Merge "remove obsolete entries and put crucial domains to permissive" into sc-dev am: 48113ddced

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13805052

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: If914068d4fb3369486f1dbef8af614245b9dfa0b

tracking_denials/hal_power_default.te

@@ -10,6 +10,3 @@ dontaudit hal_power_default sysfs:file { read };
 dontaudit hal_power_default sysfs:file { getattr };
 dontaudit hal_power_default sysfs:file { read };
 dontaudit hal_power_default sysfs:file { getattr };
-# b/181713002
-dontaudit hal_power_default hal_graphics_composer_default:binder { transfer };
-dontaudit hal_power_default hal_graphics_composer_default:binder { transfer };

tracking_denials/mediacodec.te

@@ -2,5 +2,6 @@
 dontaudit mediacodec sysfs:file { getattr };
 dontaudit mediacodec sysfs:file { open };
 dontaudit mediacodec sysfs:file { read };
-# b/176777184
-dontaudit mediacodec default_android_vndservice:service_manager add ;
+userdebug_or_eng(`
+  permissive mediacodec;
+')

tracking_denials/tee.te

@@ -9,3 +9,6 @@ dontaudit tee persist_file:dir { search };
 dontaudit tee mnt_vendor_file:dir { search };
 dontaudit tee tee_data_file:lnk_file { read };
 dontaudit tee persist_file:file { read write };
+userdebug_or_eng(`
+  permissive tee;
+')

tracking_denials/vendor_init.te

@@ -4,6 +4,9 @@ dontaudit vendor_init tmpfs:dir { add_name write };
 dontaudit vendor_init debugfs_trace_marker:file { getattr };
 # b/177186257
 dontaudit vendor_init system_data_file:dir { open ioctl read };
+userdebug_or_eng(`
+  permissive vendor_init;
+')
 # b/174443175
 dontaudit vendor_init vendor_power_prop:property_service { set };
 # b/177386448