From df06cd77606b122879ccfeef63f0d304bcfc20c2 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Tue, 9 Mar 2021 10:50:59 +0800
Subject: [PATCH] remove obsolete entries and put crucial domains to permissive

Bug: 171942789
Bug: 178979986
Bug: 179310854
Bug: 178980065
Bug: 179198085
Bug: 178980032
Test: boot to home under enforcing mode
Change-Id: Ic925dbbb74ca2ba38b22c982761c1e214886bfa1
---
 tracking_denials/hal_power_default.te | 3 ---
 tracking_denials/mediacodec.te        | 5 +++--
 tracking_denials/tee.te               | 3 +++
 tracking_denials/vendor_init.te       | 3 +++
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te
index ba08e0ad..ab5c7ecd 100644
--- a/tracking_denials/hal_power_default.te
+++ b/tracking_denials/hal_power_default.te
@@ -10,6 +10,3 @@ dontaudit hal_power_default sysfs:file { read };
 dontaudit hal_power_default sysfs:file { getattr };
 dontaudit hal_power_default sysfs:file { read };
 dontaudit hal_power_default sysfs:file { getattr };
-# b/181713002
-dontaudit hal_power_default hal_graphics_composer_default:binder { transfer };
-dontaudit hal_power_default hal_graphics_composer_default:binder { transfer };
diff --git a/tracking_denials/mediacodec.te b/tracking_denials/mediacodec.te
index 2d3f4475..d4a74b8a 100644
--- a/tracking_denials/mediacodec.te
+++ b/tracking_denials/mediacodec.te
@@ -2,5 +2,6 @@
 dontaudit mediacodec sysfs:file { getattr };
 dontaudit mediacodec sysfs:file { open };
 dontaudit mediacodec sysfs:file { read };
-# b/176777184
-dontaudit mediacodec default_android_vndservice:service_manager add ;
+userdebug_or_eng(`
+  permissive mediacodec;
+')
diff --git a/tracking_denials/tee.te b/tracking_denials/tee.te
index 9148a9c7..3375948f 100644
--- a/tracking_denials/tee.te
+++ b/tracking_denials/tee.te
@@ -9,3 +9,6 @@ dontaudit tee persist_file:dir { search };
 dontaudit tee mnt_vendor_file:dir { search };
 dontaudit tee tee_data_file:lnk_file { read };
 dontaudit tee persist_file:file { read write };
+userdebug_or_eng(`
+  permissive tee;
+')
diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te
index f00248a0..500c14ff 100644
--- a/tracking_denials/vendor_init.te
+++ b/tracking_denials/vendor_init.te
@@ -4,6 +4,9 @@ dontaudit vendor_init tmpfs:dir { add_name write };
 dontaudit vendor_init debugfs_trace_marker:file { getattr };
 # b/177186257
 dontaudit vendor_init system_data_file:dir { open ioctl read };
+userdebug_or_eng(`
+  permissive vendor_init;
+')
 # b/174443175
 dontaudit vendor_init vendor_power_prop:property_service { set };
 # b/177386448