Add privapp permission whitelist for production builds

Android.bp

@@ -28,9 +28,17 @@ android_app {
     resource_dirs: [
         "app/src/main/res",
     ],
+    required: ["privapp_whitelist_im.angry.openeuicc.xml"],
     manifest: "app/src/main/AndroidManifest.xml",
     privileged: true,
     platform_apis: true,
     system_ext_specific: true,
     certificate: "platform",
 }
+
+prebuilt_etc {
+    name: "privapp_whitelist_im.angry.openeuicc.xml",
+    system_ext_specific: true,
+    src: "privapp_whitelist_im.angry.openeuicc.xml",
+    sub_dir: "permissions",
+}

privapp_whitelist_im.angry.openeuicc.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<permissions>
+    <privapp-permissions package="im.angry.openeuicc">
+        <permission name="android.permission.READ_PRIVILEGED_PHONE_STATE" />
+        <permission name="android.permission.WRITE_EMBEDDED_SUBSCRIPTIONS" />
+        <permission name="android.permission.MODIFY_PHONE_STATE" />
+        <permission name="android.permission.SECURE_ELEMENT_PRIVILEGED_OPERATION" />
+    </privapp-permissions>
+</permissions>