From 7e60d3a032421dd4a82ae23a8a11256558a73de2 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Tue, 13 Apr 2021 11:17:31 +0800
Subject: [PATCH 1/2] allow init to set readahead_size

Bug: 185186743
Test: boot with no error found during boot
Change-Id: I7c06977023a1125d0187b96103e94c355a9d17a2
---
 tracking_denials/init.te          | 8 --------
 whitechapel/vendor/google/init.te | 1 +
 2 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/tracking_denials/init.te b/tracking_denials/init.te
index e34f3ae6..27d6f882 100644
--- a/tracking_denials/init.te
+++ b/tracking_denials/init.te
@@ -1,11 +1,3 @@
 # b/180963348
 dontaudit init overlayfs_file:chr_file { unlink };
 dontaudit init overlayfs_file:file { rename };
-# b/182954138
-dontaudit init vendor_file:file { execute };
-dontaudit init vendor_file:file { execute };
-dontaudit init sysfs:file { setattr };
-dontaudit init sysfs:file { setattr };
-# b/185186743
-dontaudit init sysfs_scsi_devices_0000:file { write };
-dontaudit init sysfs_scsi_devices_0000:file { write };
diff --git a/whitechapel/vendor/google/init.te b/whitechapel/vendor/google/init.te
index 9cf7d73f..5d6a6810 100644
--- a/whitechapel/vendor/google/init.te
+++ b/whitechapel/vendor/google/init.te
@@ -17,3 +17,4 @@ allow init modem_userdata_file:dir mounton;
 allow init ram_device:blk_file w_file_perms;
 allow init per_boot_file:file ioctl;
 allowxperm init per_boot_file:file ioctl { F2FS_IOC_SET_PIN_FILE };
+allow init sysfs_scsi_devices_0000:file w_file_perms;

From 7e071d6cb258a1a172a458f53d293ea082c3c591 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Tue, 13 Apr 2021 11:57:54 +0800
Subject: [PATCH 2/2] dump hal_graphics_composer

Bug: 179310854
Bug: 176868159
Bug: 177176812
Bug: 177389412
Bug: 177614642
Bug: 177778217
Bug: 177860841
Bug: 178752460
Bug: 179310909
Bug: 179437463
Bug: 180963481
Bug: 181177909
Bug: 174961421
Test: do bugreport with no relevant error logs
Change-Id: Ieac81e9d684044fbd649b4fec608f393627c34cb
---
 tracking_denials/dumpstate.te          |   5 -
 tracking_denials/incidentd.te          | 139 -------------------------
 tracking_denials/update_engine.te      |   5 -
 whitechapel/vendor/google/dumpstate.te |   7 ++
 4 files changed, 7 insertions(+), 149 deletions(-)
 delete mode 100644 tracking_denials/dumpstate.te
 delete mode 100644 tracking_denials/incidentd.te
 delete mode 100644 tracking_denials/update_engine.te

diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te
deleted file mode 100644
index 1f3ef62e..00000000
--- a/tracking_denials/dumpstate.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# b/179310854
-dontaudit dumpstate hal_neuralnetworks_armnn:process signal;
-dontaudit dumpstate hal_power_stats_vendor_service:service_manager find;
-dontaudit dumpstate vendor_dmabuf_debugfs:file { getattr open read };
-dontaudit dumpstate vold:binder call;
diff --git a/tracking_denials/incidentd.te b/tracking_denials/incidentd.te
deleted file mode 100644
index 61223df0..00000000
--- a/tracking_denials/incidentd.te
+++ /dev/null
@@ -1,139 +0,0 @@
-# b/176868159
-dontaudit incidentd apk_verity_prop:file getattr ;
-dontaudit incidentd apk_verity_prop:file map ;
-dontaudit incidentd apk_verity_prop:file getattr ;
-dontaudit incidentd apk_verity_prop:file open ;
-dontaudit incidentd apexd_prop:file map ;
-dontaudit incidentd apexd_prop:file getattr ;
-dontaudit incidentd apexd_prop:file getattr ;
-dontaudit incidentd apexd_prop:file map ;
-dontaudit incidentd apk_verity_prop:file open ;
-dontaudit incidentd apk_verity_prop:file map ;
-# b/177176812
-dontaudit incidentd audio_config_prop:file open ;
-dontaudit incidentd ab_update_gki_prop:file open ;
-dontaudit incidentd ab_update_gki_prop:file map ;
-dontaudit incidentd ab_update_gki_prop:file getattr ;
-dontaudit incidentd audio_config_prop:file open ;
-dontaudit incidentd aac_drc_prop:file map ;
-dontaudit incidentd aac_drc_prop:file getattr ;
-dontaudit incidentd aac_drc_prop:file open ;
-dontaudit incidentd aac_drc_prop:file open ;
-dontaudit incidentd ab_update_gki_prop:file map ;
-dontaudit incidentd aac_drc_prop:file map ;
-dontaudit incidentd ab_update_gki_prop:file getattr ;
-dontaudit incidentd aac_drc_prop:file getattr ;
-dontaudit incidentd ab_update_gki_prop:file open ;
-# b/177389412
-dontaudit incidentd audio_config_prop:file { getattr };
-dontaudit incidentd audio_config_prop:file { getattr };
-dontaudit incidentd audio_config_prop:file { map };
-dontaudit incidentd bluetooth_a2dp_offload_prop:file { open };
-dontaudit incidentd bluetooth_a2dp_offload_prop:file { map };
-dontaudit incidentd nfc_service:service_manager { find };
-dontaudit incidentd bluetooth_a2dp_offload_prop:file { map };
-dontaudit incidentd bluetooth_a2dp_offload_prop:file { getattr };
-dontaudit incidentd bluetooth_a2dp_offload_prop:file { open };
-dontaudit incidentd audio_config_prop:file { map };
-dontaudit incidentd bluetooth_a2dp_offload_prop:file { getattr };
-# b/177614642
-dontaudit incidentd bluetooth_audio_hal_prop:file { map };
-dontaudit incidentd bluetooth_audio_hal_prop:file { open };
-dontaudit incidentd bluetooth_prop:file { map };
-dontaudit incidentd bluetooth_prop:file { getattr };
-dontaudit incidentd bluetooth_prop:file { open };
-dontaudit incidentd bluetooth_audio_hal_prop:file { map };
-dontaudit incidentd bluetooth_audio_hal_prop:file { getattr };
-dontaudit incidentd boottime_prop:file { open };
-dontaudit incidentd bluetooth_prop:file { map };
-dontaudit incidentd bluetooth_prop:file { getattr };
-dontaudit incidentd bluetooth_prop:file { open };
-dontaudit incidentd bluetooth_audio_hal_prop:file { open };
-dontaudit incidentd bluetooth_audio_hal_prop:file { getattr };
-dontaudit incidentd boottime_prop:file { open };
-# b/177778217
-dontaudit incidentd boottime_public_prop:file { getattr };
-dontaudit incidentd boottime_prop:file { getattr };
-dontaudit incidentd bpf_progs_loaded_prop:file { open };
-dontaudit incidentd boottime_public_prop:file { map };
-dontaudit incidentd boottime_public_prop:file { getattr };
-dontaudit incidentd boottime_public_prop:file { open };
-dontaudit incidentd boottime_prop:file { map };
-dontaudit incidentd bpf_progs_loaded_prop:file { getattr };
-dontaudit incidentd bpf_progs_loaded_prop:file { open };
-dontaudit incidentd boottime_public_prop:file { map };
-dontaudit incidentd boottime_prop:file { getattr };
-dontaudit incidentd boottime_prop:file { map };
-dontaudit incidentd boottime_public_prop:file { open };
-dontaudit incidentd bpf_progs_loaded_prop:file { getattr };
-# b/177860841
-dontaudit incidentd build_bootimage_prop:file { map };
-dontaudit incidentd build_config_prop:file { getattr };
-dontaudit incidentd build_config_prop:file { open };
-dontaudit incidentd bpf_progs_loaded_prop:file { map };
-dontaudit incidentd build_bootimage_prop:file { open };
-dontaudit incidentd build_bootimage_prop:file { getattr };
-dontaudit incidentd build_bootimage_prop:file { map };
-dontaudit incidentd build_bootimage_prop:file { getattr };
-dontaudit incidentd build_config_prop:file { getattr };
-dontaudit incidentd build_config_prop:file { map };
-dontaudit incidentd bpf_progs_loaded_prop:file { map };
-dontaudit incidentd build_bootimage_prop:file { open };
-dontaudit incidentd build_config_prop:file { open };
-dontaudit incidentd build_config_prop:file { map };
-# b/178752460
-dontaudit incidentd camera_calibration_prop:file { open };
-dontaudit incidentd charger_config_prop:file { getattr };
-dontaudit incidentd charger_config_prop:file { open };
-dontaudit incidentd camera_calibration_prop:file { map };
-dontaudit incidentd camera_calibration_prop:file { getattr };
-dontaudit incidentd charger_config_prop:file { getattr };
-dontaudit incidentd camera_calibration_prop:file { open };
-dontaudit incidentd camera_calibration_prop:file { getattr };
-dontaudit incidentd camera_calibration_prop:file { map };
-dontaudit incidentd charger_config_prop:file { open };
-# b/179310909
-dontaudit incidentd charger_status_prop:file { open };
-dontaudit incidentd charger_prop:file { open };
-dontaudit incidentd charger_prop:file { getattr };
-dontaudit incidentd charger_prop:file { map };
-dontaudit incidentd charger_status_prop:file { open };
-dontaudit incidentd charger_status_prop:file { getattr };
-dontaudit incidentd charger_status_prop:file { map };
-dontaudit incidentd charger_config_prop:file { map };
-dontaudit incidentd charger_status_prop:file { map };
-dontaudit incidentd charger_status_prop:file { getattr };
-dontaudit incidentd charger_config_prop:file { map };
-dontaudit incidentd charger_prop:file { open };
-dontaudit incidentd charger_prop:file { getattr };
-dontaudit incidentd charger_prop:file { map };
-# b/179437463
-dontaudit incidentd cold_boot_done_prop:file { map };
-dontaudit incidentd cold_boot_done_prop:file { getattr };
-dontaudit incidentd cpu_variant_prop:file { map };
-dontaudit incidentd cpu_variant_prop:file { getattr };
-dontaudit incidentd cold_boot_done_prop:file { map };
-dontaudit incidentd cpu_variant_prop:file { map };
-dontaudit incidentd cpu_variant_prop:file { open };
-dontaudit incidentd cold_boot_done_prop:file { getattr };
-dontaudit incidentd cold_boot_done_prop:file { open };
-dontaudit incidentd cold_boot_done_prop:file { open };
-dontaudit incidentd cpu_variant_prop:file { open };
-dontaudit incidentd cpu_variant_prop:file { getattr };
-# b/180963481
-dontaudit incidentd ctl_bootanim_prop:file { open };
-dontaudit incidentd ctl_adbd_prop:file { open };
-dontaudit incidentd ctl_adbd_prop:file { getattr };
-dontaudit incidentd ctl_adbd_prop:file { map };
-dontaudit incidentd ctl_apexd_prop:file { getattr };
-dontaudit incidentd ctl_apexd_prop:file { map };
-dontaudit incidentd ctl_adbd_prop:file { open };
-dontaudit incidentd ctl_adbd_prop:file { getattr };
-dontaudit incidentd ctl_adbd_prop:file { map };
-dontaudit incidentd ctl_apexd_prop:file { open };
-dontaudit incidentd ctl_apexd_prop:file { getattr };
-dontaudit incidentd ctl_apexd_prop:file { map };
-dontaudit incidentd ctl_bootanim_prop:file { open };
-dontaudit incidentd ctl_apexd_prop:file { open };
-# b/181177909
-dontaudit incidentd property_type:file *;
diff --git a/tracking_denials/update_engine.te b/tracking_denials/update_engine.te
deleted file mode 100644
index e1f320af..00000000
--- a/tracking_denials/update_engine.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# b/174961421
-dontaudit update_engine dumpstate:fifo_file write ;
-dontaudit update_engine dumpstate:fifo_file write ;
-dontaudit update_engine dumpstate:fd use ;
-dontaudit update_engine dumpstate:fd use ;
diff --git a/whitechapel/vendor/google/dumpstate.te b/whitechapel/vendor/google/dumpstate.te
index 462492cc..d9cc1d5c 100644
--- a/whitechapel/vendor/google/dumpstate.te
+++ b/whitechapel/vendor/google/dumpstate.te
@@ -1,4 +1,9 @@
 dump_hal(hal_telephony)
+dump_hal(hal_graphics_composer)
+
+userdebug_or_eng(`
+  allow dumpstate vendor_dmabuf_debugfs:file r_file_perms;
+')
 
 allow dumpstate sysfs_scsi_devices_0000:file r_file_perms;
 allow dumpstate persist_file:dir r_dir_perms;
@@ -7,3 +12,5 @@ allow dumpstate modem_efs_file:dir getattr;
 allow dumpstate modem_img_file:dir getattr;
 allow dumpstate modem_userdata_file:dir getattr;
 allow dumpstate fuse:dir search;
+
+dontaudit dumpstate vendor_dmabuf_debugfs:file r_file_perms;