From 8c9a2875ab893d50f14bd6a534965bfba8d2d6fb Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Wed, 3 Jul 2024 02:05:23 +0000
Subject: [PATCH 01/21] Update SELinux error

Test: SELinuxUncheckedDenialBootTest
Bug: 350831964
Change-Id: Iec0a5b8418d95a83cc989681f8bc5b42e03b032f
---
 tracking_denials/bug_map | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index 737d604e..a81c684d 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -12,6 +12,7 @@ kernel kernel capability b/340723030
 kernel tmpfs chr_file b/315907959
 rfsd vendor_cbd_prop file b/317734418
 shell sysfs_net file b/329380904
+ssr_detector_app default_prop file b/350831964
 surfaceflinger selinuxfs file b/313804340
 untrusted_app nativetest_data_file dir b/305600845
 untrusted_app shell_test_data_file dir b/305600845

From eb11b78314c9015387d8893c8e2bfbb5401baa0b Mon Sep 17 00:00:00 2001
From: Aaron Tsai <tsaiaaron@google.com>
Date: Thu, 23 May 2024 08:45:02 +0000
Subject: [PATCH 02/21] Add permission for setting gril property

05-22 17:52:28.190   936   936 I auditd  : type=1400 audit(0.0:784): avc:  denied  { write } for  comm="radioext@1.0-se" name="property_service" dev="tmpfs" ino=842 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0

Bug: 343012301
Bug: 203824024
Test: manual test
Flag: EXEMPT bugfix
Change-Id: I8048a67b59beac0d2ce8c7331eb0e1ea21881f9b
---
 whitechapel/vendor/google/hal_radioext_default.te | 1 +
 whitechapel/vendor/google/property.te             | 1 +
 whitechapel/vendor/google/property_contexts       | 3 +++
 3 files changed, 5 insertions(+)

diff --git a/whitechapel/vendor/google/hal_radioext_default.te b/whitechapel/vendor/google/hal_radioext_default.te
index eef71cf6..0f561ac0 100644
--- a/whitechapel/vendor/google/hal_radioext_default.te
+++ b/whitechapel/vendor/google/hal_radioext_default.te
@@ -4,6 +4,7 @@ init_daemon_domain(hal_radioext_default)
 
 hwbinder_use(hal_radioext_default)
 get_prop(hal_radioext_default, hwservicemanager_prop)
+set_prop(hal_radioext_default, vendor_gril_prop)
 add_hwservice(hal_radioext_default, hal_radioext_hwservice)
 
 binder_call(hal_radioext_default, grilservice_app)
diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te
index 98da3e39..21bd8885 100644
--- a/whitechapel/vendor/google/property.te
+++ b/whitechapel/vendor/google/property.te
@@ -2,6 +2,7 @@
 vendor_internal_prop(vendor_prop)
 vendor_internal_prop(vendor_rcs_prop)
 vendor_internal_prop(vendor_rild_prop)
+vendor_internal_prop(vendor_gril_prop)
 vendor_internal_prop(sensors_prop)
 vendor_internal_prop(vendor_ssrdump_prop)
 vendor_internal_prop(vendor_usb_config_prop)
diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts
index c9187a3f..ba41d6a9 100644
--- a/whitechapel/vendor/google/property_contexts
+++ b/whitechapel/vendor/google/property_contexts
@@ -8,6 +8,9 @@ vendor.ril.                      u:object_r:vendor_rild_prop:s0
 vendor.radio.                    u:object_r:vendor_rild_prop:s0
 ro.vendor.build.svn              u:object_r:vendor_rild_prop:s0
 
+# for GRIL
+vendor.gril.                               u:object_r:vendor_gril_prop:s0
+
 # Ramdump
 persist.vendor.sys.crash_rcu    u:object_r:vendor_ramdump_prop:s0
 

From 63a927b837307e3d4e62534ad0ab4a71b83b84c9 Mon Sep 17 00:00:00 2001
From: Mike McTernan <mikemcternan@google.com>
Date: Mon, 15 Jul 2024 10:32:27 +0100
Subject: [PATCH 03/21] trusty: storageproxy: add fs_ready_rw property context

Flag: EXEMPT bug fix
Bug: 350362101
Test: ABTD
Change-Id: I6876593d904ce7223b91f30d31edcd3e60fac82b
---
 whitechapel/vendor/google/property_contexts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts
index c9187a3f..fe6d5312 100644
--- a/whitechapel/vendor/google/property_contexts
+++ b/whitechapel/vendor/google/property_contexts
@@ -93,6 +93,7 @@ vendor.uwb.calibration.country_code             u:object_r:vendor_uwb_calibratio
 
 # Trusty
 ro.vendor.trusty.storage.fs_ready               u:object_r:vendor_trusty_storage_prop:s0
+ro.vendor.trusty.storage.fs_ready_rw            u:object_r:vendor_trusty_storage_prop:s0
 
 # Mali GPU driver configuration and debug options
 vendor.mali.                                    u:object_r:vendor_arm_runtime_option_prop:s0 prefix

From 7bc5a6b183feca0de5970360a7c120e25fe11fa2 Mon Sep 17 00:00:00 2001
From: Daniel Chapin <chapin@google.com>
Date: Wed, 24 Jul 2024 20:17:20 +0000
Subject: [PATCH 04/21] Revert "trusty: storageproxy: add fs_ready_rw property
 context"

Revert submission 28318041-rw_storage

Reason for revert: Droidfood blocking bug b/355163562

Reverted changes: /q/submissionid:28318041-rw_storage

Change-Id: I3846d284bb6810ed3adea0070ac663babf6bb966
---
 whitechapel/vendor/google/property_contexts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts
index fe6d5312..c9187a3f 100644
--- a/whitechapel/vendor/google/property_contexts
+++ b/whitechapel/vendor/google/property_contexts
@@ -93,7 +93,6 @@ vendor.uwb.calibration.country_code             u:object_r:vendor_uwb_calibratio
 
 # Trusty
 ro.vendor.trusty.storage.fs_ready               u:object_r:vendor_trusty_storage_prop:s0
-ro.vendor.trusty.storage.fs_ready_rw            u:object_r:vendor_trusty_storage_prop:s0
 
 # Mali GPU driver configuration and debug options
 vendor.mali.                                    u:object_r:vendor_arm_runtime_option_prop:s0 prefix

From 4943a19244e0156d4637e4f60ff6be17a4e524ee Mon Sep 17 00:00:00 2001
From: Daniel Chapin <chapin@google.com>
Date: Wed, 24 Jul 2024 20:17:20 +0000
Subject: [PATCH 05/21] Revert "trusty: storageproxy: add fs_ready_rw property
 context"

Revert submission 28318041-rw_storage

Reason for revert: Droidfood blocking bug b/355163562

Reverted changes: /q/submissionid:28318041-rw_storage
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7bc5a6b183feca0de5970360a7c120e25fe11fa2)
Merged-In: I3846d284bb6810ed3adea0070ac663babf6bb966
Change-Id: I3846d284bb6810ed3adea0070ac663babf6bb966
---
 whitechapel/vendor/google/property_contexts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts
index 5c320194..ba41d6a9 100644
--- a/whitechapel/vendor/google/property_contexts
+++ b/whitechapel/vendor/google/property_contexts
@@ -96,7 +96,6 @@ vendor.uwb.calibration.country_code             u:object_r:vendor_uwb_calibratio
 
 # Trusty
 ro.vendor.trusty.storage.fs_ready               u:object_r:vendor_trusty_storage_prop:s0
-ro.vendor.trusty.storage.fs_ready_rw            u:object_r:vendor_trusty_storage_prop:s0
 
 # Mali GPU driver configuration and debug options
 vendor.mali.                                    u:object_r:vendor_arm_runtime_option_prop:s0 prefix

From faa7886bec01740f7d2e7a64ee9e74a5e0f84678 Mon Sep 17 00:00:00 2001
From: Daniel Chapin <chapin@google.com>
Date: Wed, 24 Jul 2024 20:17:20 +0000
Subject: [PATCH 06/21] Revert "trusty: storageproxy: add fs_ready_rw property
 context"

Revert submission 28318041-rw_storage

Reason for revert: Droidfood blocking bug b/355163562

Reverted changes: /q/submissionid:28318041-rw_storage
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7bc5a6b183feca0de5970360a7c120e25fe11fa2)
Merged-In: I3846d284bb6810ed3adea0070ac663babf6bb966
Change-Id: I3846d284bb6810ed3adea0070ac663babf6bb966
---
 whitechapel/vendor/google/property_contexts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts
index 5c320194..ba41d6a9 100644
--- a/whitechapel/vendor/google/property_contexts
+++ b/whitechapel/vendor/google/property_contexts
@@ -96,7 +96,6 @@ vendor.uwb.calibration.country_code             u:object_r:vendor_uwb_calibratio
 
 # Trusty
 ro.vendor.trusty.storage.fs_ready               u:object_r:vendor_trusty_storage_prop:s0
-ro.vendor.trusty.storage.fs_ready_rw            u:object_r:vendor_trusty_storage_prop:s0
 
 # Mali GPU driver configuration and debug options
 vendor.mali.                                    u:object_r:vendor_arm_runtime_option_prop:s0 prefix

From 774949828e714e90a55451dd48cbf59a7fef4794 Mon Sep 17 00:00:00 2001
From: Kevin Ying <kevinying@google.com>
Date: Thu, 9 May 2024 20:57:27 +0000
Subject: [PATCH 07/21] Allow camera HAL to access power_state sysfs

08-03 01:36:52.108   791   791 W TaskPool: type=1400 audit(0.0:125): avc:  denied  { read } for  name="power_state" dev="sysfs" ino=86770 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 339690296
Test: Open camera, no display avc error
Flag: EXEMPT resource update only
Change-Id: I407c31e0898b07bef0df1b090dbc570f61c49272
Signed-off-by: Kevin Ying <kevinying@google.com>
---
 display/gs101/genfs_contexts                    | 2 ++
 whitechapel/vendor/google/hal_camera_default.te | 1 +
 2 files changed, 3 insertions(+)

diff --git a/display/gs101/genfs_contexts b/display/gs101/genfs_contexts
index 99badab8..6144af66 100644
--- a/display/gs101/genfs_contexts
+++ b/display/gs101/genfs_contexts
@@ -2,12 +2,14 @@ genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight
 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_name                u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number             u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/refresh_rate              u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/power_state               u:object_r:sysfs_display:s0
 genfscon sysfs /firmware/devicetree/base/drmdsim@0x1C2C0000/panel@0/compatible                 u:object_r:sysfs_display:s0
 
 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight                 u:object_r:sysfs_leds:s0
 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_name                u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/serial_number             u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/refresh_rate              u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/power_state               u:object_r:sysfs_display:s0
 genfscon sysfs /firmware/devicetree/base/drmdsim@0x1C2D0000/panel@0/compatible                 u:object_r:sysfs_display:s0
 
 genfscon sysfs /module/drm/parameters/vblankoffdelay                                           u:object_r:sysfs_display:s0
diff --git a/whitechapel/vendor/google/hal_camera_default.te b/whitechapel/vendor/google/hal_camera_default.te
index b488860d..5697afef 100644
--- a/whitechapel/vendor/google/hal_camera_default.te
+++ b/whitechapel/vendor/google/hal_camera_default.te
@@ -91,6 +91,7 @@ allow hal_camera_default sysfs_devfreq_cur:file r_file_perms;
 # Allow camera HAL to read backlight of display
 allow hal_camera_default sysfs_leds:dir r_dir_perms;
 allow hal_camera_default sysfs_leds:file r_file_perms;
+allow hal_camera_default sysfs_display:file r_file_perms;
 
 # Allow camera HAL to query interrupts and set interrupt affinity
 allow hal_camera_default proc_irq:dir r_dir_perms;

From bf7161db5600494ffcdba208bb81803550d38aac Mon Sep 17 00:00:00 2001
From: Xiaofan Jiang <xiaofanj@google.com>
Date: Wed, 14 Aug 2024 00:37:53 +0000
Subject: [PATCH 08/21] gs101: update shared_modem_platform sepolicy for UMI

Bug: 357139752

Flag: EXEMPT sepolicy

[   68.189198] type=1400 audit(1722986580.568:59): avc:  denied  { unlink } for  comm="binder:892_2" name="modem_svc_socket" dev="dm-52" ino=20239 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1
[   68.189448] type=1400 audit(1722986580.568:60): avc:  denied  { create } for  comm="binder:892_2" name="modem_svc_socket" scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1

Change-Id: I7e28f5a8c7f8a6909fccdc813e7c94ce8c7f8831
---
 whitechapel/vendor/google/modem_svc_sit.te | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/whitechapel/vendor/google/modem_svc_sit.te b/whitechapel/vendor/google/modem_svc_sit.te
index 0eb7498d..8e4ac3d6 100644
--- a/whitechapel/vendor/google/modem_svc_sit.te
+++ b/whitechapel/vendor/google/modem_svc_sit.te
@@ -41,4 +41,10 @@ perfetto_producer(modem_svc_sit)
 # Allow modem_svc_sit to access modem image file/dir
 allow modem_svc_sit modem_img_file:dir r_dir_perms;
 allow modem_svc_sit modem_img_file:file r_file_perms;
-allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
\ No newline at end of file
+allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
+
+# Allow modem_svc_sit to access socket for UMI
+userdebug_or_eng(`
+  allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink };
+')
+

From 50ee17cede6d3953dd6b940a55c82e013f32cd18 Mon Sep 17 00:00:00 2001
From: samou <samou@google.com>
Date: Tue, 16 Jul 2024 07:39:16 +0000
Subject: [PATCH 09/21] sepolicy: remove duplicate policy

Flag: EXEMPT refactor
Bug: 349935208
Change-Id: Ib20bc0cc9af38ed481697420bb92ea12a917d594
Signed-off-by: samou <samou@google.com>
---
 whitechapel/vendor/google/file.te        | 4 ----
 whitechapel/vendor/google/genfs_contexts | 9 ---------
 2 files changed, 13 deletions(-)

diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index 8c985555..16c40446 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -114,10 +114,6 @@ type sysfs_chargelevel, sysfs_type, fs_type;
 
 # ODPM
 type powerstats_vendor_data_file, file_type, data_file_type;
-type sysfs_odpm, sysfs_type, fs_type;
-
-# bcl
-type sysfs_bcl, sysfs_type, fs_type;
 
 # Chosen
 type sysfs_chosen, sysfs_type, fs_type;
diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts
index 7261590f..207c64e4 100644
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@@ -185,15 +185,6 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-me
 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device0/enabled_rails        u:object_r:sysfs_odpm:s0
 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/wakeup                           u:object_r:sysfs_wakeup:s0
 
-# bcl sysfs files
-genfscon sysfs /devices/virtual/pmic/mitigation                                        u:object_r:sysfs_bcl:s0
-genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/tpu_heavy_clk_ratio        u:object_r:sysfs_bcl:s0
-genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/gpu_heavy_clk_ratio        u:object_r:sysfs_bcl:s0
-genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/cpu2_heavy_clk_ratio       u:object_r:sysfs_bcl:s0
-genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/cpu2_light_clk_ratio       u:object_r:sysfs_bcl:s0
-genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/tpu_light_clk_ratio        u:object_r:sysfs_bcl:s0
-genfscon sysfs /devices/virtual/pmic/mitigation/clock_ratio/gpu_light_clk_ratio        u:object_r:sysfs_bcl:s0
-
 # Chosen
 genfscon sysfs /firmware/devicetree/base/chosen                                u:object_r:sysfs_chosen:s0
 

From a6390dc3eaea6fcbcdfef476ebbf29a90b6cf696 Mon Sep 17 00:00:00 2001
From: samou <samou@google.com>
Date: Wed, 17 Jul 2024 11:03:59 +0000
Subject: [PATCH 10/21] sepolicy: remove dump_gs101.sh

Flag: EXEMPT refactor
Bug: 349935208
Change-Id: I4f2d5ef40dc328237f62aac7e4116a1f1410516a
Signed-off-by: samou <samou@google.com>
---
 whitechapel/vendor/google/file_contexts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index 69e0d3a9..97ff74cc 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -16,7 +16,6 @@
 /(vendor|system/vendor)/lib(64)?/libgpudataproducer\.so                                         u:object_r:same_process_hal_file:s0
 
 /vendor/bin/dumpsys                                                                             u:object_r:vendor_dumpsys:s0
-/vendor/bin/dump/dump_gs101.sh                                                                  u:object_r:dump_gs101_exec:s0
 
 #
 # HALs

From b8f3e01274005a5bc33b2e51b17c926a421209e8 Mon Sep 17 00:00:00 2001
From: samou <samou@google.com>
Date: Tue, 13 Aug 2024 11:48:56 +0000
Subject: [PATCH 11/21] sepolicy: gs101: fix bm selinux

- add odpm scale value path
- add gpu cur_freq

Flag: EXEMPT refactor
Bug: 349935208
Change-Id: Ib5f4baf57c181f3ca2470514d256f307b7761403
Signed-off-by: samou <samou@google.com>
---
 whitechapel/vendor/google/genfs_contexts | 34 ++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts
index 207c64e4..99875eb3 100644
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@@ -185,6 +185,39 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-me
 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device0/enabled_rails        u:object_r:sysfs_odpm:s0
 genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/wakeup                           u:object_r:sysfs_wakeup:s0
 
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power0_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power1_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power2_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power3_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power4_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power5_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power6_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_power7_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power0_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power1_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power2_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power3_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power4_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power5_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power6_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_power7_scale    u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current0_scale  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current1_scale  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current2_scale  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current3_scale  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current4_scale  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current5_scale  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current6_scale  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-20/20-001f/s2mpg10-meter/s2mpg10-odpm/iio:device0/in_current7_scale  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current0_scale  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current1_scale  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current2_scale  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current3_scale  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current4_scale  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current5_scale  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current6_scale  u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@17510000/i2c-21/21-002f/s2mpg11-meter/s2mpg11-odpm/iio:device1/in_current7_scale  u:object_r:sysfs_odpm:s0
+
 # Chosen
 genfscon sysfs /firmware/devicetree/base/chosen                                u:object_r:sysfs_chosen:s0
 
@@ -226,6 +259,7 @@ genfscon sysfs /devices/platform/1c500000.mali/dma_buf_gpu_mem
 genfscon sysfs /devices/platform/1c500000.mali/total_gpu_mem                                            u:object_r:sysfs_gpu:s0
 genfscon sysfs /devices/platform/1c500000.mali/kprcs                                                    u:object_r:sysfs_gpu:s0
 genfscon sysfs /devices/platform/1c500000.mali/power_policy                                             u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/1c500000.mali/cur_freq                                                 u:object_r:sysfs_gpu:s0
 
 # nvmem (Non Volatile Memory layer)
 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/8-0050/8-00500/nvmem                              u:object_r:sysfs_memory:s0

From 4c48ef2770664d265091c85495014d9dc448658f Mon Sep 17 00:00:00 2001
From: "Priyanka Advani (xWF)" <padvani@google.com>
Date: Thu, 15 Aug 2024 16:14:44 +0000
Subject: [PATCH 12/21] Revert "gs101: update shared_modem_platform sepolicy
 for UMI"

Revert submission 28762313

Reason for revert: Droidmonitor created revert due to b/360059249.

Reverted changes: /q/submissionid:28762313

Change-Id: I4ffb476a64b32a4e725c894f8014070121848cc0
---
 whitechapel/vendor/google/modem_svc_sit.te | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/whitechapel/vendor/google/modem_svc_sit.te b/whitechapel/vendor/google/modem_svc_sit.te
index 8e4ac3d6..0eb7498d 100644
--- a/whitechapel/vendor/google/modem_svc_sit.te
+++ b/whitechapel/vendor/google/modem_svc_sit.te
@@ -41,10 +41,4 @@ perfetto_producer(modem_svc_sit)
 # Allow modem_svc_sit to access modem image file/dir
 allow modem_svc_sit modem_img_file:dir r_dir_perms;
 allow modem_svc_sit modem_img_file:file r_file_perms;
-allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
-
-# Allow modem_svc_sit to access socket for UMI
-userdebug_or_eng(`
-  allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink };
-')
-
+allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
\ No newline at end of file

From 4b26ef2e43e9ee2ce8ef67c3602e837b5bef0765 Mon Sep 17 00:00:00 2001
From: Xiaofan Jiang <xiaofanj@google.com>
Date: Thu, 15 Aug 2024 19:25:28 +0000
Subject: [PATCH 13/21] Revert "Revert "gs101: update shared_modem_platform
 sepolicy for..."

Revert submission 28822848-revert-28762313-SAYUORWKVG

Reason for revert: issue identify and fix is ready

Reverted changes: /q/submissionid:28822848-revert-28762313-SAYUORWKVG

Change-Id: I17fd2b246fc95eac9a5e953c7c7889ecb2c91d1d
---
 whitechapel/vendor/google/modem_svc_sit.te | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/whitechapel/vendor/google/modem_svc_sit.te b/whitechapel/vendor/google/modem_svc_sit.te
index 0eb7498d..8e4ac3d6 100644
--- a/whitechapel/vendor/google/modem_svc_sit.te
+++ b/whitechapel/vendor/google/modem_svc_sit.te
@@ -41,4 +41,10 @@ perfetto_producer(modem_svc_sit)
 # Allow modem_svc_sit to access modem image file/dir
 allow modem_svc_sit modem_img_file:dir r_dir_perms;
 allow modem_svc_sit modem_img_file:file r_file_perms;
-allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
\ No newline at end of file
+allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
+
+# Allow modem_svc_sit to access socket for UMI
+userdebug_or_eng(`
+  allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink };
+')
+

From e0d8d912ec34ff10f0f9167d738932b53a79de44 Mon Sep 17 00:00:00 2001
From: attis <attis@google.com>
Date: Mon, 26 Aug 2024 10:54:48 +0800
Subject: [PATCH 14/21] Label sysfs node power_mode as sysfs_display.

Label power_mode to sysfs_panel to let it be allowed in dumpstate.

avc log:
08-26 11:59:55.044 14700 14700 W dump_display: type=1400 audit(0.0:25): avc:  denied  { read } for  name="power_mode" dev="sysfs" ino=83218 scontext=u:r:dump_display:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 bug=b/340722772

Test: ls -Z, adb bugreport.
Flag: EXEMPT bugfix
Bug: 358505990
Change-Id: Ia31964903b62f72237ae18cf07a2cef0138adeea
Signed-off-by: attis <attis@google.com>
---
 whitechapel/vendor/google/genfs_contexts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts
index 7261590f..1e3d8bf0 100644
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@@ -152,6 +152,8 @@ genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_need_
 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_need_handle_idle_exit    u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/time_in_state                  u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/time_in_state                  u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/power_mode                     u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/power_mode                     u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/1c2c0000.drmdsim/hs_clock                                          u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/1c2d0000.drmdsim/hs_clock                                          u:object_r:sysfs_display:s0
 genfscon sysfs /devices/platform/1c300000.drmdecon/counters                                         u:object_r:sysfs_display:s0

From f323bc8dc7d36a0a352f8965f7ca605017b6d5e0 Mon Sep 17 00:00:00 2001
From: Randall Huang <huangrandall@google.com>
Date: Mon, 2 Sep 2024 14:46:32 +0800
Subject: [PATCH 15/21] Storage: label ufs firmware upgrade script

Bug: 361093041
Test: local build
Change-Id: I0f1c9222f16351bde2ef9dd478a5e0c143e49e5a
Signed-off-by: Randall Huang <huangrandall@google.com>
---
 whitechapel/vendor/google/device.te | 4 ++++
 whitechapel/vendor/google/file.te   | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te
index 4662a075..1399788a 100644
--- a/whitechapel/vendor/google/device.te
+++ b/whitechapel/vendor/google/device.te
@@ -39,3 +39,7 @@ type st33spi_device, dev_type;
 
 # GPS
 type vendor_gnss_device, dev_type;
+
+# Storage firmware upgrade
+type ufs_internal_block_device, dev_type;
+
diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index 16c40446..ed633c69 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -75,6 +75,10 @@ type proc_f2fs, proc_type, fs_type;
 
 type bootdevice_sysdev, dev_type;
 
+# Storage firmware upgrade
+type ufs_firmware_update, domain;
+type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type;
+
 # ZRam
 type per_boot_file, file_type, data_file_type, core_data_file_type;
 

From edf14e100ec320f9fcf0ab346c2ef065c5d069ad Mon Sep 17 00:00:00 2001
From: Randall Huang <huangrandall@google.com>
Date: Wed, 4 Sep 2024 00:02:23 +0800
Subject: [PATCH 16/21] storage: move storage related device type to common
 folder

Bug: 364225000
Test: forrest build
Change-Id: I779edca2e5cecfb34ede65dccf93f207a3dbcf2f
Signed-off-by: Randall Huang <huangrandall@google.com>
---
 whitechapel/vendor/google/device.te | 6 ------
 whitechapel/vendor/google/file.te   | 5 +----
 2 files changed, 1 insertion(+), 10 deletions(-)

diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te
index 1399788a..1e1f25db 100644
--- a/whitechapel/vendor/google/device.te
+++ b/whitechapel/vendor/google/device.te
@@ -1,8 +1,5 @@
 # Block Devices
-type efs_block_device, dev_type;
 type modem_block_device, dev_type;
-type modem_userdata_block_device, dev_type;
-type persist_block_device, dev_type;
 type mfg_data_block_device, dev_type;
 
 # Exynos devices
@@ -40,6 +37,3 @@ type st33spi_device, dev_type;
 # GPS
 type vendor_gnss_device, dev_type;
 
-# Storage firmware upgrade
-type ufs_internal_block_device, dev_type;
-
diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index ed633c69..db4d0570 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -75,10 +75,6 @@ type proc_f2fs, proc_type, fs_type;
 
 type bootdevice_sysdev, dev_type;
 
-# Storage firmware upgrade
-type ufs_firmware_update, domain;
-type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type;
-
 # ZRam
 type per_boot_file, file_type, data_file_type, core_data_file_type;
 
@@ -165,3 +161,4 @@ type sysfs_bootctl, sysfs_type, fs_type;
 
 # WLC
 type sysfs_wlc, sysfs_type, fs_type;
+

From d3d5235b50256e7fadeab0067839e5d9e707c20e Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Wed, 4 Sep 2024 03:26:56 +0000
Subject: [PATCH 17/21] Update SELinux error

Test: SELinuxUncheckedDenialBootTest
Bug: 364446534
Flag: EXEMPT sepolicy bugFix
Change-Id: I694b656e436ef9365ee1bbbac81f155dbf70ce60
---
 tracking_denials/bug_map | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index a81c684d..e499aaa4 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -1,4 +1,5 @@
 
+battery_mitigation sysfs file b/364446534
 chre vendor_data_file dir b/301948771
 dump_display sysfs file b/340722772
 hal_power_default hal_power_default capability b/240632824

From 9a6384293800338301cb6a088565eb1dc76ee63b Mon Sep 17 00:00:00 2001
From: Nina Chen <sheaunic@google.com>
Date: Thu, 12 Sep 2024 14:25:14 +0800
Subject: [PATCH 18/21] Update SELinux error

Test: SELinuxUncheckedDenialBootTest
Bug: 366116587
Test: scanBugreport
Bug: 366115873
Bug: 366116435
Bug: 366116214
Test: scanAvcDeniedLogRightAfterReboot
Bug: 366115457
Bug: 366115458
Flag: EXEMPT NDK
Change-Id: I5f9c4f722ebcfc8fe14c9324d37106d9431accc4
---
 tracking_denials/bug_map | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index e499aaa4..0f17944e 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -2,6 +2,8 @@
 battery_mitigation sysfs file b/364446534
 chre vendor_data_file dir b/301948771
 dump_display sysfs file b/340722772
+dump_modem sscoredump_vendor_data_coredump_file dir b/366115873
+dump_modem sscoredump_vendor_data_logcat_file dir b/366115873
 hal_power_default hal_power_default capability b/240632824
 hal_sensors_default sysfs file b/340723303
 hal_vibrator_default default_android_service service_manager b/317316478
@@ -15,6 +17,9 @@ rfsd vendor_cbd_prop file b/317734418
 shell sysfs_net file b/329380904
 ssr_detector_app default_prop file b/350831964
 surfaceflinger selinuxfs file b/313804340
+system_server vendor_default_prop file b/366115457
+system_server vendor_default_prop file b/366116435
+system_server vendor_default_prop file b/366116587
 untrusted_app nativetest_data_file dir b/305600845
 untrusted_app shell_test_data_file dir b/305600845
 untrusted_app system_data_root_file dir b/305600845
@@ -23,3 +28,5 @@ vendor_init debugfs_trace_marker file b/340723222
 vendor_init default_prop file b/315104713
 vendor_init default_prop file b/316817111
 vendor_init default_prop property_service b/315104713
+vendor_init default_prop property_service b/366115458
+vendor_init default_prop property_service b/366116214

From cc79320f9a5b5c67d4aa712382ee1e85ffe62000 Mon Sep 17 00:00:00 2001
From: Prochin Wang <prochinwang@google.com>
Date: Thu, 12 Sep 2024 05:04:35 +0000
Subject: [PATCH 19/21] Change vendor_fingerprint_prop to
 vendor_restricted_prop

This is to allow the fingerprint HAL to access the property.

Bug: 366105474
Flag: build.RELEASE_PIXEL_BOOST_DATALAYER_PSA_ENABLED
Test: mm
Change-Id: Id15a6014d553bf91fd9ffe34c7c1000973ad5860
---
 whitechapel/vendor/google/property.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te
index 21bd8885..bbdce973 100644
--- a/whitechapel/vendor/google/property.te
+++ b/whitechapel/vendor/google/property.te
@@ -42,7 +42,7 @@ vendor_internal_prop(vendor_touchpanel_prop)
 vendor_internal_prop(vendor_tcpdump_log_prop)
 
 # Fingerprint
-vendor_internal_prop(vendor_fingerprint_prop)
+vendor_restricted_prop(vendor_fingerprint_prop)
 
 # Dynamic sensor
 vendor_internal_prop(vendor_dynamic_sensor_prop)

From 9e9fa88ba6eead6b7ce743dc396c40d4c0d992ab Mon Sep 17 00:00:00 2001
From: Tej Singh <singhtejinder@google.com>
Date: Fri, 20 Sep 2024 21:27:23 -0700
Subject: [PATCH 20/21] Make android.framework.stats-v2-ndk app reachable

For libedgetpu

Test: TH
Bug: 354763040
Flag: EXEMPT bugfix
Change-Id: I8a46aae725a9e912681068df9c219e5a91784305
---
 whitechapel/vendor/google/file_contexts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index 97ff74cc..1639c3ae 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -372,5 +372,6 @@
 
 # Statsd service to support EdgeTPU metrics logging service.
 /vendor/lib64/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/android\.frameworks\.stats-V2-ndk\.so u:object_r:same_process_hal_file:s0
 /vendor/lib64/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0
 /vendor/lib64/libprotobuf-cpp-lite-(\d+\.){2,3}so u:object_r:same_process_hal_file:s0

From bc766489dce017b17c442169d55b4351d3313861 Mon Sep 17 00:00:00 2001
From: samou <samou@google.com>
Date: Fri, 4 Oct 2024 12:20:16 +0000
Subject: [PATCH 21/21] sepolicy: allow dumpstate to execute dump_power

10-04 19:36:47.308  7141  7141 I android.hardwar: type=1400 audit(0.0:6974): avc:  denied  { execute_no_trans } for  path="/vendor/bin/dump/dump_power" dev="overlay" ino=91 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1
10-04 19:36:47.332  7141  7141 I dump_power: type=1400 audit(0.0:6975): avc:  denied  { read } for  name="acpm_stats" dev="sysfs" ino=29227 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1
10-04 19:36:47.332  7141  7141 I dump_power: type=1400 audit(0.0:6976): avc:  denied  { open } for  path="/sys/devices/platform/acpm_stats" dev="sysfs" ino=29227 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1
10-04 19:36:47.332  7141  7141 I dump_power: type=1400 audit(0.0:6977): avc:  denied  { search } for  name="acpm_stats" dev="sysfs" ino=29227 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1
10-04 19:36:47.332  7141  7141 I dump_power: type=1400 audit(0.0:6978): avc:  denied  { read } for  name="core_stats" dev="sysfs" ino=57472 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1
10-04 19:36:47.332  7141  7141 I dump_power: type=1400 audit(0.0:6979): avc:  denied  { open } for  path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=57472 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1
10-04 19:36:47.332  7141  7141 I dump_power: type=1400 audit(0.0:6980): avc:  denied  { getattr } for  path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=57472 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1
10-04 19:36:47.336  7141  7141 I dump_power: type=1400 audit(0.0:6981): avc:  denied  { read } for  name="time_in_state" dev="sysfs" ino=50604 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:sysfs_cpu:s0 tclass=file permissive=1
10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:25): avc:  denied  { read } for  name="version" dev="sysfs" ino=62887 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0
10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:26): avc:  denied  { read } for  name="version" dev="sysfs" ino=62887 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0
10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:27): avc:  denied  { read } for  name="status" dev="sysfs" ino=62888 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0
10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:28): avc:  denied  { read } for  name="status" dev="sysfs" ino=62888 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0
10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:29): avc:  denied  { read } for  name="fw_rev" dev="sysfs" ino=62915 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0
10-04 21:24:19.640 15006 15006 W dump_power: type=1400 audit(0.0:30): avc:  denied  { read } for  name="fw_rev" dev="sysfs" ino=62915 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0
10-04 21:46:57.664  7194  7194 W dump_power: type=1400 audit(0.0:29): avc:  denied  { search } for  name="battery" dev="sysfs" ino=63428 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0
10-04 21:46:57.664  7194  7194 W dump_power: type=1400 audit(0.0:30): avc:  denied  { search } for  name="10d50000.hsi2c" dev="sysfs" ino=21301 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0
10-04 21:46:57.664  7194  7194 W dump_power: type=1400 audit(0.0:31): avc:  denied  { search } for  name="power_supply" dev="sysfs" ino=79013 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0
10-04 21:46:57.664  7194  7194 W dump_power: type=1400 audit(0.0:32): avc:  denied  { search } for  name="power_supply" dev="sysfs" ino=79013 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0
10-04 21:46:57.664  7194  7194 W dump_power: type=1400 audit(0.0:33): avc:  denied  { search } for  name="10d50000.hsi2c" dev="sysfs" ino=21301 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=0
10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18792): avc:  denied  { search } for  name="battery" dev="sysfs" ino=63428 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18793): avc:  denied  { read } for  name="uevent" dev="sysfs" ino=63429 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18794): avc:  denied  { open } for  path="/sys/devices/platform/google,battery/power_supply/battery/uevent" dev="sysfs" ino=63429 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
10-04 21:51:18.168 14936 14936 I dump_power: type=1400 audit(0.0:18795): avc:  denied  { getattr } for  path="/sys/devices/platform/google,battery/power_supply/battery/uevent" dev="sysfs" ino=63429 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1
10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18796): avc:  denied  { search } for  name="8-003c" dev="sysfs" ino=55942 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1
10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18797): avc:  denied  { read } for  name="maxfg" dev="sysfs" ino=62568 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1
10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18798): avc:  denied  { read } for  name="logbuffer_tcpm" dev="tmpfs" ino=1285 scontext=u:r:dump_power:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1
10-04 21:51:18.184 14936 14936 I dump_power: type=1400 audit(0.0:18799): avc:  denied  { open } for  path="/dev/logbuffer_tcpm" dev="tmpfs" ino=1285 scontext=u:r:dump_power:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6191): avc:  denied  { search } for  name="mitigation" dev="dm-50" ino=3758 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=dir permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6192): avc:  denied  { read } for  name="thismeal.txt" dev="dm-50" ino=28765 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6193): avc:  denied  { open } for  path="/data/vendor/mitigation/thismeal.txt" dev="dm-50" ino=28765 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6194): avc:  denied  { getattr } for  path="/data/vendor/mitigation/thismeal.txt" dev="dm-50" ino=28765 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6195): avc:  denied  { search } for  name="mitigation" dev="sysfs" ino=85222 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=dir permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6196): avc:  denied  { read } for  name="last_triggered_count" dev="sysfs" ino=85275 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=dir permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6197): avc:  denied  { open } for  path="/sys/devices/virtual/pmic/mitigation/last_triggered_count" dev="sysfs" ino=85275 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=dir permissive=1
10-04 22:01:08.400  7074  7074 I dump_power: type=1400 audit(0.0:6198): avc:  denied  { read } for  name="batoilo_count" dev="sysfs" ino=85287 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_bcl:s0 tclass=file permissive=1
10-04 23:49:14.616  6976  6976 I dump_power: type=1400 audit(0.0:875): avc:  denied  { read } for  name="thismeal.txt" dev="dm-57" ino=15028 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1
10-04 23:49:14.616  6976  6976 I dump_power: type=1400 audit(0.0:876): avc:  denied  { open } for  path="/data/vendor/mitigation/thismeal.txt" dev="dm-57" ino=15028 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1
10-04 23:49:14.616  6976  6976 I dump_power: type=1400 audit(0.0:877): avc:  denied  { getattr } for  path="/data/vendor/mitigation/thismeal.txt" dev="dm-57" ino=15028 scontext=u:r:dump_power:s0 tcontext=u:object_r:mitigation_vendor_data_file:s0 tclass=file permissive=1
10-05 00:00:44.540  7085  7085 I dump_power: type=1400 audit(0.0:878): avc:  denied  { read } for  name="acpm_stats" dev="sysfs" ino=25439 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1
10-05 00:00:44.540  7085  7085 I dump_power: type=1400 audit(0.0:879): avc:  denied  { open } for  path="/sys/devices/platform/acpm_stats" dev="sysfs" ino=25439 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1
10-05 00:00:44.540  7085  7085 I dump_power: type=1400 audit(0.0:880): avc:  denied  { search } for  name="acpm_stats" dev="sysfs" ino=25439 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=dir permissive=1
10-05 00:00:44.544  7085  7085 I dump_power: type=1400 audit(0.0:881): avc:  denied  { read } for  name="core_stats" dev="sysfs" ino=53039 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1
10-05 00:00:44.544  7085  7085 I dump_power: type=1400 audit(0.0:882): avc:  denied  { open } for  path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=53039 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1
10-05 00:00:44.544  7085  7085 I dump_power: type=1400 audit(0.0:883): avc:  denied  { getattr } for  path="/sys/devices/platform/acpm_stats/core_stats" dev="sysfs" ino=53039 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_acpm_stats:s0 tclass=file permissive=1
10-05 00:00:44.544  7085  7085 I dump_power: type=1400 audit(0.0:884): avc:  denied  { read } for  name="time_in_state" dev="sysfs" ino=45585 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_cpu:s0 tclass=file permissive=1
10-05 00:00:44.544  7085  7085 I dump_power: type=1400 audit(0.0:885): avc:  denied  { open } for  path="/sys/devices/platform/cpupm/cpupm/time_in_state" dev="sysfs" ino=45585 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs_cpu:s0 tclass=file permissive=1

Flag: EXEMPT refactor
Bug: 364989823
Signed-off-by: samou <samou@google.com>
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e746382d7834745023401c638e5367ed2b48a163)
Merged-In: I195f779cc6588c37ccdbe4bb8b29ee8f2edd861a
Change-Id: I195f779cc6588c37ccdbe4bb8b29ee8f2edd861a
---
 whitechapel/vendor/google/dump_power.te | 15 +++++++++++++++
 whitechapel/vendor/google/file_contexts |  2 +-
 2 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 whitechapel/vendor/google/dump_power.te

diff --git a/whitechapel/vendor/google/dump_power.te b/whitechapel/vendor/google/dump_power.te
new file mode 100644
index 00000000..d745b20d
--- /dev/null
+++ b/whitechapel/vendor/google/dump_power.te
@@ -0,0 +1,15 @@
+# Allow dumpstate to execute dump_power
+pixel_bugreport(dump_power);
+
+allow dump_power sysfs_acpm_stats:dir r_dir_perms;
+allow dump_power sysfs_acpm_stats:file r_file_perms;
+allow dump_power sysfs_cpu:file r_file_perms;
+allow dump_power sysfs_wlc:file r_file_perms;
+allow dump_power sysfs_wlc:dir search;
+allow dump_power sysfs_batteryinfo:dir r_dir_perms;
+allow dump_power sysfs_batteryinfo:file r_file_perms;
+allow dump_power logbuffer_device:chr_file r_file_perms;
+allow dump_power mitigation_vendor_data_file:dir r_dir_perms;
+allow dump_power mitigation_vendor_data_file:file r_file_perms;
+allow dump_power sysfs_bcl:dir r_dir_perms;
+allow dump_power sysfs_bcl:file r_file_perms;
diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index 1639c3ae..e6dc12e1 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -16,7 +16,7 @@
 /(vendor|system/vendor)/lib(64)?/libgpudataproducer\.so                                         u:object_r:same_process_hal_file:s0
 
 /vendor/bin/dumpsys                                                                             u:object_r:vendor_dumpsys:s0
-
+/vendor/bin/dump/dump_power                                                                     u:object_r:dump_power_exec:s0
 #
 # HALs
 #