From e3bb63ab1b8e07ba067ed0d5ff8e4993b736ef4b Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Wed, 10 Nov 2021 13:51:34 +0800
Subject: [PATCH] Make display related libraries reachable

Bug: 205780068
Bug: 205779849
Test: boot with no relevant error
Change-Id: I806ecb779690346674816b793a5da21acf1be59b
---
 tracking_denials/surfaceflinger.te | 5 -----
 tracking_denials/zygote.te         | 7 -------
 whitechapel_pro/file_contexts      | 5 +++++
 3 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/tracking_denials/surfaceflinger.te b/tracking_denials/surfaceflinger.te
index e6135d38..3ccdc9c3 100644
--- a/tracking_denials/surfaceflinger.te
+++ b/tracking_denials/surfaceflinger.te
@@ -1,11 +1,6 @@
 # b/205072689
 dontaudit surfaceflinger kernel:process { setsched };
 # b/205779849
-dontaudit surfaceflinger vendor_file:file { execute };
-dontaudit surfaceflinger vendor_file:file { getattr };
-dontaudit surfaceflinger vendor_file:file { map };
-dontaudit surfaceflinger vendor_file:file { open };
-dontaudit surfaceflinger vendor_file:file { read };
 dontaudit surfaceflinger vendor_fw_file:dir { search };
 dontaudit surfaceflinger vendor_fw_file:file { open };
 dontaudit surfaceflinger vendor_fw_file:file { read };
diff --git a/tracking_denials/zygote.te b/tracking_denials/zygote.te
index 4ebb49ce..c9fd8bba 100644
--- a/tracking_denials/zygote.te
+++ b/tracking_denials/zygote.te
@@ -6,10 +6,3 @@ dontaudit zygote default_android_service:service_manager { find };
 dontaudit zygote game_service:service_manager { find };
 dontaudit zygote nfc_service:service_manager { find };
 dontaudit zygote radio_service:service_manager { find };
-# b/205780068
-dontaudit zygote user_profile_data_file:file { getattr };
-dontaudit zygote vendor_file:file { execute };
-dontaudit zygote vendor_file:file { getattr };
-dontaudit zygote vendor_file:file { map };
-dontaudit zygote vendor_file:file { open };
-dontaudit zygote vendor_file:file { read };
diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts
index d6dcbfc8..f8414aed 100644
--- a/whitechapel_pro/file_contexts
+++ b/whitechapel_pro/file_contexts
@@ -42,6 +42,11 @@
 # Vendor Firmwares
 /vendor/firmware(/.*)?                                                      u:object_r:vendor_fw_file:s0
 
+# Vendor libraries
+/vendor/lib64/libdrm\.so                                                    u:object_r:same_process_hal_file:s0
+/vendor/lib64/libion_google\.so                                             u:object_r:same_process_hal_file:s0
+/vendor/lib64/arm\.graphics-V1-ndk\.so                                      u:object_r:same_process_hal_file:s0
+
 # Vendor kernel modules
 /vendor_dlkm/lib/modules/.*\.ko                                             u:object_r:vendor_kernel_modules:s0