Merge "Add eSIM directory and disable bootstrap when bootloader is unlocked in user build" into main
diff --git a/esim/Android.bp b/esim/Android.bp
new file mode 100644
index 0000000..a2427f1
--- /dev/null
+++ b/esim/Android.bp
@@ -0,0 +1,10 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+prebuilt_etc {
+ name: "init.esim-gs.rc",
+ src: "init.esim-gs.rc",
+ vendor: true,
+ sub_dir: "init",
+}
diff --git a/esim/OWNERS b/esim/OWNERS
new file mode 100644
index 0000000..157ecd6
--- /dev/null
+++ b/esim/OWNERS
@@ -0,0 +1,2 @@
+kiwonp@google.com
+mewan@google.com
\ No newline at end of file
diff --git a/esim/esim.mk b/esim/esim.mk
new file mode 100644
index 0000000..47e21b7
--- /dev/null
+++ b/esim/esim.mk
@@ -0,0 +1,5 @@
+PRODUCT_PACKAGES += init.esim-gs.rc
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/esim/sepolicy/vendor
+# system_ext
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/esim/sepolicy/system_ext/public
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/esim/sepolicy/system_ext/private
diff --git a/esim/init.esim-gs.rc b/esim/init.esim-gs.rc
new file mode 100644
index 0000000..291f9ee
--- /dev/null
+++ b/esim/init.esim-gs.rc
@@ -0,0 +1,7 @@
+# Disable bootstrap when bootloader is unlocked in user build
+on property:ro.build.type=user && property:ro.boot.flash.locked=0
+ setprop setupwizard.feature.provisioning_profile_mode false
+
+# Disable bootstrap for DVT devices shipping to non-US carriers
+on property:ro.boot.warranty.sku=BOF
+ setprop setupwizard.feature.provisioning_profile_mode false
diff --git a/esim/sepolicy/system_ext/private/gmscore_app.te b/esim/sepolicy/system_ext/private/gmscore_app.te
new file mode 100644
index 0000000..90bc371
--- /dev/null
+++ b/esim/sepolicy/system_ext/private/gmscore_app.te
@@ -0,0 +1,2 @@
+# Allow to read setupwizard_feature_prop
+get_prop(priv_app, setupwizard_feature_prop)
diff --git a/esim/sepolicy/system_ext/private/priv_app.te b/esim/sepolicy/system_ext/private/priv_app.te
new file mode 100644
index 0000000..90bc371
--- /dev/null
+++ b/esim/sepolicy/system_ext/private/priv_app.te
@@ -0,0 +1,2 @@
+# Allow to read setupwizard_feature_prop
+get_prop(priv_app, setupwizard_feature_prop)
diff --git a/esim/sepolicy/system_ext/private/property_contexts b/esim/sepolicy/system_ext/private/property_contexts
new file mode 100644
index 0000000..464a289
--- /dev/null
+++ b/esim/sepolicy/system_ext/private/property_contexts
@@ -0,0 +1,2 @@
+# setupwizard
+setupwizard.feature.provisioning_profile_mode u:object_r:setupwizard_feature_prop:s0
diff --git a/esim/sepolicy/system_ext/public/property.te b/esim/sepolicy/system_ext/public/property.te
new file mode 100644
index 0000000..96cb3b3
--- /dev/null
+++ b/esim/sepolicy/system_ext/public/property.te
@@ -0,0 +1,2 @@
+# setupwizard
+system_public_prop(setupwizard_feature_prop)
diff --git a/esim/sepolicy/vendor/vendor_init.te b/esim/sepolicy/vendor/vendor_init.te
new file mode 100644
index 0000000..c9cb14e
--- /dev/null
+++ b/esim/sepolicy/vendor/vendor_init.te
@@ -0,0 +1,2 @@
+# setupwizard
+set_prop(vendor_init, setupwizard_feature_prop)