From b5edce085f8150d45659cc4a1d03b38f81bef3eb Mon Sep 17 00:00:00 2001
From: sukiliu <sukiliu@google.com>
Date: Wed, 29 Jun 2022 14:07:37 +0800
Subject: [PATCH] Update avc error on ROM 8780665

Bug: 237491813
Bug: 237492145
Bug: 237491814
Bug: 237492146
Bug: 237492091
Test: PtsSELinuxTestCases
Change-Id: I615453d58ea17306ceefe6195bc95974de0f259b
---
 tracking_denials/bug_map              | 5 +++++
 tracking_denials/dumpstate.te         | 2 ++
 tracking_denials/hal_drm_widevine.te  | 2 ++
 tracking_denials/hal_googlebattery.te | 2 ++
 tracking_denials/hal_power_default.te | 3 +++
 tracking_denials/incidentd.te         | 2 ++
 6 files changed, 16 insertions(+)
 create mode 100644 tracking_denials/bug_map
 create mode 100644 tracking_denials/hal_googlebattery.te
 create mode 100644 tracking_denials/hal_power_default.te
 create mode 100644 tracking_denials/incidentd.te

diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
new file mode 100644
index 00000000..d53dde6c
--- /dev/null
+++ b/tracking_denials/bug_map
@@ -0,0 +1,5 @@
+dumpstate app_zygote process b/237491813
+hal_drm_widevine default_prop file b/237492145
+hal_googlebattery dumpstate fd b/237491814
+hal_power_default hal_power_default capability b/237492146
+incidentd debugfs_wakeup_sources file b/237492091
diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te
index ffb8518c..e93762d6 100644
--- a/tracking_denials/dumpstate.te
+++ b/tracking_denials/dumpstate.te
@@ -1,2 +1,4 @@
 # b/185723618
 dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find };
+# b/237491813
+dontaudit dumpstate app_zygote:process { signal };
diff --git a/tracking_denials/hal_drm_widevine.te b/tracking_denials/hal_drm_widevine.te
index cfe7fcf7..b0124389 100644
--- a/tracking_denials/hal_drm_widevine.te
+++ b/tracking_denials/hal_drm_widevine.te
@@ -1,2 +1,4 @@
 # b/229209076
 dontaudit hal_drm_widevine vndbinder_device:chr_file { read };
+# b/237492145
+dontaudit hal_drm_widevine default_prop:file { read };
diff --git a/tracking_denials/hal_googlebattery.te b/tracking_denials/hal_googlebattery.te
new file mode 100644
index 00000000..da7f8c6f
--- /dev/null
+++ b/tracking_denials/hal_googlebattery.te
@@ -0,0 +1,2 @@
+# b/237491814
+dontaudit hal_googlebattery dumpstate:fd { use };
diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te
new file mode 100644
index 00000000..a2ce6fdb
--- /dev/null
+++ b/tracking_denials/hal_power_default.te
@@ -0,0 +1,3 @@
+# b/237492146
+dontaudit hal_power_default hal_power_default:capability { dac_override };
+dontaudit hal_power_default hal_power_default:capability { dac_read_search };
diff --git a/tracking_denials/incidentd.te b/tracking_denials/incidentd.te
new file mode 100644
index 00000000..e6fce309
--- /dev/null
+++ b/tracking_denials/incidentd.te
@@ -0,0 +1,2 @@
+# b/237492091
+dontaudit incidentd debugfs_wakeup_sources:file { read };