From fdeedcba656e3ffab2c11043c5c1a1055e886201 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Fri, 12 Mar 2021 12:53:38 +0800
Subject: [PATCH] allow init to mount modem_img

Bug: 182524202
Bug: 182524203
Test: modem_img is mounted under enforcing mode
Change-Id: Ie5448468d4d7f1ad6acdd2c93055bba9001185d1
---
 tracking_denials/init.te              | 4 ----
 tracking_denials/installd.te          | 4 ----
 whitechapel/vendor/google/init.te     | 1 +
 whitechapel/vendor/google/installd.te | 1 +
 4 files changed, 2 insertions(+), 8 deletions(-)
 delete mode 100644 tracking_denials/installd.te
 create mode 100644 whitechapel/vendor/google/installd.te

diff --git a/tracking_denials/init.te b/tracking_denials/init.te
index 29744e9a..065cdd61 100644
--- a/tracking_denials/init.te
+++ b/tracking_denials/init.te
@@ -7,15 +7,11 @@ dontaudit init sysfs:file { setattr };
 dontaudit init sysfs:file { write };
 # b/178979985
 dontaudit init device:chr_file { ioctl };
-dontaudit init modem_img_file:dir { mounton };
 dontaudit init device:chr_file { open };
 dontaudit init device:chr_file { read write };
-dontaudit init modem_img_file:dir { mounton };
 dontaudit init device:chr_file { ioctl };
 dontaudit init device:chr_file { open };
 dontaudit init device:chr_file { read write };
 # b/180963348
 dontaudit init overlayfs_file:chr_file { unlink };
 dontaudit init overlayfs_file:file { rename };
-# b/182524202
-dontaudit init mnt_vendor_file:dir { mounton };
diff --git a/tracking_denials/installd.te b/tracking_denials/installd.te
deleted file mode 100644
index 9ef8051f..00000000
--- a/tracking_denials/installd.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# b/182524203
-dontaudit installd modem_img_file:filesystem { quotaget };
-dontaudit installd modem_img_file:filesystem { quotaget };
-dontaudit installd modem_img_file:filesystem { quotaget };
diff --git a/whitechapel/vendor/google/init.te b/whitechapel/vendor/google/init.te
index b83d9be7..9cf7d73f 100644
--- a/whitechapel/vendor/google/init.te
+++ b/whitechapel/vendor/google/init.te
@@ -8,6 +8,7 @@ allow init custom_ab_block_device:lnk_file relabelto;
 allow init boot_block_device:lnk_file relabelto;
 
 allow init modem_img_file:dir mounton;
+allow init mnt_vendor_file:dir mounton;
 allow init modem_img_file:filesystem { getattr mount relabelfrom };
 
 allow init persist_file:dir mounton;
diff --git a/whitechapel/vendor/google/installd.te b/whitechapel/vendor/google/installd.te
new file mode 100644
index 00000000..44e74c63
--- /dev/null
+++ b/whitechapel/vendor/google/installd.te
@@ -0,0 +1 @@
+dontaudit installd modem_img_file:filesystem quotaget;