diff --git a/tracking_denials/surfaceflinger.te b/tracking_denials/surfaceflinger.te index e6135d38..3ccdc9c3 100644 --- a/tracking_denials/surfaceflinger.te +++ b/tracking_denials/surfaceflinger.te @@ -1,11 +1,6 @@ # b/205072689 dontaudit surfaceflinger kernel:process { setsched }; # b/205779849 -dontaudit surfaceflinger vendor_file:file { execute }; -dontaudit surfaceflinger vendor_file:file { getattr }; -dontaudit surfaceflinger vendor_file:file { map }; -dontaudit surfaceflinger vendor_file:file { open }; -dontaudit surfaceflinger vendor_file:file { read }; dontaudit surfaceflinger vendor_fw_file:dir { search }; dontaudit surfaceflinger vendor_fw_file:file { open }; dontaudit surfaceflinger vendor_fw_file:file { read }; diff --git a/tracking_denials/zygote.te b/tracking_denials/zygote.te index 4ebb49ce..c9fd8bba 100644 --- a/tracking_denials/zygote.te +++ b/tracking_denials/zygote.te @@ -6,10 +6,3 @@ dontaudit zygote default_android_service:service_manager { find }; dontaudit zygote game_service:service_manager { find }; dontaudit zygote nfc_service:service_manager { find }; dontaudit zygote radio_service:service_manager { find }; -# b/205780068 -dontaudit zygote user_profile_data_file:file { getattr }; -dontaudit zygote vendor_file:file { execute }; -dontaudit zygote vendor_file:file { getattr }; -dontaudit zygote vendor_file:file { map }; -dontaudit zygote vendor_file:file { open }; -dontaudit zygote vendor_file:file { read }; diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index d6dcbfc8..f8414aed 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -42,6 +42,11 @@ # Vendor Firmwares /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 +# Vendor libraries +/vendor/lib64/libdrm\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/libion_google\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/arm\.graphics-V1-ndk\.so u:object_r:same_process_hal_file:s0 + # Vendor kernel modules /vendor_dlkm/lib/modules/.*\.ko u:object_r:vendor_kernel_modules:s0