From 797b646234dc1d97fd15cb263342d7bc0971d0b1 Mon Sep 17 00:00:00 2001
From: Rick Yiu <rickyiu@google.com>
Date: Thu, 10 Jun 2021 11:30:11 +0800
Subject: [PATCH] gs101-sepolicy: Fix avc denial for sysfs_vendor_sched

Fix mediaprovider_app and bluetooth

Bug: 190563839
Bug: 190563916
Test: build pass
Change-Id: I477325ee812d1362db4d5005e999cba989a44216
---
 gs101-sepolicy.mk                      | 3 +++
 private/mediaprovider_app.te           | 2 ++
 public/file.te                         | 7 +++++++
 tracking_denials/bluetooth.te          | 2 --
 whitechapel/vendor/google/bluetooth.te | 3 +++
 whitechapel/vendor/google/file.te      | 7 -------
 6 files changed, 15 insertions(+), 9 deletions(-)
 create mode 100644 private/mediaprovider_app.te
 create mode 100644 public/file.te
 delete mode 100644 tracking_denials/bluetooth.te
 create mode 100644 whitechapel/vendor/google/bluetooth.te

diff --git a/gs101-sepolicy.mk b/gs101-sepolicy.mk
index ffe102f8..989bb70b 100644
--- a/gs101-sepolicy.mk
+++ b/gs101-sepolicy.mk
@@ -37,3 +37,6 @@ BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/wifi_sniffer
 
 # Wifi Logger
 BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/wifi_logger
+
+# Public
+PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs101-sepolicy/public
diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
new file mode 100644
index 00000000..9d508444
--- /dev/null
+++ b/private/mediaprovider_app.te
@@ -0,0 +1,2 @@
+dontaudit mediaprovider_app sysfs_vendor_sched:dir search;
+
diff --git a/public/file.te b/public/file.te
new file mode 100644
index 00000000..4c15c474
--- /dev/null
+++ b/public/file.te
@@ -0,0 +1,7 @@
+# Vendor sched files
+type sysfs_vendor_sched, sysfs_type, fs_type;
+userdebug_or_eng(`
+    typeattribute sysfs_vendor_sched mlstrustedobject;
+')
+type proc_vendor_sched, proc_type, fs_type;
+
diff --git a/tracking_denials/bluetooth.te b/tracking_denials/bluetooth.te
deleted file mode 100644
index ff6d7f9b..00000000
--- a/tracking_denials/bluetooth.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/190563916
-dontaudit bluetooth sysfs_vendor_sched:dir search;
diff --git a/whitechapel/vendor/google/bluetooth.te b/whitechapel/vendor/google/bluetooth.te
new file mode 100644
index 00000000..b246eca1
--- /dev/null
+++ b/whitechapel/vendor/google/bluetooth.te
@@ -0,0 +1,3 @@
+allow bluetooth sysfs_vendor_sched:dir search;
+allow bluetooth sysfs_vendor_sched:file w_file_perms;
+
diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index e0a05a57..55d1f164 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -134,13 +134,6 @@ type vendor_camera_tuning_file, vendor_file_type, file_type;
 type vendor_camera_data_file, file_type, data_file_type;
 type sysfs_camera, sysfs_type, fs_type;
 
-# Vendor sched files
-type sysfs_vendor_sched, sysfs_type, fs_type;
-userdebug_or_eng(`
-    typeattribute sysfs_vendor_sched mlstrustedobject;
-')
-type proc_vendor_sched, proc_type, fs_type;
-
 # GPS
 type vendor_gps_file, file_type, data_file_type;
 userdebug_or_eng(`