From f2353c6aeda8120ece3f31ae58f835bdc98eb950 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Thu, 4 Nov 2021 14:09:41 +0800
Subject: [PATCH] update error on ROM 7882509

Bug: 205073232
Bug: 205072921
Bug: 205073231
Bug: 205073165
Bug: 205073003
Bug: 205073229
Bug: 205073167
Bug: 205073164
Bug: 205073230
Bug: 205073038
Bug: 205073024
Bug: 205073117
Bug: 205073023
Bug: 205072922
Bug: 205073166
Bug: 205072689
Bug: 205073025
Bug: 205070818
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I84cc72176363ed31203b7f7afe0720c3153d2cc6
---
 tracking_denials/dmd.te                           | 5 +++++
 tracking_denials/hal_camera_default.te            | 7 +++++++
 tracking_denials/hal_fingerprint_default.te       | 9 +++++++++
 tracking_denials/hal_graphics_composer_default.te | 5 +++++
 tracking_denials/hal_health_default.te            | 6 ++++++
 tracking_denials/hal_keymint_citadel.te           | 5 +++++
 tracking_denials/hal_neuralnetworks_armnn.te      | 3 +++
 tracking_denials/hal_secure_element_gto.te        | 2 ++
 tracking_denials/hal_usb_impl.te                  | 5 +++++
 tracking_denials/hal_wifi_ext.te                  | 2 ++
 tracking_denials/platform_app.te                  | 6 ++++++
 tracking_denials/priv_app.te                      | 4 ++++
 tracking_denials/rild.te                          | 6 ++++++
 tracking_denials/shell.te                         | 2 ++
 tracking_denials/sscoredump.te                    | 5 +++++
 tracking_denials/surfaceflinger.te                | 2 ++
 tracking_denials/vcd.te                           | 5 +++++
 tracking_denials/vendor_init.te                   | 4 ++++
 18 files changed, 83 insertions(+)
 create mode 100644 tracking_denials/dmd.te
 create mode 100644 tracking_denials/hal_fingerprint_default.te
 create mode 100644 tracking_denials/hal_graphics_composer_default.te
 create mode 100644 tracking_denials/hal_health_default.te
 create mode 100644 tracking_denials/hal_keymint_citadel.te
 create mode 100644 tracking_denials/hal_neuralnetworks_armnn.te
 create mode 100644 tracking_denials/hal_secure_element_gto.te
 create mode 100644 tracking_denials/hal_usb_impl.te
 create mode 100644 tracking_denials/hal_wifi_ext.te
 create mode 100644 tracking_denials/rild.te
 create mode 100644 tracking_denials/shell.te
 create mode 100644 tracking_denials/sscoredump.te
 create mode 100644 tracking_denials/surfaceflinger.te
 create mode 100644 tracking_denials/vcd.te
 create mode 100644 tracking_denials/vendor_init.te

diff --git a/tracking_denials/dmd.te b/tracking_denials/dmd.te
new file mode 100644
index 00000000..de764e70
--- /dev/null
+++ b/tracking_denials/dmd.te
@@ -0,0 +1,5 @@
+# b/205073232
+dontaudit dmd vendor_persist_config_default_prop:file { getattr };
+dontaudit dmd vendor_persist_config_default_prop:file { map };
+dontaudit dmd vendor_persist_config_default_prop:file { open };
+dontaudit dmd vendor_persist_config_default_prop:file { read };
diff --git a/tracking_denials/hal_camera_default.te b/tracking_denials/hal_camera_default.te
index 44c2fe58..0e19b75f 100644
--- a/tracking_denials/hal_camera_default.te
+++ b/tracking_denials/hal_camera_default.te
@@ -1,3 +1,10 @@
 # b/204718762
 dontaudit hal_camera_default edgetpu_vendor_service:service_manager { find };
 dontaudit hal_camera_default hal_power_service:service_manager { find };
+# b/205072921
+dontaudit hal_camera_default kernel:process { setsched };
+dontaudit hal_camera_default vendor_camera_prop:file { getattr };
+dontaudit hal_camera_default vendor_camera_prop:file { map };
+dontaudit hal_camera_default vendor_camera_prop:file { open };
+dontaudit hal_camera_default vendor_camera_prop:file { read };
+dontaudit hal_camera_default vendor_camera_prop:property_service { set };
diff --git a/tracking_denials/hal_fingerprint_default.te b/tracking_denials/hal_fingerprint_default.te
new file mode 100644
index 00000000..4f59448f
--- /dev/null
+++ b/tracking_denials/hal_fingerprint_default.te
@@ -0,0 +1,9 @@
+# b/205073231
+dontaudit hal_fingerprint_default default_prop:file { getattr };
+dontaudit hal_fingerprint_default default_prop:file { map };
+dontaudit hal_fingerprint_default default_prop:file { open };
+dontaudit hal_fingerprint_default default_prop:file { read };
+dontaudit hal_fingerprint_default fingerprint_ghbm_prop:file { getattr };
+dontaudit hal_fingerprint_default fingerprint_ghbm_prop:file { map };
+dontaudit hal_fingerprint_default fingerprint_ghbm_prop:file { open };
+dontaudit hal_fingerprint_default fingerprint_ghbm_prop:file { read };
diff --git a/tracking_denials/hal_graphics_composer_default.te b/tracking_denials/hal_graphics_composer_default.te
new file mode 100644
index 00000000..d1df1af1
--- /dev/null
+++ b/tracking_denials/hal_graphics_composer_default.te
@@ -0,0 +1,5 @@
+# b/205073165
+dontaudit hal_graphics_composer_default vendor_persist_sys_default_prop:file { getattr };
+dontaudit hal_graphics_composer_default vendor_persist_sys_default_prop:file { map };
+dontaudit hal_graphics_composer_default vendor_persist_sys_default_prop:file { open };
+dontaudit hal_graphics_composer_default vendor_persist_sys_default_prop:file { read };
diff --git a/tracking_denials/hal_health_default.te b/tracking_denials/hal_health_default.te
new file mode 100644
index 00000000..828b5f21
--- /dev/null
+++ b/tracking_denials/hal_health_default.te
@@ -0,0 +1,6 @@
+# b/205073003
+dontaudit hal_health_default vendor_battery_defender_prop:file { getattr };
+dontaudit hal_health_default vendor_battery_defender_prop:file { map };
+dontaudit hal_health_default vendor_battery_defender_prop:file { open };
+dontaudit hal_health_default vendor_battery_defender_prop:file { read };
+dontaudit hal_health_default vendor_battery_defender_prop:property_service { set };
diff --git a/tracking_denials/hal_keymint_citadel.te b/tracking_denials/hal_keymint_citadel.te
new file mode 100644
index 00000000..61da5a9d
--- /dev/null
+++ b/tracking_denials/hal_keymint_citadel.te
@@ -0,0 +1,5 @@
+# b/205073229
+dontaudit hal_keymint_citadel vendor_security_patch_level_prop:file { getattr };
+dontaudit hal_keymint_citadel vendor_security_patch_level_prop:file { map };
+dontaudit hal_keymint_citadel vendor_security_patch_level_prop:file { open };
+dontaudit hal_keymint_citadel vendor_security_patch_level_prop:file { read };
diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te
new file mode 100644
index 00000000..85e39d3c
--- /dev/null
+++ b/tracking_denials/hal_neuralnetworks_armnn.te
@@ -0,0 +1,3 @@
+# b/205073167
+dontaudit hal_neuralnetworks_armnn default_prop:file { open };
+dontaudit hal_neuralnetworks_armnn default_prop:file { read };
diff --git a/tracking_denials/hal_secure_element_gto.te b/tracking_denials/hal_secure_element_gto.te
new file mode 100644
index 00000000..1019879e
--- /dev/null
+++ b/tracking_denials/hal_secure_element_gto.te
@@ -0,0 +1,2 @@
+# b/205073164
+dontaudit hal_secure_element_gto vendor_secure_element_prop:property_service { set };
diff --git a/tracking_denials/hal_usb_impl.te b/tracking_denials/hal_usb_impl.te
new file mode 100644
index 00000000..b2971ad3
--- /dev/null
+++ b/tracking_denials/hal_usb_impl.te
@@ -0,0 +1,5 @@
+# b/205073230
+dontaudit hal_usb_impl vendor_usb_config_prop:file { getattr };
+dontaudit hal_usb_impl vendor_usb_config_prop:file { map };
+dontaudit hal_usb_impl vendor_usb_config_prop:file { open };
+dontaudit hal_usb_impl vendor_usb_config_prop:file { read };
diff --git a/tracking_denials/hal_wifi_ext.te b/tracking_denials/hal_wifi_ext.te
new file mode 100644
index 00000000..b75c1354
--- /dev/null
+++ b/tracking_denials/hal_wifi_ext.te
@@ -0,0 +1,2 @@
+# b/205073038
+dontaudit hal_wifi_ext vendor_wifi_version:property_service { set };
diff --git a/tracking_denials/platform_app.te b/tracking_denials/platform_app.te
index 6e1b0e1c..237f75c5 100644
--- a/tracking_denials/platform_app.te
+++ b/tracking_denials/platform_app.te
@@ -1,2 +1,8 @@
 # b/204718221
 dontaudit platform_app touch_service:service_manager { find };
+# b/205073024
+dontaudit platform_app default_prop:property_service { set };
+dontaudit platform_app fingerprint_ghbm_prop:file { getattr };
+dontaudit platform_app fingerprint_ghbm_prop:file { map };
+dontaudit platform_app fingerprint_ghbm_prop:file { open };
+dontaudit platform_app fingerprint_ghbm_prop:file { read };
diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te
index 6276e04d..450db67c 100644
--- a/tracking_denials/priv_app.te
+++ b/tracking_denials/priv_app.te
@@ -1,2 +1,6 @@
 # b/204718782
 dontaudit priv_app hal_exynos_rild_hwservice:hwservice_manager { find };
+# b/205073117
+dontaudit priv_app vendor_default_prop:file { getattr };
+dontaudit priv_app vendor_default_prop:file { map };
+dontaudit priv_app vendor_default_prop:file { open };
diff --git a/tracking_denials/rild.te b/tracking_denials/rild.te
new file mode 100644
index 00000000..875d5d24
--- /dev/null
+++ b/tracking_denials/rild.te
@@ -0,0 +1,6 @@
+# b/205073023
+dontaudit rild vendor_default_prop:property_service { set };
+dontaudit rild vendor_persist_config_default_prop:file { getattr };
+dontaudit rild vendor_persist_config_default_prop:file { map };
+dontaudit rild vendor_persist_config_default_prop:file { open };
+dontaudit rild vendor_persist_config_default_prop:file { read };
diff --git a/tracking_denials/shell.te b/tracking_denials/shell.te
new file mode 100644
index 00000000..bbe104e9
--- /dev/null
+++ b/tracking_denials/shell.te
@@ -0,0 +1,2 @@
+# b/205072922
+dontaudit shell property_type:file *;
diff --git a/tracking_denials/sscoredump.te b/tracking_denials/sscoredump.te
new file mode 100644
index 00000000..f3de0340
--- /dev/null
+++ b/tracking_denials/sscoredump.te
@@ -0,0 +1,5 @@
+# b/205073166
+dontaudit sscoredump vendor_persist_sys_default_prop:file { getattr };
+dontaudit sscoredump vendor_persist_sys_default_prop:file { map };
+dontaudit sscoredump vendor_persist_sys_default_prop:file { open };
+dontaudit sscoredump vendor_persist_sys_default_prop:file { read };
diff --git a/tracking_denials/surfaceflinger.te b/tracking_denials/surfaceflinger.te
new file mode 100644
index 00000000..a91a9131
--- /dev/null
+++ b/tracking_denials/surfaceflinger.te
@@ -0,0 +1,2 @@
+# b/205072689
+dontaudit surfaceflinger kernel:process { setsched };
diff --git a/tracking_denials/vcd.te b/tracking_denials/vcd.te
new file mode 100644
index 00000000..66f5c0c9
--- /dev/null
+++ b/tracking_denials/vcd.te
@@ -0,0 +1,5 @@
+# b/205073025
+dontaudit vcd vendor_persist_config_default_prop:file { getattr };
+dontaudit vcd vendor_persist_config_default_prop:file { map };
+dontaudit vcd vendor_persist_config_default_prop:file { open };
+dontaudit vcd vendor_persist_config_default_prop:file { read };
diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te
new file mode 100644
index 00000000..043d13b9
--- /dev/null
+++ b/tracking_denials/vendor_init.te
@@ -0,0 +1,4 @@
+# b/205070818
+dontaudit vendor_init vendor_device_prop:property_service { set };
+dontaudit vendor_init vendor_nfc_prop:property_service { set };
+dontaudit vendor_init vendor_secure_element_prop:property_service { set };