From cd4f508c92e8ef8e99f707093b754747a98d1a4f Mon Sep 17 00:00:00 2001
From: Alex Hong <rurumihong@google.com>
Date: Fri, 21 Jan 2022 17:35:54 +0800
Subject: [PATCH] Grant hal_dumpstate_default access

Bug: 208721677
Bug: 208909124
Test: pts-tradefed run pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest#scanBugreport
Change-Id: Ie5463e96958a95431630941c19b7888a3eea2e3e
---
 tracking_denials/hal_dumpstate_default.te | 11 -----------
 whitechapel_pro/hal_dumpstate_default.te  | 15 +++++++++++++++
 2 files changed, 15 insertions(+), 11 deletions(-)
 delete mode 100644 tracking_denials/hal_dumpstate_default.te

diff --git a/tracking_denials/hal_dumpstate_default.te b/tracking_denials/hal_dumpstate_default.te
deleted file mode 100644
index 72668cfe..00000000
--- a/tracking_denials/hal_dumpstate_default.te
+++ /dev/null
@@ -1,11 +0,0 @@
-# b/208721677
-# b/208909124
-dontaudit hal_dumpstate_default boottime_public_prop:file { open };
-dontaudit hal_dumpstate_default boottime_public_prop:file { read };
-dontaudit hal_dumpstate_default property_type:file *;
-dontaudit hal_dumpstate_default shell_data_file:file { getattr };
-dontaudit hal_dumpstate_default vendor_dumpsys:file { execute_no_trans };
-dontaudit hal_dumpstate_default vendor_log_file:dir search;
-dontaudit hal_dumpstate_default vendor_shell_exec:file { execute_no_trans };
-dontaudit hal_dumpstate_default vendor_toolbox_exec:file { execute_no_trans };
-
diff --git a/whitechapel_pro/hal_dumpstate_default.te b/whitechapel_pro/hal_dumpstate_default.te
index bce77139..cad7c3a1 100644
--- a/whitechapel_pro/hal_dumpstate_default.te
+++ b/whitechapel_pro/hal_dumpstate_default.te
@@ -68,6 +68,21 @@ allow hal_dumpstate_default vendor_displaycolor_service:service_manager find;
 binder_call(hal_dumpstate_default, hal_graphics_composer_default);
 vndbinder_use(hal_dumpstate_default)
 
+allow hal_dumpstate_default shell_data_file:file getattr;
+
+allow hal_dumpstate_default vendor_log_file:dir search;
+allow hal_dumpstate_default vendor_dumpsys:file execute_no_trans;
+
+allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans;
+allow hal_dumpstate_default vendor_shell_exec:file execute_no_trans;
+
+get_prop(hal_dumpstate_default, boottime_public_prop)
+get_prop(hal_dumpstate_default, vendor_camera_prop)
+get_prop(hal_dumpstate_default, vendor_gps_prop)
+set_prop(hal_dumpstate_default, vendor_modem_prop)
+get_prop(hal_dumpstate_default, vendor_rild_prop)
+get_prop(hal_dumpstate_default, vendor_tcpdump_log_prop)
+
 userdebug_or_eng(`
   allow hal_dumpstate_default mnt_vendor_file:dir search;
   allow hal_dumpstate_default ramdump_vendor_mnt_file:dir search;