update error on ROM 7904131

Bug: 205904432
Bug: 205904322
Bug: 205904438
Bug: 205904406
Bug: 205904310
Bug: 205904436
Bug: 205904402
Bug: 205904552
Bug: 205904323
Bug: 205904442
Bug: 205904367
Bug: 205904452
Bug: 205904403
Bug: 205904379
Bug: 205904328
Bug: 205904286
Bug: 205904380
Bug: 205904401
Bug: 205904381
Bug: 205904208
Bug: 205904433
Bug: 205904327
Bug: 205904553
Bug: 205904361
Bug: 205904441
Bug: 205904324
Bug: 205904207
Bug: 205904404
Bug: 205904330
Bug: 205904439
Bug: 205904435
Bug: 205904384
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I64432a24d562d5868f21a317e5bfd6f25ad24900

tracking_denials/cbd.te

@@ -1,2 +1,4 @@
 # b/205779872
 dontaudit cbd persist_file:dir { search };
+# b/205904432
+dontaudit cbd cbd:capability { setuid };

tracking_denials/citadeld.te

@@ -8,3 +8,9 @@ dontaudit citadeld vndbinder_device:chr_file { map };
 dontaudit citadeld vndbinder_device:chr_file { open };
 dontaudit citadeld vndbinder_device:chr_file { read };
 dontaudit citadeld vndbinder_device:chr_file { write };
+# b/205904322
+dontaudit citadeld servicemanager:binder { call };
+dontaudit citadeld servicemanager:binder { transfer };
+dontaudit citadeld system_server:binder { call };
+dontaudit citadeld vndservicemanager:binder { call };
+dontaudit citadeld vndservicemanager:binder { transfer };

tracking_denials/convert-to-f2fs-sh.te

@@ -12,3 +12,5 @@ dontaudit convert-to-f2fs-sh toolbox_exec:file { execute };
 dontaudit convert-to-f2fs-sh toolbox_exec:file { execute_no_trans };
 dontaudit convert-to-f2fs-sh toolbox_exec:file { getattr };
 dontaudit convert-to-f2fs-sh toolbox_exec:file { read open };
+# b/205904438
+dontaudit convert-to-f2fs-sh toolbox_exec:file { map };

tracking_denials/hal_camera_default.te

@@ -41,3 +41,12 @@ dontaudit hal_camera_default vendor_camera_data_file:dir { read };
 dontaudit hal_camera_default vendor_camera_data_file:dir { search };
 dontaudit hal_camera_default vendor_camera_data_file:file { open };
 dontaudit hal_camera_default vendor_camera_data_file:file { read };
+# b/205904406
+dontaudit hal_camera_default hal_camera_default:capability { sys_nice };
+dontaudit hal_camera_default hal_power_default:binder { call };
+dontaudit hal_camera_default hal_radioext_default:binder { call };
+dontaudit hal_camera_default init:unix_stream_socket { connectto };
+dontaudit hal_camera_default property_socket:sock_file { write };
+dontaudit hal_camera_default servicemanager:binder { call };
+dontaudit hal_camera_default servicemanager:binder { transfer };
+dontaudit hal_camera_default system_server:binder { call };

tracking_denials/hal_fingerprint_default.te

@@ -17,3 +17,7 @@ dontaudit hal_fingerprint_default fingerprint_device:chr_file { read write };
 dontaudit hal_fingerprint_default tee_device:chr_file { ioctl };
 dontaudit hal_fingerprint_default tee_device:chr_file { open };
 dontaudit hal_fingerprint_default tee_device:chr_file { read write };
+# b/205904310
+dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { bind };
+dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { create };
+dontaudit hal_fingerprint_default hal_fingerprint_default:netlink_socket { write };

tracking_denials/hal_graphics_composer_default.te

@@ -12,3 +12,9 @@ dontaudit hal_graphics_composer_default vndbinder_device:chr_file { write };
 # b/205779906
 dontaudit hal_graphics_composer_default mnt_vendor_file:dir { search };
 dontaudit hal_graphics_composer_default persist_file:dir { search };
+# b/205904436
+dontaudit hal_graphics_composer_default hal_graphics_composer_default:netlink_kobject_uevent_socket { bind };
+dontaudit hal_graphics_composer_default hal_graphics_composer_default:netlink_kobject_uevent_socket { create };
+dontaudit hal_graphics_composer_default hal_graphics_composer_default:netlink_kobject_uevent_socket { read };
+dontaudit hal_graphics_composer_default vndservicemanager:binder { call };
+dontaudit hal_graphics_composer_default vndservicemanager:binder { transfer };

tracking_denials/hal_health_default.te

@@ -7,3 +7,6 @@ dontaudit hal_health_default vendor_battery_defender_prop:property_service { set
 # b/205779737
 dontaudit hal_health_default mnt_vendor_file:dir { search };
 dontaudit hal_health_default persist_file:dir { search };
+# b/205904402
+dontaudit hal_health_default init:unix_stream_socket { connectto };
+dontaudit hal_health_default property_socket:sock_file { write };

tracking_denials/hal_identity_citadel.te

@@ -4,3 +4,5 @@ dontaudit hal_identity_citadel vndbinder_device:chr_file { map };
 dontaudit hal_identity_citadel vndbinder_device:chr_file { open };
 dontaudit hal_identity_citadel vndbinder_device:chr_file { read };
 dontaudit hal_identity_citadel vndbinder_device:chr_file { write };
+# b/205904552
+dontaudit hal_identity_citadel vndservicemanager:binder { call };

tracking_denials/hal_keymint_citadel.te

@@ -9,3 +9,6 @@ dontaudit hal_keymint_citadel vndbinder_device:chr_file { map };
 dontaudit hal_keymint_citadel vndbinder_device:chr_file { open };
 dontaudit hal_keymint_citadel vndbinder_device:chr_file { read };
 dontaudit hal_keymint_citadel vndbinder_device:chr_file { write };
+# b/205904323
+dontaudit hal_keymint_citadel citadeld:binder { call };
+dontaudit hal_keymint_citadel vndservicemanager:binder { call };

tracking_denials/hal_power_default.te

@@ -0,0 +1,2 @@
+# b/205904442
+dontaudit hal_power_default hal_camera_default:binder { transfer };

tracking_denials/hal_power_stats_default.te

@@ -0,0 +1,2 @@
+# b/205904367
+dontaudit hal_power_stats_default hal_bluetooth_btlinux:binder { call };

tracking_denials/hal_secure_element_gto.te

@@ -3,3 +3,6 @@ dontaudit hal_secure_element_gto vendor_secure_element_prop:property_service { s
 # b/205656951
 dontaudit hal_secure_element_gto secure_element_device:chr_file { open };
 dontaudit hal_secure_element_gto secure_element_device:chr_file { read write };
+# b/205904452
+dontaudit hal_secure_element_gto init:unix_stream_socket { connectto };
+dontaudit hal_secure_element_gto property_socket:sock_file { write };

tracking_denials/hal_secure_element_uicc.te

@@ -0,0 +1,3 @@
+# b/205904403
+dontaudit hal_secure_element_uicc rild:binder { call };
+dontaudit hal_secure_element_uicc rild:binder { transfer };

tracking_denials/hal_sensors_default.te

@@ -9,3 +9,7 @@ dontaudit hal_sensors_default persist_file:dir { search };
 dontaudit hal_sensors_default sensor_reg_data_file:dir { getattr };
 dontaudit hal_sensors_default sensor_reg_data_file:dir { open };
 dontaudit hal_sensors_default sensor_reg_data_file:dir { read };
+# b/205904379
+dontaudit hal_sensors_default chre:unix_stream_socket { connectto };
+dontaudit hal_sensors_default chre_socket:sock_file { write };
+dontaudit hal_sensors_default system_server:binder { call };

tracking_denials/hal_thermal_default.te

@@ -0,0 +1,7 @@
+# b/205904328
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { bind };
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { create };
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { getattr };
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { read };
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { setopt };
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { write };

tracking_denials/hal_weaver_citadel.te

@@ -4,3 +4,6 @@ dontaudit hal_weaver_citadel vndbinder_device:chr_file { map };
 dontaudit hal_weaver_citadel vndbinder_device:chr_file { open };
 dontaudit hal_weaver_citadel vndbinder_device:chr_file { read };
 dontaudit hal_weaver_citadel vndbinder_device:chr_file { write };
+# b/205904286
+dontaudit hal_weaver_citadel citadeld:binder { call };
+dontaudit hal_weaver_citadel vndservicemanager:binder { call };

tracking_denials/hbmsvmanager_app.te

@@ -1,2 +1,4 @@
 # b/204718757
 dontaudit hbmsvmanager_app hal_pixel_display_service:service_manager { find };
+# b/205904380
+dontaudit hbmsvmanager_app hal_graphics_composer_default:binder { call };

tracking_denials/init_citadel.te

@@ -7,3 +7,6 @@ dontaudit init_citadel vndbinder_device:chr_file { write };
 # b/205779736
 dontaudit init_citadel citadel_updater:file { execute_no_trans };
 dontaudit init_citadel vendor_toolbox_exec:file { execute_no_trans };
+# b/205904401
+dontaudit init_citadel citadeld:binder { call };
+dontaudit init_citadel vndservicemanager:binder { call };

tracking_denials/mediacodec_samsung.te

@@ -8,3 +8,6 @@ dontaudit mediacodec_samsung vndbinder_device:chr_file { map };
 dontaudit mediacodec_samsung vndbinder_device:chr_file { open };
 dontaudit mediacodec_samsung vndbinder_device:chr_file { read };
 dontaudit mediacodec_samsung vndbinder_device:chr_file { write };
+# b/205904381
+dontaudit mediacodec_samsung vndservicemanager:binder { call };
+dontaudit mediacodec_samsung vndservicemanager:binder { transfer };

tracking_denials/nfc.te

@@ -0,0 +1,2 @@
+# b/205904208
+dontaudit nfc zygote:binder { transfer };

tracking_denials/pixelstats_vendor.te

@@ -0,0 +1,2 @@
+# b/205904433
+dontaudit pixelstats_vendor servicemanager:binder { call };

tracking_denials/platform_app.te

@@ -1,2 +1,4 @@
 # b/204718221
 dontaudit platform_app touch_service:service_manager { find };
+# b/205904327
+dontaudit platform_app hal_wlc:binder { call };

tracking_denials/priv_app.te

@@ -4,3 +4,6 @@ dontaudit priv_app hal_exynos_rild_hwservice:hwservice_manager { find };
 dontaudit priv_app vendor_default_prop:file { getattr };
 dontaudit priv_app vendor_default_prop:file { map };
 dontaudit priv_app vendor_default_prop:file { open };
+# b/205904553
+dontaudit priv_app rild:binder { call };
+dontaudit priv_app rild:binder { transfer };

tracking_denials/rfsd.te

@@ -0,0 +1,3 @@
+# b/205904361
+dontaudit rfsd rfsd:capability { chown };
+dontaudit rfsd rfsd:capability { setuid };

tracking_denials/rild.te

@@ -4,3 +4,8 @@ dontaudit rild vendor_persist_config_default_prop:file { getattr };
 dontaudit rild vendor_persist_config_default_prop:file { map };
 dontaudit rild vendor_persist_config_default_prop:file { open };
 dontaudit rild vendor_persist_config_default_prop:file { read };
+# b/205904441
+dontaudit rild hal_secure_element_uicc:binder { call };
+dontaudit rild priv_app:binder { call };
+dontaudit rild vendor_ims_app:binder { call };
+dontaudit rild vendor_rcs_app:binder { call };

tracking_denials/rlsservice.te

@@ -14,3 +14,6 @@ dontaudit rlsservice apex_info_file:file { getattr };
 dontaudit rlsservice apex_info_file:file { open };
 dontaudit rlsservice apex_info_file:file { read };
 dontaudit rlsservice apex_info_file:file { watch };
+# b/205904324
+dontaudit rlsservice vndservicemanager:binder { call };
+dontaudit rlsservice vndservicemanager:binder { transfer };

tracking_denials/servicemanager.te

@@ -0,0 +1,4 @@
+# b/205904207
+dontaudit servicemanager citadeld:binder { call };
+dontaudit servicemanager hal_camera_default:binder { call };
+dontaudit servicemanager hal_fingerprint_default:binder { call };

tracking_denials/system_server.te

@@ -0,0 +1,2 @@
+# b/205904404
+dontaudit system_server zygote:binder { call };

tracking_denials/tee.te

@@ -0,0 +1,3 @@
+# b/205904330
+dontaudit tee tee:capability { setgid };
+dontaudit tee tee:capability { setuid };

tracking_denials/vendor_ims_app.te

@@ -1,2 +1,5 @@
 # b/205780067
 dontaudit vendor_ims_app radio_service:service_manager { find };
+# b/205904439
+dontaudit vendor_ims_app rild:binder { call };
+dontaudit vendor_ims_app rild:binder { transfer };

tracking_denials/vendor_rcs_app.te

@@ -1,2 +1,5 @@
 # b/205779581
 dontaudit vendor_rcs_app radio_service:service_manager { find };
+# b/205904435
+dontaudit vendor_rcs_app rild:binder { call };
+dontaudit vendor_rcs_app rild:binder { transfer };

tracking_denials/zygote.te

@@ -6,3 +6,9 @@ dontaudit zygote default_android_service:service_manager { find };
 dontaudit zygote game_service:service_manager { find };
 dontaudit zygote nfc_service:service_manager { find };
 dontaudit zygote radio_service:service_manager { find };
+# b/205904384
+dontaudit zygote adbd:unix_stream_socket { connectto };
+dontaudit zygote nfc:binder { call };
+dontaudit zygote servicemanager:binder { call };
+dontaudit zygote system_server:binder { call };
+dontaudit zygote system_server:binder { transfer };