From 7561dcc936ca7ca27f4a2a1f915d17b5d1d2dbd4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thi=C3=A9baud=20Weksteen?= <tweek@google.com>
Date: Tue, 1 Oct 2024 14:44:26 +1000
Subject: [PATCH 1/5] Remove duplicate service entries

These entries are defined in the platform policy.

Flag: EXEMPT bugfix
Bug: 367832910
Test: TH
Change-Id: I89db26ce49f83dff7536df66bbb85eed39d7e883
---
 whitechapel/vendor/google/hwservice_contexts | 1 -
 whitechapel/vendor/google/service_contexts   | 1 -
 2 files changed, 2 deletions(-)

diff --git a/whitechapel/vendor/google/hwservice_contexts b/whitechapel/vendor/google/hwservice_contexts
index baf720bf..577a678f 100644
--- a/whitechapel/vendor/google/hwservice_contexts
+++ b/whitechapel/vendor/google/hwservice_contexts
@@ -11,7 +11,6 @@ android.vendor.samsung_slsi.telephony.hardware.radio::IOemSamsungslsi        u:o
 vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal        u:object_r:hal_exynos_rild_hwservice:s0
 
 # VIDEO
-android.hardware.media.c2::IComponentStore                      u:object_r:hal_codec2_hwservice:s0
 android.hardware.media.c2::IConfigurable                        u:object_r:hal_codec2_hwservice:s0
 
 # GRIL HAL
diff --git a/whitechapel/vendor/google/service_contexts b/whitechapel/vendor/google/service_contexts
index 25362525..074dedf6 100644
--- a/whitechapel/vendor/google/service_contexts
+++ b/whitechapel/vendor/google/service_contexts
@@ -3,4 +3,3 @@ hardware.qorvo.uwb.IUwbVendor/default                      u:object_r:hal_uwb_ve
 android.hardware.drm.IDrmFactory/widevine                  u:object_r:hal_drm_service:s0
 vendor.google.wireless_charger.IWirelessCharger/default                      u:object_r:hal_wireless_charger_service:s0
 rlsservice                                                 u:object_r:rls_service:s0
-android.hardware.media.c2.IComponentStore/default1                    u:object_r:hal_codec2_service:s0

From a5766d4202c46f4e47c09e9bca6dcabccfc79701 Mon Sep 17 00:00:00 2001
From: Nina Chen <sheaunic@google.com>
Date: Tue, 8 Oct 2024 11:26:21 +0800
Subject: [PATCH 2/5] Update SELinux error

Test: SELinuxUncheckedDenialBootTest
Bug: 372122654
Test: scanBugreport
Bug: 369735133
Test: scanAvcDeniedLogRightAfterReboot
Bug: 369735133
Flag: EXEMPT NDK
Change-Id: I9ca82172decbb61a4582aab33d498e67ff048e12
---
 tracking_denials/bug_map | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index 4269fcb7..55a46396 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -15,6 +15,8 @@ kernel kernel capability b/340723030
 kernel tmpfs chr_file b/315907959
 pixelstats_vendor block_device dir b/369537606
 pixelstats_vendor block_device dir b/369735407
+platform_app vendor_fw_file dir b/372122654
+platform_app vendor_rild_prop file b/372122654
 ramdump ramdump capability b/369538457
 rfsd vendor_cbd_prop file b/317734418
 shell sysfs_net file b/329380904

From d338373cfd5c4d142e5c5e7d51877224e31a232b Mon Sep 17 00:00:00 2001
From: Nina Chen <sheaunic@google.com>
Date: Wed, 9 Oct 2024 11:05:25 +0800
Subject: [PATCH 3/5] Update SELinux error

Test: SELinuxUncheckedDenialBootTest
Bug: 372347927
Bug: 372348503
Bug: 372348558
Test: scanBugreport
Bug: 369735133
Bug: 372348545
Test: scanAvcDeniedLogRightAfterReboot
Bug: 372348067
Bug: 369735133
Flag: EXEMPT NDK
Change-Id: I578b04408d24c8a32079728673ea3b7af5fe0b3b
---
 tracking_denials/bug_map | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index 55a46396..d8968e2d 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -4,6 +4,9 @@ chre vendor_data_file dir b/301948771
 dump_display sysfs file b/340722772
 dump_modem sscoredump_vendor_data_coredump_file dir b/366115873
 dump_modem sscoredump_vendor_data_logcat_file dir b/366115873
+hal_camera_default cgroup_desc_file file b/372347927
+hal_graphics_composer_default cgroup_desc_file file b/372348503
+hal_power_default cgroup_desc_file file b/372348558
 hal_power_default hal_power_default capability b/240632824
 hal_sensors_default sysfs file b/340723303
 hal_vibrator_default default_android_service service_manager b/317316478
@@ -13,6 +16,7 @@ kernel dm_device blk_file b/315907959
 kernel kernel capability b/340722537
 kernel kernel capability b/340723030
 kernel tmpfs chr_file b/315907959
+modem_svc_sit hal_radioext_default process b/372348067
 pixelstats_vendor block_device dir b/369537606
 pixelstats_vendor block_device dir b/369735407
 platform_app vendor_fw_file dir b/372122654

From af68091abc1f5729b7e8f556095ef04e54d5ee10 Mon Sep 17 00:00:00 2001
From: Eileen Lai <eileenisgood@google.com>
Date: Thu, 3 Oct 2024 05:36:28 +0000
Subject: [PATCH 4/5] modem_svc: use shared_modem_platform to replace all
 modem_svc_sit

Bug: 368257019

Flag: NONE local testing only
Change-Id: I657afb4a6271865d62f63c67d3096714e525a689
---
 whitechapel/vendor/google/file_contexts    | 4 ++--
 whitechapel/vendor/google/modem_svc_sit.te | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index 97ff74cc..9b23f49d 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -244,8 +244,8 @@
 # TCP logging
 /vendor/bin/tcpdump_logger          u:object_r:tcpdump_logger_exec:s0
 
-# modem_svc_sit files
-/vendor/bin/modem_svc_sit           u:object_r:modem_svc_sit_exec:s0
+# shared_modem_platform files
+/vendor/bin/shared_modem_platform   u:object_r:modem_svc_sit_exec:s0
 /data/vendor/modem_stat(/.*)?       u:object_r:modem_stat_data_file:s0
 
 # modem mnt files
diff --git a/whitechapel/vendor/google/modem_svc_sit.te b/whitechapel/vendor/google/modem_svc_sit.te
index 8e4ac3d6..e0379a8a 100644
--- a/whitechapel/vendor/google/modem_svc_sit.te
+++ b/whitechapel/vendor/google/modem_svc_sit.te
@@ -1,3 +1,4 @@
+# Selinux rule for modem_svc_sit daemon
 type modem_svc_sit, domain;
 type modem_svc_sit_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(modem_svc_sit)
@@ -31,6 +32,9 @@ get_prop(modem_svc_sit, hwservicemanager_prop)
 # logging property
 get_prop(modem_svc_sit, vendor_logger_prop)
 
+# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal.
+hal_server_domain(modem_svc_sit, hal_shared_modem_platform)
+
 # Modem property
 set_prop(modem_svc_sit, vendor_modem_prop)
 

From c8f947bea6e031736dbf1e0bb0b41ebc21e7ca4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Krzysztof=20Kosi=C5=84ski?= <krzysio@google.com>
Date: Tue, 15 Oct 2024 06:24:32 +0000
Subject: [PATCH 5/5] Remove cgroup_desc_file bugs.

These denials were caused by b/372273614. The culprit CL
has been reverted and the denials do not reproduce on HEAD.

Fix: 372347927
Test: presubmit
Flag: EXEMPT sepolicy bug map update
Change-Id: Ic83101b2b64a96f7e37349f30a902789f05bb26e
---
 tracking_denials/bug_map | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index d8968e2d..e01f4cfa 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -4,9 +4,6 @@ chre vendor_data_file dir b/301948771
 dump_display sysfs file b/340722772
 dump_modem sscoredump_vendor_data_coredump_file dir b/366115873
 dump_modem sscoredump_vendor_data_logcat_file dir b/366115873
-hal_camera_default cgroup_desc_file file b/372347927
-hal_graphics_composer_default cgroup_desc_file file b/372348503
-hal_power_default cgroup_desc_file file b/372348558
 hal_power_default hal_power_default capability b/240632824
 hal_sensors_default sysfs file b/340723303
 hal_vibrator_default default_android_service service_manager b/317316478