Snap for 8188455 from 2d7c980fa6 to udc-release

Change-Id: If4e66aca0d50d362fdad00ef747d1d08589eb9b3

tracking_denials/cbd.te

@@ -1,4 +0,0 @@
-# b/205779872
-dontaudit cbd persist_file:dir { search };
-# b/205904432
-dontaudit cbd cbd:capability { setuid };

tracking_denials/hal_bluetooth_btlinux.te

@@ -1,6 +0,0 @@
-# b/207062775
-dontaudit hal_bluetooth_btlinux device:chr_file { ioctl };
-dontaudit hal_bluetooth_btlinux device:chr_file { open };
-dontaudit hal_bluetooth_btlinux device:chr_file { read write };
-# b/208721525
-dontaudit hal_bluetooth_btlinux device:chr_file { getattr };

tracking_denials/hal_power_default.te

@@ -1,5 +1,2 @@
 # b/208909174
 dontaudit hal_power_default hal_power_default:capability { dac_read_search };
-# b/218934377
-dontaudit hal_power_default sysfs:file { open };
-dontaudit hal_power_default sysfs:file { write };

tracking_denials/hal_sensors_default.te

@@ -1,12 +1,6 @@
-# b/210067282
-dontaudit hal_sensors_default persist_camera_file:dir { search };
 # b/214473093
 dontaudit hal_sensors_default sensor_reg_data_file:file { getattr };
 dontaudit hal_sensors_default sensor_reg_data_file:file { open };
 dontaudit hal_sensors_default sensor_reg_data_file:file { read };
-dontaudit hal_sensors_default sysfs_leds:dir { search };
-dontaudit hal_sensors_default sysfs_leds:file { open };
-dontaudit hal_sensors_default sysfs_leds:file { read };
 # b/218930975
 dontaudit hal_sensors_default hal_graphics_composer_default:binder { call };
-dontaudit hal_sensors_default hal_pixel_display_service:service_manager { find };

tracking_denials/rfsd.te

@@ -1,3 +0,0 @@
-# b/205904361
-dontaudit rfsd rfsd:capability { chown };
-dontaudit rfsd rfsd:capability { setuid };

whitechapel_pro/cat_engine_service_app.te

@@ -3,5 +3,6 @@ type cat_engine_service_app, domain;
 userdebug_or_eng(`
   app_domain(cat_engine_service_app)
   get_prop(cat_engine_service_app, vendor_rild_prop)
+  allow cat_engine_service_app app_api_service:service_manager find;
   allow cat_engine_service_app system_app_data_file:dir r_dir_perms;
 ')

whitechapel_pro/cbd.te

@@ -6,6 +6,9 @@ set_prop(cbd, vendor_modem_prop)
 set_prop(cbd, vendor_cbd_prop)
 set_prop(cbd, vendor_rild_prop)
 
+# Allow cbd to set gid/uid from too to radio
+allow cbd self:capability { setgid setuid };
+
 allow cbd mnt_vendor_file:dir r_dir_perms;
 
 allow cbd kmsg_device:chr_file rw_file_perms;
@@ -27,6 +30,7 @@ allow cbd proc_cmdline:file r_file_perms;
 
 allow cbd persist_modem_file:dir create_dir_perms;
 allow cbd persist_modem_file:file create_file_perms;
+allow cbd persist_file:dir search;
 
 allow cbd radio_vendor_data_file:dir create_dir_perms;
 allow cbd radio_vendor_data_file:file create_file_perms;

whitechapel_pro/hal_sensors_default.te

@@ -21,6 +21,7 @@ allow hal_sensors_default persist_file:dir search;
 allow hal_sensors_default persist_file:file r_file_perms;
 allow hal_sensors_default persist_sensor_reg_file:dir r_dir_perms;
 allow hal_sensors_default persist_sensor_reg_file:file r_file_perms;
+r_dir_file(hal_sensors_default, persist_camera_file)
 
 # Allow creation and writing of sensor registry data files.
 allow hal_sensors_default sensor_reg_data_file:dir r_dir_perms;
@@ -39,3 +40,10 @@ allow hal_sensors_default sysfs_chosen:file r_file_perms;
 
 # Allow access to sensor service for sensor_listener.
 binder_call(hal_sensors_default, system_server);
+
+# Allow sensor HAL to access the display service HAL
+allow hal_sensors_default hal_pixel_display_service:service_manager find;
+
+# Allow display_info_service access to the backlight driver.
+allow hal_sensors_default sysfs_leds:dir search;
+allow hal_sensors_default sysfs_leds:file r_file_perms;

whitechapel_pro/rfsd.te

@@ -2,6 +2,9 @@ type rfsd, domain;
 type rfsd_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(rfsd)
 
+# Allow to setuid from root to radio and chown of modem efs files
+allow rfsd self:capability { chown setuid };
+
 # Allow to search block device and mnt dir for modem EFS partitions
 allow rfsd mnt_vendor_file:dir search;
 allow rfsd block_device:dir search;