From cfbef530da75e16b2bafdb466cd683242e92c3c5 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Thu, 2 Dec 2021 11:19:39 +0800
Subject: [PATCH] update error on ROM 7961148

Bug: 208721809
Bug: 208721525
Bug: 208721677
Bug: 208721526
Bug: 208721638
Bug: 208721505
Bug: 208721729
Bug: 208721710
Bug: 208721673
Bug: 208721679
Bug: 208721707
Bug: 208721808
Bug: 208721636
Bug: 208721768
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ida37756678645dea41d343ede41868ce717fe9da
---
 tracking_denials/dumpstate.te                 |  9 ++++
 tracking_denials/hal_bluetooth_btlinux.te     |  2 +
 tracking_denials/hal_dumpstate_default.te     | 51 +++++++++++++++++++
 .../hal_graphics_composer_default.te          |  3 ++
 tracking_denials/hal_health_default.te        |  5 ++
 tracking_denials/hal_uwb_vendor_default.te    |  3 ++
 tracking_denials/hal_vibrator_default.te      |  6 +++
 tracking_denials/hardware_info_app.te         |  4 ++
 tracking_denials/incidentd.te                 |  7 +++
 tracking_denials/logger_app.te                |  9 ++++
 tracking_denials/permissioncontroller_app.te  |  2 +
 tracking_denials/surfaceflinger.te            |  2 +
 tracking_denials/system_app.te                |  9 ++++
 tracking_denials/vold.te                      |  3 ++
 14 files changed, 115 insertions(+)
 create mode 100644 tracking_denials/dumpstate.te
 create mode 100644 tracking_denials/hal_dumpstate_default.te
 create mode 100644 tracking_denials/hal_health_default.te
 create mode 100644 tracking_denials/hardware_info_app.te
 create mode 100644 tracking_denials/incidentd.te
 create mode 100644 tracking_denials/permissioncontroller_app.te
 create mode 100644 tracking_denials/system_app.te
 create mode 100644 tracking_denials/vold.te

diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te
new file mode 100644
index 00000000..2ac7e19a
--- /dev/null
+++ b/tracking_denials/dumpstate.te
@@ -0,0 +1,9 @@
+# b/208721809
+dontaudit dumpstate fuse:dir { search };
+dontaudit dumpstate hal_graphics_composer_default:binder { call };
+dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find };
+dontaudit dumpstate hal_uwb_vendor_default:binder { call };
+dontaudit dumpstate modem_img_file:filesystem { getattr };
+dontaudit dumpstate vendor_dmabuf_debugfs:file { open };
+dontaudit dumpstate vendor_dmabuf_debugfs:file { read };
+dontaudit dumpstate vold:binder { call };
diff --git a/tracking_denials/hal_bluetooth_btlinux.te b/tracking_denials/hal_bluetooth_btlinux.te
index 04eae4f5..7848e458 100644
--- a/tracking_denials/hal_bluetooth_btlinux.te
+++ b/tracking_denials/hal_bluetooth_btlinux.te
@@ -2,3 +2,5 @@
 dontaudit hal_bluetooth_btlinux device:chr_file { ioctl };
 dontaudit hal_bluetooth_btlinux device:chr_file { open };
 dontaudit hal_bluetooth_btlinux device:chr_file { read write };
+# b/208721525
+dontaudit hal_bluetooth_btlinux device:chr_file { getattr };
diff --git a/tracking_denials/hal_dumpstate_default.te b/tracking_denials/hal_dumpstate_default.te
new file mode 100644
index 00000000..82964570
--- /dev/null
+++ b/tracking_denials/hal_dumpstate_default.te
@@ -0,0 +1,51 @@
+# b/208721677
+dontaudit hal_dumpstate_default boottime_public_prop:file { open };
+dontaudit hal_dumpstate_default boottime_public_prop:file { read };
+dontaudit hal_dumpstate_default citadeld_service:service_manager { find };
+dontaudit hal_dumpstate_default debugfs:file { open };
+dontaudit hal_dumpstate_default debugfs:file { read };
+dontaudit hal_dumpstate_default debugfs_f2fs:dir { search };
+dontaudit hal_dumpstate_default debugfs_f2fs:file { open };
+dontaudit hal_dumpstate_default debugfs_f2fs:file { read };
+dontaudit hal_dumpstate_default logbuffer_device:chr_file { getattr };
+dontaudit hal_dumpstate_default logbuffer_device:chr_file { open };
+dontaudit hal_dumpstate_default logbuffer_device:chr_file { read };
+dontaudit hal_dumpstate_default modem_stat_data_file:file { open };
+dontaudit hal_dumpstate_default modem_stat_data_file:file { read };
+dontaudit hal_dumpstate_default radio_vendor_data_file:dir { getattr };
+dontaudit hal_dumpstate_default radio_vendor_data_file:dir { open };
+dontaudit hal_dumpstate_default radio_vendor_data_file:dir { read };
+dontaudit hal_dumpstate_default radio_vendor_data_file:dir { search };
+dontaudit hal_dumpstate_default radio_vendor_data_file:dir { write };
+dontaudit hal_dumpstate_default radio_vendor_data_file:file { getattr };
+dontaudit hal_dumpstate_default radio_vendor_data_file:file { open };
+dontaudit hal_dumpstate_default radio_vendor_data_file:file { read };
+dontaudit hal_dumpstate_default radio_vendor_data_file:file { setattr };
+dontaudit hal_dumpstate_default sysfs:file { read };
+dontaudit hal_dumpstate_default sysfs_acpm_stats:dir { open };
+dontaudit hal_dumpstate_default sysfs_acpm_stats:dir { read };
+dontaudit hal_dumpstate_default sysfs_acpm_stats:dir { search };
+dontaudit hal_dumpstate_default sysfs_acpm_stats:file { open };
+dontaudit hal_dumpstate_default sysfs_acpm_stats:file { read };
+dontaudit hal_dumpstate_default sysfs_bcl:dir { open };
+dontaudit hal_dumpstate_default sysfs_bcl:dir { read };
+dontaudit hal_dumpstate_default sysfs_bcl:dir { search };
+dontaudit hal_dumpstate_default sysfs_bcl:file { getattr };
+dontaudit hal_dumpstate_default sysfs_bcl:file { read };
+dontaudit hal_dumpstate_default sysfs_chip_id:file { open };
+dontaudit hal_dumpstate_default sysfs_chip_id:file { read };
+dontaudit hal_dumpstate_default sysfs_thermal:dir { open };
+dontaudit hal_dumpstate_default sysfs_thermal:dir { read };
+dontaudit hal_dumpstate_default sysfs_thermal:dir { search };
+dontaudit hal_dumpstate_default sysfs_thermal:file { open };
+dontaudit hal_dumpstate_default sysfs_thermal:file { read };
+dontaudit hal_dumpstate_default sysfs_wifi:dir { search };
+dontaudit hal_dumpstate_default sysfs_wifi:file { open };
+dontaudit hal_dumpstate_default sysfs_wifi:file { read };
+dontaudit hal_dumpstate_default vendor_displaycolor_service:service_manager { find };
+dontaudit hal_dumpstate_default vendor_dmabuf_debugfs:file { open };
+dontaudit hal_dumpstate_default vendor_dmabuf_debugfs:file { read };
+dontaudit hal_dumpstate_default vendor_dumpsys:file { execute_no_trans };
+dontaudit hal_dumpstate_default vendor_shell_exec:file { execute_no_trans };
+dontaudit hal_dumpstate_default vendor_toolbox_exec:file { execute_no_trans };
+dontaudit hal_dumpstate_default vndbinder_device:chr_file { read };
diff --git a/tracking_denials/hal_graphics_composer_default.te b/tracking_denials/hal_graphics_composer_default.te
index b411cdab..87535c37 100644
--- a/tracking_denials/hal_graphics_composer_default.te
+++ b/tracking_denials/hal_graphics_composer_default.te
@@ -28,3 +28,6 @@ dontaudit hal_graphics_composer_default sysfs:file { open };
 dontaudit hal_graphics_composer_default sysfs:file { read };
 dontaudit hal_graphics_composer_default sysfs:file { write };
 dontaudit hal_graphics_composer_default sysfs_display:file { write };
+# b/208721526
+dontaudit hal_graphics_composer_default dumpstate:fd { use };
+dontaudit hal_graphics_composer_default dumpstate:fifo_file { write };
diff --git a/tracking_denials/hal_health_default.te b/tracking_denials/hal_health_default.te
new file mode 100644
index 00000000..d36ba385
--- /dev/null
+++ b/tracking_denials/hal_health_default.te
@@ -0,0 +1,5 @@
+# b/208721638
+dontaudit hal_health_default sysfs_thermal:dir { search };
+dontaudit hal_health_default sysfs_thermal:file { open };
+dontaudit hal_health_default sysfs_thermal:file { write };
+dontaudit hal_health_default thermal_link_device:dir { search };
diff --git a/tracking_denials/hal_uwb_vendor_default.te b/tracking_denials/hal_uwb_vendor_default.te
index 7fd11e03..2ec596a2 100644
--- a/tracking_denials/hal_uwb_vendor_default.te
+++ b/tracking_denials/hal_uwb_vendor_default.te
@@ -4,3 +4,6 @@ dontaudit hal_uwb_vendor_default default_android_service:service_manager { add }
 dontaudit hal_uwb_vendor_default hal_uwb_vendor_default:capability { net_admin };
 dontaudit hal_uwb_vendor_default zygote:binder { call };
 dontaudit hal_uwb_vendor_default zygote:binder { transfer };
+# b/208721505
+dontaudit hal_uwb_vendor_default dumpstate:fd { use };
+dontaudit hal_uwb_vendor_default dumpstate:fifo_file { write };
diff --git a/tracking_denials/hal_vibrator_default.te b/tracking_denials/hal_vibrator_default.te
index c69e5c5b..173aeb60 100644
--- a/tracking_denials/hal_vibrator_default.te
+++ b/tracking_denials/hal_vibrator_default.te
@@ -9,3 +9,9 @@ dontaudit hal_vibrator_default proc_asound:file { read };
 dontaudit hal_vibrator_default sysfs:file { getattr };
 dontaudit hal_vibrator_default sysfs:file { open };
 dontaudit hal_vibrator_default sysfs:file { read write };
+# b/208721729
+#dontaudit hal_vibrator_default fastbootd_protocol_prop:file { getattr };
+#dontaudit hal_vibrator_default fastbootd_protocol_prop:file { map };
+#dontaudit hal_vibrator_default fastbootd_protocol_prop:file { open };
+dontaudit hal_vibrator_default ffs_config_prop:file { getattr };
+dontaudit hal_vibrator_default ffs_config_prop:file { open };
diff --git a/tracking_denials/hardware_info_app.te b/tracking_denials/hardware_info_app.te
new file mode 100644
index 00000000..a79e1d94
--- /dev/null
+++ b/tracking_denials/hardware_info_app.te
@@ -0,0 +1,4 @@
+# b/208721710
+dontaudit hardware_info_app sysfs:file { getattr };
+dontaudit hardware_info_app sysfs:file { open };
+dontaudit hardware_info_app sysfs:file { read };
diff --git a/tracking_denials/incidentd.te b/tracking_denials/incidentd.te
new file mode 100644
index 00000000..556c5ae0
--- /dev/null
+++ b/tracking_denials/incidentd.te
@@ -0,0 +1,7 @@
+# b/208721673
+dontaudit incidentd aac_drc_prop:file { getattr };
+dontaudit incidentd aac_drc_prop:file { map };
+dontaudit incidentd aac_drc_prop:file { open };
+dontaudit incidentd ab_update_gki_prop:file { getattr };
+dontaudit incidentd ab_update_gki_prop:file { map };
+dontaudit incidentd ab_update_gki_prop:file { open };
diff --git a/tracking_denials/logger_app.te b/tracking_denials/logger_app.te
index 34a5eb92..a29fe89b 100644
--- a/tracking_denials/logger_app.te
+++ b/tracking_denials/logger_app.te
@@ -32,3 +32,12 @@ dontaudit logger_app sysfs_vendor_sched:dir { search };
 dontaudit logger_app vendor_gps_file:dir { remove_name };
 dontaudit logger_app vendor_gps_file:dir { write };
 dontaudit logger_app vendor_gps_file:file { unlink };
+# b/208721679
+dontaudit logger_app vendor_default_prop:file { getattr };
+dontaudit logger_app vendor_default_prop:file { map };
+dontaudit logger_app vendor_default_prop:file { open };
+dontaudit logger_app vendor_modem_prop:file { getattr };
+dontaudit logger_app vendor_modem_prop:file { map };
+dontaudit logger_app vendor_modem_prop:file { open };
+dontaudit logger_app vendor_modem_prop:file { read };
+dontaudit logger_app vendor_modem_prop:property_service { set };
diff --git a/tracking_denials/permissioncontroller_app.te b/tracking_denials/permissioncontroller_app.te
new file mode 100644
index 00000000..4aa2b9c9
--- /dev/null
+++ b/tracking_denials/permissioncontroller_app.te
@@ -0,0 +1,2 @@
+# b/208721707
+#dontaudit permissioncontroller_app sysfs_vendor_sched:dir { search };
diff --git a/tracking_denials/surfaceflinger.te b/tracking_denials/surfaceflinger.te
index 3ccdc9c3..b36f5aef 100644
--- a/tracking_denials/surfaceflinger.te
+++ b/tracking_denials/surfaceflinger.te
@@ -4,3 +4,5 @@ dontaudit surfaceflinger kernel:process { setsched };
 dontaudit surfaceflinger vendor_fw_file:dir { search };
 dontaudit surfaceflinger vendor_fw_file:file { open };
 dontaudit surfaceflinger vendor_fw_file:file { read };
+# b/208721808
+dontaudit surfaceflinger hal_graphics_composer_default:dir { search };
diff --git a/tracking_denials/system_app.te b/tracking_denials/system_app.te
new file mode 100644
index 00000000..a3d62aac
--- /dev/null
+++ b/tracking_denials/system_app.te
@@ -0,0 +1,9 @@
+# b/208721636
+dontaudit system_app sysfs_vendor_sched:dir { search };
+dontaudit system_app vendor_default_prop:file { getattr };
+dontaudit system_app vendor_default_prop:file { map };
+dontaudit system_app vendor_default_prop:file { open };
+dontaudit system_app vendor_slog_file:dir { search };
+dontaudit system_app vendor_slog_prop:file { getattr };
+dontaudit system_app vendor_slog_prop:file { map };
+dontaudit system_app vendor_slog_prop:file { open };
diff --git a/tracking_denials/vold.te b/tracking_denials/vold.te
new file mode 100644
index 00000000..9d7b7a87
--- /dev/null
+++ b/tracking_denials/vold.te
@@ -0,0 +1,3 @@
+# b/208721768
+dontaudit vold dumpstate:fd { use };
+dontaudit vold dumpstate:fifo_file { write };