From a320d9b57505701567bc09b2495529dffc97859e Mon Sep 17 00:00:00 2001
From: Mars Lin <marslin@google.com>
Date: Tue, 15 Feb 2022 15:14:18 +0800
Subject: [PATCH] Add required sepolicy rules for CatEngine

Fix:
02-15 11:55:44.005   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=activity scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:activity_service:s0 tclass=service_manager permissive=1
02-15 11:55:44.082   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=game scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:game_service:s0 tclass=service_manager permissive=1
02-15 11:55:44.087   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=netstats scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:netstats_service:s0 tclass=service_manager permissive=1
02-15 11:55:44.092   431   431 E SELinux : avc:  denied  { find } for pid=3009 uid=1000 name=content_capture scontext=u:r:cat_engine_service_app:s0:c232,c259,c512,c768 tcontext=u:object_r:content_capture_service:s0 tclass=service_manager permissive=1

Bug: 219632839
Test: pts-tradefed run pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I1db9b29e3a3c7dae782bced3427e7c24c5dee945
---
 tracking_denials/cat_engine_service_app.te | 5 -----
 whitechapel_pro/cat_engine_service_app.te  | 1 +
 2 files changed, 1 insertion(+), 5 deletions(-)
 delete mode 100644 tracking_denials/cat_engine_service_app.te

diff --git a/tracking_denials/cat_engine_service_app.te b/tracking_denials/cat_engine_service_app.te
deleted file mode 100644
index 295d91a3..00000000
--- a/tracking_denials/cat_engine_service_app.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# b/219632839
-dontaudit cat_engine_service_app activity_service:service_manager { find };
-dontaudit cat_engine_service_app content_capture_service:service_manager { find };
-dontaudit cat_engine_service_app game_service:service_manager { find };
-dontaudit cat_engine_service_app netstats_service:service_manager { find };
diff --git a/whitechapel_pro/cat_engine_service_app.te b/whitechapel_pro/cat_engine_service_app.te
index e300b90a..eacf9621 100644
--- a/whitechapel_pro/cat_engine_service_app.te
+++ b/whitechapel_pro/cat_engine_service_app.te
@@ -3,5 +3,6 @@ type cat_engine_service_app, domain;
 userdebug_or_eng(`
   app_domain(cat_engine_service_app)
   get_prop(cat_engine_service_app, vendor_rild_prop)
+  allow cat_engine_service_app app_api_service:service_manager find;
   allow cat_engine_service_app system_app_data_file:dir r_dir_perms;
 ')