sepolicy(nfc): Changing selinux policy for signed NFC APK NFC stack is becoming an unbundled apex which embeds the existing NFC APK. Unbundling requires the apex & apk to be signed by non-platform certificates, hence adding new seapp_contexts rule for the NFC stack. The old rule is also left behing to support `-next` config builds where we are still using the platform signed NFC APK. Ignore-AOSP-First: All of the NFC mainline work is only present in internal master. Will cherry-pick this CL once we cherry-pick all its dependencies. Bug: 320583956 Test: Bootup test with signed NFC APK (within NFC apex) Change-Id: I1d4d6370cce558c8dcc0ec73a7ce47c2b5495a33

commit: 1e745f5fb43482c958f154d089f314c05718eaf6 [log] [tgz]
author: Roshan Pius <rpius@google.com> Fri Nov 03 17:39:43 2023 -0700
committer: Roshan Pius <rpius@google.com> Thu Jan 18 17:21:30 2024 +0000
tree: 7d7dafa383ed2cf76457b60d71f47c78f1727e40
parent: e74cd80819e31b3505e839c13332c0d930f83ee8 [diff] [blame]
diff --git a/private/mac_permissions.xml b/private/mac_permissions.xml
index c9a9aca..fa8ffcf 100644
--- a/private/mac_permissions.xml
+++ b/private/mac_permissions.xml

@@ -69,4 +69,9 @@
     <signer signature="@NETWORK_STACK" >
       <seinfo value="network_stack" />
     </signer>
+
+    <!-- NFC key in AOSP -->
+    <signer signature="@NFC" >
+      <seinfo value="nfc" />
+    </signer>
 </policy>
commit	1e745f5fb43482c958f154d089f314c05718eaf6	[log] [tgz]
author	Roshan Pius <rpius@google.com>	Fri Nov 03 17:39:43 2023 -0700
committer	Roshan Pius <rpius@google.com>	Thu Jan 18 17:21:30 2024 +0000
tree	7d7dafa383ed2cf76457b60d71f47c78f1727e40
parent	e74cd80819e31b3505e839c13332c0d930f83ee8 [diff] [blame]