm93bjEkMCIG
+A1UECgwbUXVhbGNvbW0gVGVjaG5vbG9naWVzLCBJbmMuMRQwEgYDVQQLDAtUSU1F
+U0VSVklDRTEkMCIGA1UEAwwbVElNRVNFUlZJQ0UgUHJpdmlsZWdlZCBBcHBzMB4X
+DTE5MDczMTA5MzkyMloXDTQ2MTIxNjA5MzkyMlowgZMxCzAJBgNVBAYTAklOMRAw
+DgYDVQQIDAdVbmtub3duMRAwDgYDVQQHDAdVbmtub3duMSQwIgYDVQQKDBtRdWFs
+Y29tbSBUZWNobm9sb2dpZXMsIEluYy4xFDASBgNVBAsMC1RJTUVTRVJWSUNFMSQw
+IgYDVQQDDBtUSU1FU0VSVklDRSBQcml2aWxlZ2VkIEFwcHMwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDHEZhGjzKyYWuz4VYseoKiRXPXQ+3FLj7MYChe
+9fj3bqeCmp4h2oX1hrI5y2Nml466K7+XnRmzqoeK1QxPnt6E3jZJttQDojGSyqtA
+mA1UDYLeaMYUSk4+rSiJ22xJ2HP0gLxTfV9Gz8N5zsvwB65ZM5q2wL2jZX48aA51
+PcNYbtKeVPKt2ZP1m9LWjEIySjxj1pKhPaQdB3ukCsxZOLv27sqk3JE9Z6n/uWCB
+bFt0OuaXZGpIwcKO53X1Bw4/M3wYcWmGNvFBUnRzZA2MTj49f+lprgxkx4GnbU9j
+TGl8dxImLCvtvIXYjB8cuLJWhKnS/qoItdRruX4fK1Bkf1nvAgMBAAGjUDBOMB0G
+A1UdDgQWBBSZ/rBADK7UrF89aVV5YYOgB0/zyDAfBgNVHSMEGDAWgBSZ/rBADK7U
+rF89aVV5YYOgB0/zyDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAF
+HG/GPgwZwXD0OgkE44f6CAhBsH2FfbGs4l0oapCJmtbWCNEu7LM0oZbr1J5JFv41
+lug8eOSGb1cTbGZF6hl+6JdO42NGI96A/3mHlffPoUjDuLYcMRUoWfimI+T9PS0W
+gRfavA8osdyrBU7QxM0Axp62chWEF3/wmOZRIJd8rW8FpDPrqKZlywnJXDPNm5Wo
+9g1WLAuu7bcFGUeed7fOmKPaVzA3aWCPSUTapj30fe0Mq+0ezODLaRhoMpVKuS6z
+QlUedAEkBpamFTk90nnWoBpOhwcw2P5L1D3fhzZCAqf8xmp+torqiJxBA+9t6GHK
+LR5CTP6cVxCy5pNWkW4Y
+-----END CERTIFICATE-----