Added supplemental key to the sepolicy
Allows apps to be signed with the supplemental key
Bug: 203670791
Test: Make, device boots
Ignore-AOSP-First: Feature is developed in internal branch
Change-Id: I2215ffe74e0fa19ff936e90c08c4ebfd177e5258
diff --git a/mac_permissions.mk b/mac_permissions.mk
index 566c82b..150c5dd 100644
--- a/mac_permissions.mk
+++ b/mac_permissions.mk
@@ -22,7 +22,7 @@
$(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
# Should be synced with keys.conf.
-all_plat_keys := platform media networkstack shared testkey
+all_plat_keys := platform supplemental_process media networkstack shared testkey
all_plat_keys := $(all_plat_keys:%=$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))/%.x509.pem)
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_plat_mac_perms_files)
diff --git a/private/keys.conf b/private/keys.conf
index 362e73d..0112340 100644
--- a/private/keys.conf
+++ b/private/keys.conf
@@ -11,6 +11,9 @@
[@PLATFORM]
ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/platform.x509.pem
+[@SUPPLEMENTAL_PROCESS]
+ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/supplemental_process.x509.pem
+
[@MEDIA]
ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/media.x509.pem
diff --git a/private/mac_permissions.xml b/private/mac_permissions.xml
index 7fc37c1..0e77637 100644
--- a/private/mac_permissions.xml
+++ b/private/mac_permissions.xml
@@ -51,6 +51,11 @@
<seinfo value="platform" />
</signer>
+ <!-- Supplemental process key -->
+ <signer signature="@SUPPLEMENTAL_PROCESS" >
+ <seinfo value="supplemental_process" />
+ </signer>
+
<!-- Media key in AOSP -->
<signer signature="@MEDIA" >
<seinfo value="media" />