remove obsolete entries and put crucial domains to permissive

Bug: 171942789 Bug: 178979986 Bug: 179310854 Bug: 178980065 Bug: 179198085 Bug: 178980032 Test: boot to home under enforcing mode Change-Id: Ic925dbbb74ca2ba38b22c982761c1e214886bfa1
2021-03-09 10:50:59 +08:00 · 2021-03-09 10:50:59 +08:00 · df06cd7760
commit df06cd7760
parent e265637395
4 changed files with 9 additions and 5 deletions
--- a/tracking_denials/hal_power_default.te
+++ b/tracking_denials/hal_power_default.te
@ -10,6 +10,3 @@ dontaudit hal_power_default sysfs:file { read };
 dontaudit hal_power_default sysfs:file { getattr };
 dontaudit hal_power_default sysfs:file { read };
 dontaudit hal_power_default sysfs:file { getattr };
-# b/181713002
-dontaudit hal_power_default hal_graphics_composer_default:binder { transfer };
-dontaudit hal_power_default hal_graphics_composer_default:binder { transfer };
--- a/tracking_denials/mediacodec.te
+++ b/tracking_denials/mediacodec.te
@ -2,5 +2,6 @@
 dontaudit mediacodec sysfs:file { getattr };
 dontaudit mediacodec sysfs:file { open };
 dontaudit mediacodec sysfs:file { read };
-# b/176777184
-dontaudit mediacodec default_android_vndservice:service_manager add ;
+userdebug_or_eng(`
+  permissive mediacodec;
+')
--- a/tracking_denials/tee.te
+++ b/tracking_denials/tee.te
@ -9,3 +9,6 @@ dontaudit tee persist_file:dir { search };
 dontaudit tee mnt_vendor_file:dir { search };
 dontaudit tee tee_data_file:lnk_file { read };
 dontaudit tee persist_file:file { read write };
+userdebug_or_eng(`
+  permissive tee;
+')
--- a/tracking_denials/vendor_init.te
+++ b/tracking_denials/vendor_init.te
@ -4,6 +4,9 @@ dontaudit vendor_init tmpfs:dir { add_name write };
 dontaudit vendor_init debugfs_trace_marker:file { getattr };
 # b/177186257
 dontaudit vendor_init system_data_file:dir { open ioctl read };
+userdebug_or_eng(`
+  permissive vendor_init;
+')
 # b/174443175
 dontaudit vendor_init vendor_power_prop:property_service { set };
 # b/177386448