From ff8d7d7825077604dec6ad7b9036ce1795b0756c Mon Sep 17 00:00:00 2001
From: Steve Berbary <sberbary@google.com>
Date: Wed, 6 Apr 2022 05:07:59 +0000
Subject: [PATCH 1/3] Update Security String to 2022-06-01

Bug: 228265025
Change-Id: Iac5d1f2b0c48bf5ff7dc89d00d49944e764cec5c
Merged-In: Iac5d1f2b0c48bf5ff7dc89d00d49944e764cec5c
---
 core/version_defaults.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/version_defaults.mk b/core/version_defaults.mk
index 6b12e1270e..0a3350a03b 100644
--- a/core/version_defaults.mk
+++ b/core/version_defaults.mk
@@ -250,7 +250,7 @@ ifndef PLATFORM_SECURITY_PATCH
     #  It must be of the form "YYYY-MM-DD" on production devices.
     #  It must match one of the Android Security Patch Level strings of the Public Security Bulletins.
     #  If there is no $PLATFORM_SECURITY_PATCH set, keep it empty.
-      PLATFORM_SECURITY_PATCH := 2022-05-01
+      PLATFORM_SECURITY_PATCH := 2022-06-01
 endif
 .KATI_READONLY := PLATFORM_SECURITY_PATCH
 

From 69e6d821064b1299c6cbfa94c24c89c649d83f9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Melisa=20Carranza=20Z=C3=BA=C3=B1iga?= <melisacz@google.com>
Date: Tue, 12 Apr 2022 23:22:11 +0000
Subject: [PATCH 2/3] Revert "Merge "Adding sepolicy sign params to
 sign_target_files_apks." am: fb042449e0 am: bd8c313275 am: a2db49becd"

This reverts commit 6e6c22c70e48e9d4fe830fe0c5b9c47618bd116a.

Reason for revert: Updateable SEPolicy is punted.

Change-Id: I99524d13811028a4036aa85c74cf10974fe08165
---
 tools/releasetools/common.py                  |  1 -
 tools/releasetools/sign_apex.py               |  3 +-
 tools/releasetools/sign_target_files_apks.py  | 90 +++----------------
 .../test_sign_target_files_apks.py            | 80 ++---------------
 4 files changed, 16 insertions(+), 158 deletions(-)

diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 2f46576fc7..bf9fa6ccf9 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -97,7 +97,6 @@ class Options(object):
     self.stash_threshold = 0.8
     self.logfile = None
     self.host_tools = {}
-    self.sepolicy_name = 'sepolicy.apex'
 
 
 OPTIONS = Options()
diff --git a/tools/releasetools/sign_apex.py b/tools/releasetools/sign_apex.py
index a68f1eca4a..722359b2d2 100755
--- a/tools/releasetools/sign_apex.py
+++ b/tools/releasetools/sign_apex.py
@@ -61,7 +61,6 @@ import apex_utils
 import common
 
 logger = logging.getLogger(__name__)
-OPTIONS = common.OPTIONS
 
 
 def SignApexFile(avbtool, apex_file, payload_key, container_key, no_hashtree,
@@ -82,7 +81,7 @@ def SignApexFile(avbtool, apex_file, payload_key, container_key, no_hashtree,
       apk_keys=apk_keys,
       signing_args=signing_args,
       sign_tool=sign_tool,
-      is_sepolicy=apex_file.endswith(OPTIONS.sepolicy_name),
+      is_sepolicy=apex_file.endswith("sepolicy.apex"),
       sepolicy_key=sepolicy_key,
       sepolicy_cert=sepolicy_cert,
       fsverity_tool=fsverity_tool)
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 5f46ae06c9..fc6afb1c56 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -137,15 +137,6 @@ Usage:  sign_target_files_apks [flags] input_target_files output_target_files
   --android_jar_path <path>
       Path to the android.jar to repack the apex file.
 
-  --sepolicy_key <key>
-      Optional flag that specifies the sepolicy signing key, defaults to payload_key for the sepolicy.apex.
-
-  --sepolicy_cert <cert>
-      Optional flag that specifies the sepolicy signing cert.
-
-  --fsverity_tool <path>
-      Optional flag that specifies the path to fsverity tool to sign SEPolicy, defaults to fsverity.
-
   --allow_gsi_debug_sepolicy
       Allow the existence of the file 'userdebug_plat_sepolicy.cil' under
       (/system/system_ext|/system_ext)/etc/selinux.
@@ -205,9 +196,6 @@ OPTIONS.gki_signing_extra_args = None
 OPTIONS.android_jar_path = None
 OPTIONS.vendor_partitions = set()
 OPTIONS.vendor_otatools = None
-OPTIONS.sepolicy_key = None
-OPTIONS.sepolicy_cert = None
-OPTIONS.fsverity_tool = None
 OPTIONS.allow_gsi_debug_sepolicy = False
 
 
@@ -246,8 +234,6 @@ ALLOWED_VENDOR_PARTITIONS = set(["vendor", "odm"])
 def IsApexFile(filename):
   return filename.endswith(".apex") or filename.endswith(".capex")
 
-def IsSepolicyApex(filename):
-  return filename.endswith(OPTIONS.sepolicy_name)
 
 def GetApexFilename(filename):
   name = os.path.basename(filename)
@@ -270,24 +256,6 @@ def GetApkCerts(certmap):
 
   return certmap
 
-def GetSepolicyKeys(keys_info):
-  """Gets SEPolicy signing keys applying overrides from command line options.
-
-  Args:
-    keys_info: A dict that maps from the SEPolicy APEX filename to a tuple of
-    (sepolicy_key, sepolicy_cert, fsverity_tool).
-
-  Returns:
-    A dict that contains the updated APEX key mapping, which should be used for
-    the current signing.
-  """
-  for name in keys_info:
-      (sepolicy_key, sepolicy_cert, fsverity_tool) = keys_info[name]
-      sepolicy_key = OPTIONS.sepolicy_key if OPTIONS.sepolicy_key else sepolicy_key
-      sepolicy_cert = OPTIONS.sepolicy_cert if OPTIONS.sepolicy_cert else sepolicy_cert
-      fsverity_tool = OPTIONS.fsverity_tool if OPTIONS.fsverity_tool else fsverity_tool
-      keys_info[name] = (sepolicy_key, sepolicy_cert, fsverity_tool)
-  return keys_info
 
 def GetApexKeys(keys_info, key_map):
   """Gets APEX payload and container signing keys by applying the mapping rules.
@@ -550,7 +518,7 @@ def IsBuildPropFile(filename):
 def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
                        apk_keys, apex_keys, key_passwords,
                        platform_api_level, codename_to_api_level_map,
-                       compressed_extension, sepolicy_keys):
+                       compressed_extension):
   # maxsize measures the maximum filename length, including the ones to be
   # skipped.
   try:
@@ -618,17 +586,6 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
         print("           : %-*s payload   (%s)" % (
             maxsize, name, payload_key))
 
-        sepolicy_key = None
-        sepolicy_cert = None
-        fsverity_tool = None
-
-        if IsSepolicyApex(name):
-          (sepolicy_key, sepolicy_cert, fsverity_tool) = sepolicy_keys[name]
-          print("           : %-*s sepolicy key   (%s)" % (
-            maxsize, name, sepolicy_key))
-          print("           : %-*s sepolicy cert  (%s)" % (
-            maxsize, name, sepolicy_cert))
-
         signed_apex = apex_utils.SignApex(
             misc_info['avb_avbtool'],
             data,
@@ -639,11 +596,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
             codename_to_api_level_map,
             no_hashtree=None,  # Let apex_util determine if hash tree is needed
             signing_args=OPTIONS.avb_extra_args.get('apex'),
-            sign_tool=sign_tool,
-            is_sepolicy=IsSepolicyApex(name),
-            sepolicy_key=sepolicy_key,
-            sepolicy_cert=sepolicy_cert,
-            fsverity_tool=fsverity_tool)
+            sign_tool=sign_tool)
         common.ZipWrite(output_tf_zip, signed_apex, filename)
 
       else:
@@ -1253,24 +1206,20 @@ def GetCodenameToApiLevelMap(input_tf_zip):
 def ReadApexKeysInfo(tf_zip):
   """Parses the APEX keys info from a given target-files zip.
 
-  Given a target-files ZipFile, parses the META/apexkeys.txt entry and returns
-  two dicts, the first one contains the mapping from APEX names
-  (e.g. com.android.tzdata) to a tuple of (payload_key, container_key,
-  sign_tool). The second one maps the sepolicy APEX name to a tuple containing
-  (sepolicy_key, sepolicy_cert, fsverity_tool).
+  Given a target-files ZipFile, parses the META/apexkeys.txt entry and returns a
+  dict that contains the mapping from APEX names (e.g. com.android.tzdata) to a
+  tuple of (payload_key, container_key, sign_tool).
 
   Args:
     tf_zip: The input target_files ZipFile (already open).
 
   Returns:
-    name : (payload_key, container_key, sign_tool)
+    (payload_key, container_key, sign_tool):
       - payload_key contains the path to the payload signing key
       - container_key contains the path to the container signing key
       - sign_tool is an apex-specific signing tool for its payload contents
-    name : (sepolicy_key, sepolicy_cert, fsverity_tool)
   """
   keys = {}
-  sepolicy_keys = {}
   for line in tf_zip.read('META/apexkeys.txt').decode().split('\n'):
     line = line.strip()
     if not line:
@@ -1281,9 +1230,6 @@ def ReadApexKeysInfo(tf_zip):
         r'private_key="(?P<PAYLOAD_PRIVATE_KEY>.*)"\s+'
         r'container_certificate="(?P<CONTAINER_CERT>.*)"\s+'
         r'container_private_key="(?P<CONTAINER_PRIVATE_KEY>.*?)"'
-        r'(\s+sepolicy_key="(?P<SEPOLICY_KEY>.*?)")?'
-        r'(\s+sepolicy_certificate="(?P<SEPOLICY_CERT>.*?)")?'
-        r'(\s+fsverity_tool="(?P<FSVERITY_TOOL>.*?)")?'
         r'(\s+partition="(?P<PARTITION>.*?)")?'
         r'(\s+sign_tool="(?P<SIGN_TOOL>.*?)")?$',
         line)
@@ -1312,18 +1258,12 @@ def ReadApexKeysInfo(tf_zip):
             container_private_key, OPTIONS.private_key_suffix):
       container_key = container_cert[:-len(OPTIONS.public_key_suffix)]
     else:
-      raise ValueError("Failed to parse container keys: \n{} **** {}".format(container_cert, container_private_key))
+      raise ValueError("Failed to parse container keys: \n{}".format(line))
 
     sign_tool = matches.group("SIGN_TOOL")
     keys[name] = (payload_private_key, container_key, sign_tool)
 
-    if IsSepolicyApex(name):
-      sepolicy_key = matches.group('SEPOLICY_KEY')
-      sepolicy_cert = matches.group('SEPOLICY_CERT')
-      fsverity_tool = matches.group('FSVERITY_TOOL')
-      sepolicy_keys[name] = (sepolicy_key, sepolicy_cert, fsverity_tool)
-
-  return keys, sepolicy_keys
+  return keys
 
 
 def BuildVendorPartitions(output_zip_path):
@@ -1541,12 +1481,6 @@ def main(argv):
       OPTIONS.vendor_otatools = a
     elif o == "--vendor_partitions":
       OPTIONS.vendor_partitions = set(a.split(","))
-    elif o == '--sepolicy_key':
-      OPTIONS.sepolicy_key = a
-    elif o == '--sepolicy_cert':
-      OPTIONS.sepolicy_cert = a
-    elif o == '--fsverity_tool':
-      OPTIONS.fsverity_tool = a
     elif o == "--allow_gsi_debug_sepolicy":
       OPTIONS.allow_gsi_debug_sepolicy = True
     else:
@@ -1604,9 +1538,6 @@ def main(argv):
           "gki_signing_extra_args=",
           "vendor_partitions=",
           "vendor_otatools=",
-          "sepolicy_key=",
-          "sepolicy_cert=",
-          "fsverity_tool=",
           "allow_gsi_debug_sepolicy",
       ],
       extra_option_handler=option_handler)
@@ -1629,9 +1560,8 @@ def main(argv):
   apk_keys_info, compressed_extension = common.ReadApkCerts(input_zip)
   apk_keys = GetApkCerts(apk_keys_info)
 
-  apex_keys_info, sepolicy_keys_info = ReadApexKeysInfo(input_zip)
+  apex_keys_info = ReadApexKeysInfo(input_zip)
   apex_keys = GetApexKeys(apex_keys_info, apk_keys)
-  sepolicy_keys = GetSepolicyKeys(sepolicy_keys_info)
 
   # TODO(xunchang) check for the apks inside the apex files, and abort early if
   # the keys are not available.
@@ -1649,7 +1579,7 @@ def main(argv):
   ProcessTargetFiles(input_zip, output_zip, misc_info,
                      apk_keys, apex_keys, key_passwords,
                      platform_api_level, codename_to_api_level_map,
-                     compressed_extension, sepolicy_keys)
+                     compressed_extension)
 
   common.ZipClose(input_zip)
   common.ZipClose(output_zip)
diff --git a/tools/releasetools/test_sign_target_files_apks.py b/tools/releasetools/test_sign_target_files_apks.py
index 144a3cd460..0f13add290 100644
--- a/tools/releasetools/test_sign_target_files_apks.py
+++ b/tools/releasetools/test_sign_target_files_apks.py
@@ -476,7 +476,7 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
       target_files_zip.writestr('META/apexkeys.txt', self.APEX_KEYS_TXT)
 
     with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
-      keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
+      keys_info = ReadApexKeysInfo(target_files_zip)
 
     self.assertEqual({
         'apex.apexd_test.apex': (
@@ -486,7 +486,6 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
             'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
             'build/make/target/product/security/testkey', None),
         }, keys_info)
-    self.assertEqual({}, sepolicy_keys_info)
 
   def test_ReadApexKeysInfo_mismatchingContainerKeys(self):
     # Mismatching payload public / private keys.
@@ -516,7 +515,7 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
       target_files_zip.writestr('META/apexkeys.txt', apex_keys)
 
     with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
-      keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
+      keys_info = ReadApexKeysInfo(target_files_zip)
 
     self.assertEqual({
         'apex.apexd_test.apex': (
@@ -526,7 +525,6 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
             'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
             'build/make/target/product/security/testkey', None),
         }, keys_info)
-    self.assertEqual({}, sepolicy_keys_info)
 
   def test_ReadApexKeysInfo_missingPayloadPublicKey(self):
     # Invalid lines will be skipped.
@@ -540,7 +538,7 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
       target_files_zip.writestr('META/apexkeys.txt', apex_keys)
 
     with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
-      keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
+      keys_info = ReadApexKeysInfo(target_files_zip)
 
     self.assertEqual({
         'apex.apexd_test.apex': (
@@ -550,7 +548,6 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
             'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
             'build/make/target/product/security/testkey', None),
         }, keys_info)
-    self.assertEqual({}, sepolicy_keys_info)
 
   def test_ReadApexKeysInfo_presignedKeys(self):
     apex_keys = self.APEX_KEYS_TXT + (
@@ -564,7 +561,7 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
       target_files_zip.writestr('META/apexkeys.txt', apex_keys)
 
     with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
-      keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
+      keys_info = ReadApexKeysInfo(target_files_zip)
 
     self.assertEqual({
         'apex.apexd_test.apex': (
@@ -574,7 +571,6 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
             'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
             'build/make/target/product/security/testkey', None),
         }, keys_info)
-    self.assertEqual({}, sepolicy_keys_info)
 
   def test_ReadApexKeysInfo_presignedKeys(self):
     apex_keys = self.APEX_KEYS_TXT + (
@@ -588,7 +584,7 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
       target_files_zip.writestr('META/apexkeys.txt', apex_keys)
 
     with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
-      keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
+      keys_info = ReadApexKeysInfo(target_files_zip)
 
     self.assertEqual({
         'apex.apexd_test.apex': (
@@ -598,72 +594,6 @@ name="apex.apexd_test_different_app.apex" public_key="system/apex/apexd/apexd_te
             'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
             'build/make/target/product/security/testkey', None),
         }, keys_info)
-    self.assertEqual({}, sepolicy_keys_info)
-
-  def test_ReadApexKeysInfo_withSepolicyKeys(self):
-    apex_keys = self.APEX_KEYS_TXT + (
-        'name="sepolicy.apex" '
-        'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" '
-        'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
-        'container_certificate="build/make/target/product/security/testkey.x509.pem" '
-        'container_private_key="build/make/target/product/security/testkey.pk8" '
-        'sepolicy_key="build/make/target/product/security/testkey.key" '
-        'sepolicy_certificate="build/make/target/product/security/testkey.x509.pem" '
-        'fsverity_tool="fsverity"')
-    target_files = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
-      target_files_zip.writestr('META/apexkeys.txt', apex_keys)
-
-    with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
-      keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
-
-    self.assertEqual({
-        'apex.apexd_test.apex': (
-            'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
-            'build/make/target/product/security/testkey', None),
-        'apex.apexd_test_different_app.apex': (
-            'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
-            'build/make/target/product/security/testkey', None),
-        'sepolicy.apex': (
-            'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
-            'build/make/target/product/security/testkey', None),
-        }, keys_info)
-    self.assertEqual({'sepolicy.apex': (
-            'build/make/target/product/security/testkey.key',
-            'build/make/target/product/security/testkey.x509.pem',
-            'fsverity'),
-        }, sepolicy_keys_info)
-
-  def test_ReadApexKeysInfo_withSepolicyApex(self):
-    apex_keys = self.APEX_KEYS_TXT + (
-        'name="sepolicy.apex" '
-        'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" '
-        'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
-        'container_certificate="build/make/target/product/security/testkey.x509.pem" '
-        'container_private_key="build/make/target/product/security/testkey.pk8" ')
-    target_files = common.MakeTempFile(suffix='.zip')
-    with zipfile.ZipFile(target_files, 'w', allowZip64=True) as target_files_zip:
-      target_files_zip.writestr('META/apexkeys.txt', apex_keys)
-
-    with zipfile.ZipFile(target_files, allowZip64=True) as target_files_zip:
-      keys_info, sepolicy_keys_info = ReadApexKeysInfo(target_files_zip)
-
-    self.assertEqual({
-        'apex.apexd_test.apex': (
-            'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
-            'build/make/target/product/security/testkey', None),
-        'apex.apexd_test_different_app.apex': (
-            'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
-            'build/make/target/product/security/testkey', None),
-        'sepolicy.apex': (
-            'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
-            'build/make/target/product/security/testkey', None),
-        }, keys_info)
-    self.assertEqual({'sepolicy.apex': (
-            None,
-            None,
-            None),
-        }, sepolicy_keys_info)
 
   def test_ReplaceGkiSigningKey(self):
     common.OPTIONS.gki_signing_key = 'release_gki_key'

From 61e1dd0da5380642e3a642eef8a5c4009fb11257 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Melisa=20Carranza=20Z=C3=BA=C3=B1iga?= <melisacz@google.com>
Date: Wed, 13 Apr 2022 16:23:45 +0000
Subject: [PATCH 3/3] Revert "Merge "Adding flags and logic to sign updateable
 SEPolicy in APEX" am: 77c1dfa6d9 am: 5a0d81a0be am: 54e08307dc"

This reverts commit 8fe9e3a2c72db9d23b60678b530a501dc29ff4dd.

Reason for revert: Updateable SEPolicy is punted.

Change-Id: I28ae2afbb1083e215f4e0a27a9164133cd73dd76
---
 tools/releasetools/apex_utils.py          | 100 ++++------------------
 tools/releasetools/sign_apex.py           |  32 +------
 tools/releasetools/test_sign_apex.py      |  18 ----
 tools/releasetools/testdata/sepolicy.apex | Bin 303104 -> 0 bytes
 4 files changed, 18 insertions(+), 132 deletions(-)
 delete mode 100644 tools/releasetools/testdata/sepolicy.apex

diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py
index 69d6c137f1..2a39f656df 100644
--- a/tools/releasetools/apex_utils.py
+++ b/tools/releasetools/apex_utils.py
@@ -54,7 +54,7 @@ class ApexSigningError(Exception):
 class ApexApkSigner(object):
   """Class to sign the apk files and other files in an apex payload image and repack the apex"""
 
-  def __init__(self, apex_path, key_passwords, codename_to_api_level_map, avbtool=None, sign_tool=None, fsverity_tool=None):
+  def __init__(self, apex_path, key_passwords, codename_to_api_level_map, avbtool=None, sign_tool=None):
     self.apex_path = apex_path
     if not key_passwords:
       self.key_passwords = dict()
@@ -65,9 +65,8 @@ class ApexApkSigner(object):
         OPTIONS.search_path, "bin", "debugfs_static")
     self.avbtool = avbtool if avbtool else "avbtool"
     self.sign_tool = sign_tool
-    self.fsverity_tool = fsverity_tool if fsverity_tool else "fsverity"
 
-  def ProcessApexFile(self, apk_keys, payload_key, signing_args=None, is_sepolicy=False, sepolicy_key=None, sepolicy_cert=None):
+  def ProcessApexFile(self, apk_keys, payload_key, signing_args=None):
     """Scans and signs the payload files and repack the apex
 
     Args:
@@ -85,14 +84,10 @@ class ApexApkSigner(object):
                 self.debugfs_path, 'list', self.apex_path]
     entries_names = common.RunAndCheckOutput(list_cmd).split()
     apk_entries = [name for name in entries_names if name.endswith('.apk')]
-    sepolicy_entries = []
-    if is_sepolicy:
-      sepolicy_entries = [name for name in entries_names if
-          name.startswith('./etc/SEPolicy') and name.endswith('.zip')]
 
     # No need to sign and repack, return the original apex path.
-    if not apk_entries and not sepolicy_entries and self.sign_tool is None:
-      logger.info('No payload (apk or zip) file to sign in %s', self.apex_path)
+    if not apk_entries and self.sign_tool is None:
+      logger.info('No apk file to sign in %s', self.apex_path)
       return self.apex_path
 
     for entry in apk_entries:
@@ -106,16 +101,15 @@ class ApexApkSigner(object):
         logger.warning('Apk path does not contain the intended directory name:'
                        ' %s', entry)
 
-    payload_dir, has_signed_content = self.ExtractApexPayloadAndSignContents(apk_entries,
-        apk_keys, payload_key, sepolicy_entries, sepolicy_key, sepolicy_cert, signing_args)
+    payload_dir, has_signed_content = self.ExtractApexPayloadAndSignContents(
+        apk_entries, apk_keys, payload_key, signing_args)
     if not has_signed_content:
       logger.info('No contents has been signed in %s', self.apex_path)
       return self.apex_path
 
     return self.RepackApexPayload(payload_dir, payload_key, signing_args)
 
-  def ExtractApexPayloadAndSignContents(self, apk_entries, apk_keys, payload_key,
-  sepolicy_entries, sepolicy_key, sepolicy_cert, signing_args):
+  def ExtractApexPayloadAndSignContents(self, apk_entries, apk_keys, payload_key, signing_args):
     """Extracts the payload image and signs the containing apk files."""
     if not os.path.exists(self.debugfs_path):
       raise ApexSigningError(
@@ -147,11 +141,6 @@ class ApexApkSigner(object):
           codename_to_api_level_map=self.codename_to_api_level_map)
       has_signed_content = True
 
-    for entry in sepolicy_entries:
-      sepolicy_key = sepolicy_key if sepolicy_key else payload_key
-      self.SignSePolicy(payload_dir, entry, sepolicy_key, sepolicy_cert)
-      has_signed_content = True
-
     if self.sign_tool:
       logger.info('Signing payload contents in apex %s with %s', self.apex_path, self.sign_tool)
       # Pass avbtool to the custom signing tool
@@ -165,36 +154,6 @@ class ApexApkSigner(object):
 
     return payload_dir, has_signed_content
 
-  def SignSePolicy(self, payload_dir, sepolicy_zip, sepolicy_key, sepolicy_cert):
-    sepolicy_sig = sepolicy_zip + '.sig'
-    sepolicy_fsv_sig = sepolicy_zip + '.fsv_sig'
-
-    policy_zip_path = os.path.join(payload_dir, sepolicy_zip)
-    sig_out_path = os.path.join(payload_dir, sepolicy_sig)
-    sig_old = sig_out_path + '.old'
-    if os.path.exists(sig_out_path):
-      os.rename(sig_out_path, sig_old)
-    sign_cmd = ['openssl', 'dgst', '-sign', sepolicy_key, '-keyform', 'PEM', '-sha256',
-        '-out', sig_out_path, '-binary', policy_zip_path]
-    common.RunAndCheckOutput(sign_cmd)
-    if os.path.exists(sig_old):
-      os.remove(sig_old)
-
-    if not sepolicy_cert:
-      logger.info('No cert provided for SEPolicy, skipping fsverity sign')
-      return
-
-    fsv_sig_out_path = os.path.join(payload_dir, sepolicy_fsv_sig)
-    fsv_sig_old = fsv_sig_out_path + '.old'
-    if os.path.exists(fsv_sig_out_path):
-      os.rename(fsv_sig_out_path, fsv_sig_old)
-
-    fsverity_cmd = [self.fsverity_tool, 'sign', policy_zip_path, fsv_sig_out_path,
-        '--key=' + sepolicy_key, '--cert=' + sepolicy_cert]
-    common.RunAndCheckOutput(fsverity_cmd)
-    if os.path.exists(fsv_sig_old):
-      os.remove(fsv_sig_old)
-
   def RepackApexPayload(self, payload_dir, payload_key, signing_args=None):
     """Rebuilds the apex file with the updated payload directory."""
     apex_dir = common.MakeTempDir()
@@ -365,9 +324,7 @@ def ParseApexPayloadInfo(avbtool, payload_path):
 
 def SignUncompressedApex(avbtool, apex_file, payload_key, container_key,
                          container_pw, apk_keys, codename_to_api_level_map,
-                         no_hashtree, signing_args=None, sign_tool=None,
-                         is_sepolicy=False, sepolicy_key=None, sepolicy_cert=None,
-                         fsverity_tool=None):
+                         no_hashtree, signing_args=None, sign_tool=None):
   """Signs the current uncompressed APEX with the given payload/container keys.
 
   Args:
@@ -380,10 +337,6 @@ def SignUncompressedApex(avbtool, apex_file, payload_key, container_key,
     no_hashtree: Don't include hashtree in the signed APEX.
     signing_args: Additional args to be passed to the payload signer.
     sign_tool: A tool to sign the contents of the APEX.
-    is_sepolicy: Indicates if the apex is a sepolicy.apex
-    sepolicy_key: Key to sign a sepolicy zip.
-    sepolicy_cert: Cert to sign a sepolicy zip.
-    fsverity_tool: fsverity path to sign sepolicy zip.
 
   Returns:
     The path to the signed APEX file.
@@ -392,9 +345,8 @@ def SignUncompressedApex(avbtool, apex_file, payload_key, container_key,
   # the apex file after signing.
   apk_signer = ApexApkSigner(apex_file, container_pw,
                              codename_to_api_level_map,
-                             avbtool, sign_tool, fsverity_tool)
-  apex_file = apk_signer.ProcessApexFile(
-      apk_keys, payload_key, signing_args, is_sepolicy, sepolicy_key, sepolicy_cert)
+                             avbtool, sign_tool)
+  apex_file = apk_signer.ProcessApexFile(apk_keys, payload_key, signing_args)
 
   # 2a. Extract and sign the APEX_PAYLOAD_IMAGE entry with the given
   # payload_key.
@@ -448,9 +400,7 @@ def SignUncompressedApex(avbtool, apex_file, payload_key, container_key,
 
 def SignCompressedApex(avbtool, apex_file, payload_key, container_key,
                        container_pw, apk_keys, codename_to_api_level_map,
-                       no_hashtree, signing_args=None, sign_tool=None,
-                       is_sepolicy=False, sepolicy_key=None, sepolicy_cert=None,
-                       fsverity_tool=None):
+                       no_hashtree, signing_args=None, sign_tool=None):
   """Signs the current compressed APEX with the given payload/container keys.
 
   Args:
@@ -462,10 +412,6 @@ def SignCompressedApex(avbtool, apex_file, payload_key, container_key,
     codename_to_api_level_map: A dict that maps from codename to API level.
     no_hashtree: Don't include hashtree in the signed APEX.
     signing_args: Additional args to be passed to the payload signer.
-    is_sepolicy: Indicates if the apex is a sepolicy.apex
-    sepolicy_key: Key to sign a sepolicy zip.
-    sepolicy_cert: Cert to sign a sepolicy zip.
-    fsverity_tool: fsverity path to sign sepolicy zip.
 
   Returns:
     The path to the signed APEX file.
@@ -492,11 +438,7 @@ def SignCompressedApex(avbtool, apex_file, payload_key, container_key,
       codename_to_api_level_map,
       no_hashtree,
       signing_args,
-      sign_tool,
-      is_sepolicy,
-      sepolicy_key,
-      sepolicy_cert,
-      fsverity_tool)
+      sign_tool)
 
   # 3. Compress signed original apex.
   compressed_apex_file = common.MakeTempFile(prefix='apex-container-',
@@ -524,8 +466,7 @@ def SignCompressedApex(avbtool, apex_file, payload_key, container_key,
 
 def SignApex(avbtool, apex_data, payload_key, container_key, container_pw,
              apk_keys, codename_to_api_level_map,
-             no_hashtree, signing_args=None, sign_tool=None,
-             is_sepolicy=False, sepolicy_key=None, sepolicy_cert=None, fsverity_tool=None):
+             no_hashtree, signing_args=None, sign_tool=None):
   """Signs the current APEX with the given payload/container keys.
 
   Args:
@@ -537,9 +478,6 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw,
     codename_to_api_level_map: A dict that maps from codename to API level.
     no_hashtree: Don't include hashtree in the signed APEX.
     signing_args: Additional args to be passed to the payload signer.
-    sepolicy_key: Key to sign a sepolicy zip.
-    sepolicy_cert: Cert to sign a sepolicy zip.
-    fsverity_tool: fsverity path to sign sepolicy zip.
 
   Returns:
     The path to the signed APEX file.
@@ -565,11 +503,7 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw,
           no_hashtree=no_hashtree,
           apk_keys=apk_keys,
           signing_args=signing_args,
-          sign_tool=sign_tool,
-          is_sepolicy=is_sepolicy,
-          sepolicy_key=sepolicy_key,
-          sepolicy_cert=sepolicy_cert,
-          fsverity_tool=fsverity_tool)
+          sign_tool=sign_tool)
     elif apex_type == 'COMPRESSED':
       return SignCompressedApex(
           avbtool,
@@ -581,11 +515,7 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw,
           no_hashtree=no_hashtree,
           apk_keys=apk_keys,
           signing_args=signing_args,
-          sign_tool=sign_tool,
-          is_sepolicy=is_sepolicy,
-          sepolicy_key=sepolicy_key,
-          sepolicy_cert=sepolicy_cert,
-          fsverity_tool=fsverity_tool)
+          sign_tool=sign_tool)
     else:
       # TODO(b/172912232): support signing compressed apex
       raise ApexInfoError('Unsupported apex type {}'.format(apex_type))
diff --git a/tools/releasetools/sign_apex.py b/tools/releasetools/sign_apex.py
index 01ee80b25b..66f5e0513a 100755
--- a/tools/releasetools/sign_apex.py
+++ b/tools/releasetools/sign_apex.py
@@ -42,15 +42,6 @@ Usage:  sign_apex [flags] input_apex_file output_apex_file
 
   --sign_tool <sign_tool>
       Optional flag that specifies a custom signing tool for the contents of the apex.
-
-  --sepolicy_key <key>
-      Optional flag that specifies the sepolicy signing key, defaults to payload_key.
-
-  --sepolicy_cert <cert>
-      Optional flag that specifies the sepolicy signing cert.
-
-  --fsverity_tool <path>
-      Optional flag that specifies the path to fsverity tool to sign SEPolicy, defaults to fsverity.
 """
 
 import logging
@@ -64,8 +55,7 @@ logger = logging.getLogger(__name__)
 
 
 def SignApexFile(avbtool, apex_file, payload_key, container_key, no_hashtree,
-                 apk_keys=None, signing_args=None, codename_to_api_level_map=None, sign_tool=None,
-                 sepolicy_key=None, sepolicy_cert=None, fsverity_tool=None):
+                 apk_keys=None, signing_args=None, codename_to_api_level_map=None, sign_tool=None):
   """Signs the given apex file."""
   with open(apex_file, 'rb') as input_fp:
     apex_data = input_fp.read()
@@ -80,11 +70,7 @@ def SignApexFile(avbtool, apex_file, payload_key, container_key, no_hashtree,
       no_hashtree=no_hashtree,
       apk_keys=apk_keys,
       signing_args=signing_args,
-      sign_tool=sign_tool,
-      is_sepolicy=apex_file.endswith("sepolicy.apex"),
-      sepolicy_key=sepolicy_key,
-      sepolicy_cert=sepolicy_cert,
-      fsverity_tool=fsverity_tool)
+      sign_tool=sign_tool)
 
 
 def main(argv):
@@ -120,12 +106,6 @@ def main(argv):
         options['extra_apks'].update({n: key})
     elif o == '--sign_tool':
       options['sign_tool'] = a
-    elif o == '--sepolicy_key':
-      options['sepolicy_key'] = a
-    elif o == '--sepolicy_cert':
-      options['sepolicy_cert'] = a
-    elif o == '--fsverity_tool':
-      options['fsverity_tool'] = a
     else:
       return False
     return True
@@ -141,9 +121,6 @@ def main(argv):
           'payload_key=',
           'extra_apks=',
           'sign_tool=',
-          'sepolicy_key=',
-          'sepolicy_cert=',
-          'fsverity_tool='
       ],
       extra_option_handler=option_handler)
 
@@ -164,10 +141,7 @@ def main(argv):
       signing_args=options.get('payload_extra_args'),
       codename_to_api_level_map=options.get(
           'codename_to_api_level_map', {}),
-      sign_tool=options.get('sign_tool', None),
-      sepolicy_key=options.get('sepolicy_key', None),
-      sepolicy_cert=options.get('sepolicy_cert', None),
-      fsverity_tool=options.get('fsverity_tool', None))
+      sign_tool=options.get('sign_tool', None))
   shutil.copyfile(signed_apex, args[1])
   logger.info("done.")
 
diff --git a/tools/releasetools/test_sign_apex.py b/tools/releasetools/test_sign_apex.py
index c344e22058..8470f202c5 100644
--- a/tools/releasetools/test_sign_apex.py
+++ b/tools/releasetools/test_sign_apex.py
@@ -71,21 +71,3 @@ class SignApexTest(test_utils.ReleaseToolsTestCase):
         False,
         codename_to_api_level_map={'S': 31, 'Tiramisu' : 32})
     self.assertTrue(os.path.exists(signed_apex))
-
-  @test_utils.SkipIfExternalToolsUnavailable()
-  def test_SignApexWithSepolicy(self):
-    test_apex = os.path.join(self.testdata_dir, 'sepolicy.apex')
-    payload_key = os.path.join(self.testdata_dir, 'testkey_RSA4096.key')
-    container_key = os.path.join(self.testdata_dir, 'testkey')
-    sepolicy_key = os.path.join(self.testdata_dir, 'testkey_RSA4096.key')
-    sepolicy_cert = os.path.join(self.testdata_dir, 'testkey.x509.pem')
-    signed_test_apex = sign_apex.SignApexFile(
-        'avbtool',
-        test_apex,
-        payload_key,
-        container_key,
-        False,
-        None,
-        sepolicy_key=sepolicy_key,
-        sepolicy_cert=sepolicy_cert)
-    self.assertTrue(os.path.exists(signed_test_apex))
diff --git a/tools/releasetools/testdata/sepolicy.apex b/tools/releasetools/testdata/sepolicy.apex
deleted file mode 100644
index f7d267d08d11f9c6e197278aa3f1431621116e94..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 303104
zcmeI*2|N{F<3I3wx%MUd(kh`%T>DZXQkE>CqD0pg+4rTzQY4j<P*G%wN@OWzZ<lOE
zCE7&U3N2I;|9h2h<@<e}-}C!Fzu)tGf6w=GyvEF&nKN_F`^=r0J9p-cu|7SCl|W!7
zP{V9h+rr#zf(VH~>$nK_rcgZW1FStLfiCV8J1HmE&7;)>g2JQfDb$Gw5P$##AOHaf
zKmY;|fB*y_009U<00Izzz@J`#b|FvwdoIa8<(7^*OzQ|C-@1tleneUvVQkE_pGcq$
ze;Xf<{B4+xHcFi^kJ{6uc3U+FgzfyIZO4bLTGQ2zw5Q*rGp0uW%fsY6(DKgyJr_Th
z<9{k+A_S4&OeQZ=cX9;AApijgKmY;|fB*y_@GlUco#WF}JL+%#1lsvOZTLqxSMy^S
zLlA%f1Rwwb2tWV=5P$##AOHaf{9hFq3m(sT$QS|yAOHafKmY;|fB*y_009U<00Izz
z00bZa0SG_<0uX=z1Rwwb2tWV=|7Qgz?pvTe|2ol4#QhceZ<ck@|50m(UG$`HjUs;k
z&-$J?{*1(g3C)UOV&tFbi%d#OTkfxcu7`<HV?1i=_X*ziE>3Q~0l&`ncgB2G-EFqm
z+xl30sd@)```Ei$J2<)6t9t+Zy!YQpj!6)J00bZa0SNqu2~;kl7D(gAx!;fT4?2R#
zcv;7rh9*ot|DioE$~Zp#pZg~=Dfy4}PfYmVJ^y(_EB{2}HWRC)_8XY!{>$?}YP;G0
zbP$=egnxDU(?h%HIcb$SDRj{j|I6}^xAQY8-G6sfWKx2ENBQ}Gedu{SNB>CqC)y60
zRD}Q5sK}(b{~hK3*3i?h8Tm)b&+%)L|F1ETNvZxF<+q-c2ioXAQhv@qNcZ235}B0X
zUtNCM^Z)DwBApbq|81C#PKr80`)u<OSm|8cy?qusxcj=<eQPU=oj^}#?_)c@%dDEh
zMI3)afGfq#$-&;+N6N!yQgJW}0SG_<0uX=z1Rwwb2tWV=5P-m+K!El=|L5=jAEtc!
z{{JV)8nOTZ2tWV=5P$##AOHafKmY;|fWZHxz#rWI^gp?HEDHh<fB*y_009U<00Izz
z00bZafj@x&zW@ITDgjx500bZa0SG_<0uX=z1Rwwb2>dS#;QRmoGB6eo0SG_<0uX=z
z1Rwwb2tWV=5cu~B(Au#4`T2i#!nf!DX>B_S5vCALwT<0foNNOZ$;n9tIe8FhZ61mc
z1SiK!Ie7b7dpm6=OrcIcKZW;q(`nNXAOHafKmY;|fB*y_009U<00I#B_Xrs4)06nV
zuX?t!)vJY4%G5Dh$3yMLTlc5EEY8~2-Oa~7z{gwK&fZV@`wQr#$0z$x8~$hc`4w~a
z9^+RGtZ5S_-ZaPh>w3PgaJ(llu^taEcMp3npTOVN^|#aTPNea+r+9cwO29n+;*#04
zGW-^}sYBzr_5PkaDO)EOvFc^4^t0I+8onmIkRCMSxmTzcJWYn!{pQZ|SLdv_?<u8D
z+jG8q`mnQ8%o`QQdAHh*U6&1fZa@Dho6q+4IlO9b_AWa8wYg8=!h_ynCIVq>%vhg^
zIby)z%xdb|tf<|$0{l^aXym`<$J>!2tDs1#yh2<qLn1YNSt}Pte%YKd#xu&Rv^KNO
zfL~9BFPbp7_2{tl8`YZQ>lS)^*m=V;$)Yv#nc&2_lOntit5TP|?6-AO2dLp!3w~<M
z_jP;uIobZG+h4tJDqLPnd&42EW0^=ot5aG>txqByAN}9na;OQ$LwYE!H@>=Gwxh}E
zzs>#aKW&Sc2<f4Y)WPxef3SW0num!rv_5SMnF#5jNz}pbMgDbr`L=+G8v42JXj{xg
zNDr;04t`(2x2>DD{Y;c$BKgn!6Ed_#q=#;#zSiT{<lm}$VhP_?^!sZ17EfEkqaRC{
zTxq`|Os=*ci(sd|-(x%zv<fuVXBdBd6BB`nP)S|3GVSFb2oQh(1Rwwb2tWV=5P-mc
zv;aAbo|}<nL4;1kM-CzrT}l`|9XX6{l#WQ0nL_4ZWZ4v<L$s$S(GeL4WVRnO5@o{Z
z9#Ln!Po0q*dX5}=ScZ+v!brb{#K=px##Dxv%uO3%W@pu+xHvhud$~DLWCX~3v`8j)
z4g=~71$`(^ZX#=)?EPi9$egrzR(7UkZgyVoPIeP9Y`=@4{}Cff7WpkdEJOib%D1!{
z-}_Rw?yhuv{?!ZGq7w(gt9`oNqjr{@;gxrYn_MhvDZiJWNG&BPjE-Q}KgH0<)AHbx
zHJYoOy)W<>dTaXASzoiR-6j3S|7ED?P>L}}TA_JOdGYgSTI+N}!?X_xwV#~twTU=`
zZKHrD7hCmwjinNonJK9yXB+rAUav6!vMD%RwOd0VCFs_fhJ<#52MhMz<ytDisidjS
zF`YhFVrXuP-#fX0EcxMg-4@&&F$&@%Up(rVb5xpz0{o&DN<=X}jP^f#L!efnH-qV=
zC9{t1LsNy2)}70vG}^aZ4UJ#*d@ASSgp8E?%~yIF`|g(VZ44Tm68Y%CqoqSZ^()J6
zK02v(mtHIEUiny8%K<$xdh@~SDIsoC6}VVD)~BhLRWEQ(+an-TTHj?$@*XJ;v@$q$
zV!PRA3&Gua&)>=$FWr;ikuRIQYuSs1a-O{xPMy8Dp}i$eV3v+s-5jGv<526Pt8VZ~
ziwVw2Xzp0Ads_8vw8FO8V=6~Y?wgP_`5!*$S!!A1R(PH6kdjcuzRVo+qLHHT(Wma+
zUe#$E>uwjNS3iDLF=}#P_NDs!N=vk*OA0e?UN_kK?kRn@w>}@!o9C}z_beS#?-q_N
znUUI|{$$-H)|Z>E#E7-!Uaz?HyvIq6_2k2oAyw-s+=tt@6kWbO)Vb9~quOY}VR@GT
z_AzIdW18hg%VdTaXO!(`UR3#T^}E#6z_-d`Hyn>XmVR?#zeA$VC9_I9Zhh;4)eG*j
zuRWymAN`3(;UEA32tWV=5P$##AOL~Cs=yS1!u!P?4*4<1joyr~?;%Z@Nq9R);`*Xj
z))imwH!ZJ>X3<;!;+9;j2We5m$MeVR`dWOn#C%S;3@mM$l5m}TXTBR950B*>!F#LU
zs3tmmXtQG2<9XyllkzFfBZ)`0?)H*++tWBej3^;%do7g_i4h`Mo^ibKvSs(vJ!#X^
zTsi`8%B`PEw6UmB$S=!}JQUQ)##qOE;K>~V%R9}57GcMu3YQxc$!d($)LD_Q_T0Zb
z$RG70*YN&^ZeEFxz1<d}H=9nDoZQSZmG_>Ls%a^GT=W_LP0kly+C=Z05qXZUCoodE
z?!C`O8%=4>{?a+8WX#j~H|Rbm>FUZn4tESVB6nFUqoMPfoYE^#&0fO}p#&9@yP3N8
zp^p^3Eo$$LFL%F?k>9~%(Y0AO>7mfz%fhrmm3yVy8`EY#ky;|ZD3x2|{Kfm5X4jwJ
zm)fUj+h5tDG}4x{`kH(9K|kg2H_?)1dXCrGE~mSPWUWZLYoA>fBi>NSICUi2g|jf>
zeCoWX<~uVrpXonrzxqj>vF-uG`{=HqrjqWeC)olotCVF1av4`}54@e08ojeJe9hLA
z+B3|Hj=dgvcw-^G(Sd56OEXg?+k_>^2cjMdR-{NDb}emwS2M?Nb)-^nZ1`BO?;Vjo
zQL(3j8*S@MRtjpWq&f3*zB6(;Fwi%D#hHMl$gmZmkCX*v*Zfttdz2dj5P$##AOHaf
zKmY;|fWTi(fK{0KJGs=vZ|1+<9Z$PYn2YG8p-6UcP$J9N$fzjE$}8B~*^tR(85t#8
zc^gF)83!8$B?kpXMT&~DgRQKsgRO#tikyv&ot(UiqN0t1gPfh*UyT#xg#ZK~009U<
z00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa
z0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z
z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=
z5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHaf
zKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_
z009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz
z00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<
z0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb
z2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##
zAOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|
zfB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<
z00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa
z0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z
z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=
z5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHaf
zKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_
z009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz
z00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<
z0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb
z2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##
zAOHafKmY;|fB*y_009U<00Mt{fq<794<$aveAO%Cu1vdi<-OwLOrElLF$*qnNuT6=
zxtIG4Nr|s`h}l(KykWF0W#{^}bB9!`hT0Wt{n`4m83`BFP0}xZY@WI9=6)sLK1=JC
z&dk%BrapDPQ1zCqQgcS4V@g*<hW~+F%MWUl%)IHAU#DL?w{iQT;k=~e=0`kfoc=Sf
zdrbA&aNp_1S2g0m0{^8NoNYE2gs-*fpMHFPny;rok<!V97gaY%@T#3Upr~!~ILbnj
zq_w#z)Y0jQiY2f1`I_3+GGU*UUvIXbJdw7a<(Q=+<;g5#O%KlHmN{(#?;m#Q%RhNJ
zFX9kKS(l+>T<saVJ7xZ*9-kSWb~vc<6&+pl&rT2Psh`UfpMQ=eMC{G!@PKsv^u+0V
z2Igf(tT^i0U$rHPErfaK^Wj%lN<X|@Ec@_zvbDlAWdYM<1Eu}sx8&1C_xexuFPU2u
z5@mLpc;`vF%MLkNlOn}VoqN+x#6L~q)n;84-6$KoeqC}{z0_LSX}h@ZaVC8-JGd`-
zhVbxN0c~A6wdw1e-RK%KG$@s;tjz`6O1ca*iMby-wzX#she~TKQZw}1v&o+R1y^#$
z3$L67Iax<;x1V(Lw3*JOc0YMm`DILp54I0{KCplI&)h%$=}$nAK?pzq0uX=z1peg$
z%hqa=sVgP^STUW(w_yfapYGf6Z~sNU4}I@XOeQLSizhLE>yM}XKI_lDiTQrSQT%Lt
z+}&M7WTa%JXc_re2dz(Q=q`ziRT00`SG3kU=)OMpWmoj7p4^H)@jfyodW0>jEHHO&
z;*!)UHJ>_bg4G=6ElyDN3R0!4Y5K$!KKwRdLvoV*vajdO94?yn=aDNj?kWXtTp;>U
z^#1BJ%h(9d0=a}EJh2kXqEhr26|DwHYNBhl493o^8CETdFGvZFj=L&xbJdl7S7+OP
zobkTE&-=vm7~wq;+SzWGFDy2@f00;TH9bY4VE-Qf#YT<B0)5_DX6eDD4}<8NX11vu
z<5`}$AhX>yc#wS1cF?k-Mf281(_=<X8tU188HS1q2Q!9d@0f4?U=8b&qHcYMh<5&R
zv3uSs?W!BTxYcKdsRZ=M8c7P-8y=joR7f>sL~Yl0w+<#BLA!$sXD5nkW|8Ceu3Gfg
zV&fyTsU7uVzQG+=;|8L2BuZUOMDM6?SllqboZTgLDP8+o-=b3fxgV@%MYfh^-mmYy
za9Lid;+R^lilJ_A-#Y!Fq`i5AI-dHZ{W^DCZnP9>JPvtk9VQSQdiUlYR;A*us^{kN
zbuTvQS;@5Tk`7H(Ez9ds=Xshp&o3{)@l`Hc?KANdulVGBAzw{A9V^QDOdf?5BqT=4
znTFP`P1{@1_a>{3>*eQ|FWIsO3nC8->9N?iE57J!@-Q?|zt!l{v86*_H(S}RMf+;5
zeC&I}xZ?@JtG_%gJ5~Mc{YlQJ^x{Dkb@~0<XDyM9-muQ?(#l(NhJyJc>Yl%-^^Gpx
z$9DhqKe#<ke15v9^M4zrANZDZqEFzWj!$&IU#hnwMOH!a_wkcrM5yDm?w<;V+BLfI
zE-NnwdEeTl;b^ws`qnd<hte|^KQURkUrRbL{==c8bLThE>#A@wd#cKnMlO}{86Dn}
z+`W>&GH$`V9??Ho`NT)}`{$p)NAa)^kaD&UB-pyUN>SYGyxg7aq`d7t++Cb(1IHJ@
zMUd%NSbQisWWH<lp;OCae9n;Kc{h;_O(S<CTdb@$dyuLp`jH{#d4|r%>d3}vfeq@%
z<4fx$=C#!pI(&9cnR~VD_SSfTa!GQ1!{UNq=Ge@0s)-q;vp<RZ%-hYgVy^tnYbk<H
z8O!r7OEp&1ww(-7uKY}qkXpM%r=uq*X8H+sDLs4NG@JIk)T(@6tz_kg*Bson=$4e|
zO+B1%I&ywt8K<;q$&NLiN977rxP&;LRW9yp(7EG3eaCTDfi#Xdr{J`+QpbBqnI@|C
zUvgBRNREA0<cabws6FhzHqpsvYFK*%m-xNB_g6V}FDTUYYjpZWZ8!bIRp@q*k9#*G
zhe1VN-Ym9}K%=VMvO&(&4j<y>x(7VVH*;@xWLwl~Wb~xPw=KeXTS86Z?N2L|tu8n$
zQOm#AY<nQ`h>%@bxv;}P-OGhTjpAm4z8m)mJy#cIAN87PV_8MGvhv80JGYx&h%$!G
zunvD>*Sy4lIpo=FcbAkD=jcwN=Qg$BSN`|X?s5l9ojID_7|Jy_)w!XRp*zT;(p)Ag
zu#v2~IYBREo$jHCWSRQ;(Rc6isvQtnwS_I|#@&p71-_f-1wFJle6-2t>qz&`t0%Oy
zl25JaQms&b6_s^=Z*9R)<Ef-4@$)T~Yur6y$ey=mzuFh}BVosipOPbv=*Zh$-p_NB
zWlsF7g*)V3<WIRrv#W}6tcpGE()sahJNI3Y+pV>yOt!I~dbVqK^OUAJ5n?+?&N<xs
zvL$EU{VWhLm|H%4f!Fk@spg8EON+L>6~50u{4%Cw=RNN?`>g%s+PxJNl-VTg^A(R+
zChdBaqQ|{NB+uMX*pX5(J?tfSMEHrh{hd2IYd>3PZYsWZTd&>M<-EkwprLX$7bRz{
zE5~+U@m;n=QGlC1?WC>SmQCW9Y8jWFkQBKfb}F9~v-4?kc*@6?_?|g>w@nIa3yUvk
z>ofa_T8$)2ZjCtMv4I>TV!32nzyl?cXGdj3dvW0I2LDFo9?@b~G5$@%hQwN_BEAl#
z)%ATrO}gvN?DIZk?#j13vOz`Nrn9s4tux!n&0T|Z!hDqObFCYvCB+l+D2!R_k3~J*
za6T(uZ^u-Xp!sq#=So&3b!3N0SrK+~FLxStPzV?<aE_5GxwGZ<gRV0nZ92pQ@^waU
z8ng6fR)}aNF-NvKTPxg~Rzu&sFC^-^*`DQ(hFcc-U6hehow{LD{-Y?77p-w+qnY;H
zvW!BBZk$)>EJUVcnmA0|xP7PozS#Yn7qf&{ypMM&wq2)iikMm8A(c5ZI4v*lPFI{R
zv2b?Voasp)Q_1HwH}gH>pV#ToDn=xRPvbH;Y?Cb=S<Rt#qlL?T(V{I2KONvBL|bOG
zgg71duzFY)!qh9Qz5LLggq0<8A8&sUIrZ`%>`M>@0SG_<0uX=z1Rwwb2tWV=5P$##
zAOHafKmY;|_{$4Wf4_I2B24`LNFYr7-bk9DVGfxX`lG(FK0S$*Kp6ksZni3$u_Et0
z>TI-*lh8E9%ii1F*UQ%4TZ-c4ZL9F8VaoVVn18e&#6bW85P$##AOHafKmY;|fB*y_
z@TV1^Be0Ku+oxraNSIFj`zcVbDol*it`qPPn3-u83TCVRG!KE7I<oBB4Za2xHzx;s
zZy%`uSC_chdMT}Cd^ancE=VoXlVoOD$g@XXKaa;xRB^eaiyNQonK!j%;;)zN3J+g7
zz&^85D}eDW-H5}g!D4xegmqt1f71Koa+!^#bTc?~RumN1>+%mi@a$Pad{D{h7`k|X
z-Kuh-km5awOH2ozvy_H1$TO`m&05~N<?I>L)Rj$UGmdY69YJkMV8nN1ZAtoB_f^ul
zshoOwb$P1W^KbcHJ$;(_72UJ`)s4ZCJr7)07j*Y9sa6UuE-`$Z@%oLX=$Z4bm(KL6
zFIUnmGK@QDSg>ZDtja>i<A?4JsVGT_hLuP-@A>T89HUrRZ5Wx==3IPwv}rgyuZM5y
zHd`Cs&B6V09;}P9<pl3~7VUX%SjG0_aK?Op-mQD(WNp1JUMf1i{z84}Xly~ku{Rls
znyL1if;mdu3{nEi?S)P2gyrZ(xdiv=hO7$T!c)JhKYQ61fpZ*V2VcBd;CaGM@N42s
z!_V|H6W%`7h)R5KN#xs@P%T(iQR83bt#xAB?T(iBjuH=tF7|Hi8d7|<^-e~R+|ea>
zUYZWaX}biEWyhb(>-*C8E;N^7qR`Y>5d2oU%*9GguCs56LGtHdg0Vgmb7-5`SOK-(
z&8gRq{&t=7Q0ts_hqtwjuak?NwUe8JyOf8`{)4r8*EIOTSM!PKC*<T5+|zWprykcZ
zYk9GB&((0QQ@0J|To18aZoJ2;7TVucpzPWx%CEm!X0LaJig*3xky7qbzt-Iqn_u<b
zC28><R$Fv?lfd-_+R009apzZRAG~dOL+90T!8H0pWpc@|8n^MsCGOsVAKwg}P)R;m
z7d*%R+ygb6if2p>yI$Cnn@+PPxE0)1H}hn_W_ye&{pQNNF^}iVYy~5>ANL#HD;cg5
zpYHS2-nUPta!FH6^{tJHa(Q1WhnHp+?57u~znu_hwuRr<!e&()+cHYnQ8BCTB~3@q
zQ5NWlt#+y*&a+dFvwbbQ_*ver8$sUXJ^Po5f4OgHq?*6&_~7gJbr*WCwtEaP#;gdl
zoTk$;efBDGZk_`k#GDcd`_<+~PTAM$WMT?E_uA`KX*65fOv~<UlCoMeUrxK==I1l=
z{h!$dPYu%3s^Z+9K7V~`RfJQYviaLpL3^ZNyeeELK71ZF3|C}0caqr|jD6oUT}X&@
zIiwuWyT&F_diDj5Fb22!t@T9*tb4|qZ%yqszxa0JSH0~U>K@vTF%$PUo41;s+0D)E
z{oW>({Vd0t^j`Ml=~gEnNqVj3ruXWYM$6W%BXwdH)RkIOyT6?+wux+c_}Wk(10XV!
zK7OG+|A2e`anC>Q`TuL*^H1B0bh75vb5M^l%zyVdL)*C-Xqzotq-(fBT1(r+Ov-eH
z>)qRKFEqFqpD*U=f8M@NsGWg{Y{JP%PjSj^c6-I6aLHh5d$^mw&HE3O)a7zfoog4Y
z*&eL>GS)PDfnlDIO|?#p5h+93f3aND>Tp}nmTmI8X04dn7<N4@*qU7ZVRKQtx^U_+
zna{xMYBmqCTGvZjLQ^h0v{QzEi$%tIDIv-F$K~c#aaXQvNL1Nw8q(C*KqqkE2`8Vr
z(_Ih67qe#G;$8MtoW1zC+bvDu6U@oH*4$rJOSaV~Gu!UgE(vODnP1<WdUD`Ywm(Oh
z-+F;N_hpI2rx*9BO)amTHFhuS`r!M}SpAVz@6x*xc3;dc=h9`R_-u<4O?}IebFo?_
zygNuuacyz>`oX)3UsvsY+g*~h{rHG_!qJGkB@A~x$Toi6*W)a;>SxjGJXsXBYNq9j
z?Yt`0?nN)-vo7<^>x+He<d-X%d|ahU&tvJjx`ElPyM#!4&vTmW=Q29fm)ks-rL*|4
z*XP+c3=-M79VG>K@-RN!cA~Ce=j$2otr~aMWm&jyuj>8U$8ON*H8y*`14HJ@n&HTN
z+YS5I&WZYvs@m<T@}BYJ*$-Cnxqb(A>=p<P*6JM2oX5~^k+MCjpH}UG0o+F}Q;%sm
zfA^Ti{kv*6F<mC-Xw!Q0=IQ&d?hYMKh&k@GjJMTmr^Lk@tM=`S7-1}RNn&xGx$kt1
z<f?ty?2M0@!}qZrGk+i?pO;N`v^jA;<mjH5J$qs)UQds0f1NDUzw^T~e%XAwK?OsZ
z4#nqoww(49UI$hVMLtC?lBe>n%SpW6vW@TdzLVwUxWT?$Bkc9n((=z4f#Q3P2C`C)
zo_-lY$GA<zQ;OnutMqW{NDbc+W~B&bInCv_HHdwThAU*+mPcNqKm0(yu3q6FZ>Pd}
zGFdiXo-D7ZD6^NRQ$bOItR%nNi|K4Zq7eT<dLbd18iReM>>8e&rzBRah;WV-x9FSE
zzV^|lp@4fk6P3)~ysmpy8o&KR^1017_AXsm=U|;vwW039l1|}gZlgy}#f-VP#O3<z
z7`^&nvHh*s;Js4nY+pXj+aCU5)PQlrLe4zp{`d0_HMb3|SzY*M=MBw@I;}5~Jzs{7
z_pAGUihpdoGd5Sk+I+{S=!cyI@uvh%zceO}#v9M<^QNv;+o1Szf88siMQriu$Fq)k
zU28emxZsJUk-B!5hE-1EE#^I6#*R#@AF%Yi9OwOUfHRI+cgoG$GxM*Ge(A4OKE1ln
z^NVxPT4s0Ksy$CKoBh?irYHz3IkdEQ>u8zM=3&|7WOJXBxta!)sIN7t>!-yBYs=Yh
zewtiXXLCj3?eLBKyB1?s)p9bj(rzQR4WAk{1cZw7w@KPaiq4E-r(En&b?YUynkO9A
z$!S}1e~x2A0FPL1&Aotz6i;jVwF+$0HZO8YQqwWj<TZ(ICkARC3BMn5H0G`P`cYfP
zjHok%jX_pS(>?7t4qx(c9t^tKm6Jbj@MY>=PS>~Vc(}g?_fD7F+%zg){OplRloy|D
z^31xDlIU<s@~N|&yFZ>Rc4g~*Q1fK&$+YK1GUfyNT^w<)l%nLvtG$k7ZD<+FwLK%*
z9u>Udp|*-R>DDM&#%|4OuU?t0>1q5Qy{i=-^)gx*8SY42Q1&UMJUhMWiS0WR-6Egh
ztYF*GBKa%p=kD@%=V+f^urbj=g?}br#VkATFI}BC7t}NLC%k=qPMSOS?7M_Q-_g|T
zR)^y|+gnFG+|8z~tlb>^L@DZkrO``Acdo4uk{)w;bVpt(dAU2^Zi#e)r*?Ku!WLDz
z%dOWMu3Fejv$adlmN^^ZQO<6CP2#3^rKA_D`FUY^sj2BQQEMYa6UwqwPGszfp=?jC
zpZnR{d3|kqy!}&q%S>6L%=Y&Cg@c{muO#IKnLCo__S@c`6SHG=6Xl_0S*PlZ>bI{?
z3!0uWQI86!zO=FY^6QSXfqimYPIMMWweHwdkt(6meX)3WU9VDxtA9Y<{A|`Gr6r}B
z!E=m0Yg#-@n>x$NZiZ@pb#F#k^ib{?%V_Nl4xTUkcR2H#U5wd$S6$5itZ?mppV(0a
zXEnhhaf{3fm82p{adVXS`m+xU5=gU>YiifWy(|B06j}9PAUIe0Qmcgb^jGWTE#%s>
z1|2B<MWJ6CdHFvGe~y>CE>vW2`mxa0{agJHtqWJ`tSJ&dxp&J0{Y$fkzB-9oC8jI)
z-YBSa?G~J6X%{f~DBWLR{9BUfqf3R6)FW3h<KH_6=KFa!X0XgqcZIg8nUui_*E(JI
zFbzUPTgjfWD<$0XrLuIVggw8+e&JfGmy<c;3}FE#vk2>Fr<@v3eHeaO8#^Uv{vMCj
zL(^+m4`me8#fn_q@Fu=ZJmA66%-MHzm@5{X)N?Gc4+}J!x_>L1*Ko7LjNMER+Ka0$
zw3=8l-n}olG~M1Zzwq(y7?QblOuc_1xAWkL)>f6Arz6u&woTJbTUGV-)V4=&d!H_y
zTCJ0BwqC82A~-wa?2!0NtNPlu*%#*<i>p0<YpwFRd?eZV29sm4Td18Xr-b>|jVIph
zZDiUxb^67)c~g=UE;SECKWVpC`lwu6YAka5bayK8$m^bPS2@zQo_F3I1ioX9>B|o<
z@ijUS6zg(<XNjWCwX)ALuMAA2_j%L~_Vh85H*U;ak+Uu#$o+kS*QFkt!A~z_gGJlR
zMiT8VRk=x4hCj~}bv(1FwAHO)h0@x5lP1eq_lM;z(&P!ITucJtJ?XnnMJ5b<I9)#e
z^(n<B;*1UTP&0R;kpgOMAV2^D5P$##AOHafKmY;|fB*#kngXAud@HvG)3^TA-7KEU
z)M0sQ_lbIiLy{Uzdm4bA`b}Dd+Hc^C+bX^xt|k7^K%sSO$KJ0mI&V(Pj9<i`s-3~`
zb&TmeHBC0PBZrZ)$YJycQ|Rf4baX6)ShwtQrgy|=WDZ7_1ra(CA32Cb1_lB-^so#Y
znT3&l4T+JLZjGr7FPWP*!pzI6MR9R*aQAX^qR0r4`Dl?$yc`DZzHUAgCpVF`PWJvX
zTx9BX|1~65UZ(FiAWX!t{Vs<7M~o<0<hMMq5CwR@w@#)p(MlP$#WM0tK@PGqSyons
zEF&i;uee^2LymgMRz~Uj=$|#)VMLLifr$(R`Y<8~wK9mzbYVmy;X$l0>FG^2vAj38
zY@R=A7FScNb?Ke)VvKQLR#$0Ot#f05TPAC!%PY>3DMuA7#vZBppVsQ^TB>h%sbe&?
z@zvV5FE(dQtH>u`2)IhpDqrO#bZN!lZ2pJ=<&%bcu9hnYN0-+hsJ_-Rvz>gqC$=H;
z+GD-<#-bd?%uKS+LlOl0wlK(9ygGIGwPeA&T`B1fRY8ZF7t64yZdQ_#w&SUEbJcun
zF7#}aKD36tX?cswlWUj6%!PG`1>$zRMiozw+@9yJ(>l0$iy23#Syf3j)8!W{*T`{S
zcRu#f{pstPXs6Dq)Q0E)36aC<N4>T$A&q(+opJP8Vvcf3zF=_Lj15~xyJyi6>C-|-
z$f2LfGpHNR3{H{&iBHFZuy*NO$rU-=5e(@*!r3g<`?$%Ww`tSokV3DJL(4<{aGsN)
z$I?R+{-j$%*iWB0c3M$*NepCqB5~~J&4c>+qi!BVLQrn}zFy<&%NSM*HME?~C2olF
zTR%6GKlN&%ktiSkSW6u}%leA+MIV`%y<9|`US4y1l0zbt&)1e@*1x*r;>jJ^$IFEz
zMGW&yxj(FF7Q48%wd1j<M$97Lh|$Qn8N{s73pwjGH<@nyBrn4tCc0vu;tR<IR-X?)
znDLOjrQ`Nc+_bbS(ldnlp4^-@)uv_9r@2G)qZykPOPX<%Z6hWr7Uv(+^t>YY%w$RH
zjrXBJy3hMhv6lt=2<`|n5?-qHL6phM!EKen&bG4k5zO1(8!dW0`-OJ3%fj;luXfso
z7~i{2?#sNoWx8&oAFKJ<;HhCXv3qr7l(odlNW@_t0afF5oQ?+U)cqRmz9x=={&IS1
zpBC7u`#WZ8N89hwp03(^NW@3Hbq9$xYq4g3_U$p}9o*a6stnzYx|&8?6Z#FOSw9mC
zVpW-u^!41k&!*i43+QBa&kJ2=Kq+VNd*c_7$W}+6A60+6uf@E0RP%X`F?(p{rE88e
zOjy1$T>qf1u>MUx?`_fb-R}uQ=6#RCH{@{g>~z&#uueB*p4zQ1RovQaDb^|Pnu(DI
zL>KcnBr@>de0(j3u=3ezzP<!kIhI0S>umXrIp&N?N?-f>Ij30p6n?N}$T__-hvyoh
z*OE=C&vv!A!sj_*&I7lmY%^P!Uec8k-l}vgIPQz{oVv9+SGIYRmMWjvcs!2ntEb-w
z)#0~GvxI$G@)nyXcPMU~7P~1`jA}sLjbQikU+i8cj-!>1rUMhl(E%JsaU8{Q6vxs3
z@Z+cu^-wuBHWo}feohQeK8{}QE!199wu~}OTTUWoo78rW#7nQ2-?wKA=aXpS%5hHZ
z3ZKVNFldz2cVquvX*EtY+qmgAmgl&}D&OT6c#(t{tM0IslKt0hn#)iVIpmZ|X%k2=
zKSdwdu+y!ldH!7b0@G_VgKP%n-d(jHS-6Pdb<y1_imcSZC5P=RrITOuui!MjO#i}f
z{hg$D+CoZq`YD65Pb^sH77DYs3MUrkW{0y%ktJj~MHatH^)X45St>hS!XR|;fa5l6
z&lkI<R=9D;5|p+w^JN+PFL<bYyv;`Y@U^4a`dUjhwzjF!A8F$}xBO{W^s7(Wr?d%u
zyQEIWZ7kk)?{d({JK?MRBGXz}_J@ezIQoyBrt8qoyQsn6-b?e_5dQx&0u$f!ml^Ae
zm^y71(R6XQbrzAAHP$E6vC{u&0l=2}DIkbYPgtlO7vbLbs{;f=N+@mZ<2M?6Py$`t
zDRxp$uA4`z2?T{l)o2yqpQ#$8g#ZK~009U<00Izz00bZa0SNrd1;(!j5Pn<_nA{@Z
zPZ=VU2xuShCl3rl00Izz00bZa0SG_<0uX=z1pdzo(5?sY5q`A%_jCJjw3h#Vgn1gI
zKWYbX@&bNt)r{7R+>bC_lk^9T%1uuHbMs@g=7D~MOs((fe`*PBa_XO(9ilZ+_9Lh*
z|DO6=gJqKw{@ifQudCgqL;77CMUzwi++GB&aho4utKQ_))TVAGC;z!A16rdJKZ2&w
zPsx93V!~LTf!Z_$fxtrjdpMgq;6Wnra{fq%AqYSK0uX=z1Rwwb2tWV=5crD;{67s4
B@BaV*