From 301e7513b060ce7140d22254687e1e8d0a44b2c5 Mon Sep 17 00:00:00 2001
From: Ken Yang <yangken@google.com>
Date: Wed, 15 May 2024 00:40:22 +0000
Subject: [PATCH 1/3] SELinux: fix avc denials

Fix avc denials for hal_health_default. Add this as tangorpro specific rule to avoid bad build on other devices.

Bug: 338332877
Change-Id: Ifecd53cf053f1e00dd8d7c76acdb24eaebe6217e
Signed-off-by: Ken Yang <yangken@google.com>
---
 vendor/hal_health_default.te | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 vendor/hal_health_default.te

diff --git a/vendor/hal_health_default.te b/vendor/hal_health_default.te
new file mode 100644
index 0000000..f75cab4
--- /dev/null
+++ b/vendor/hal_health_default.te
@@ -0,0 +1 @@
+dontaudit hal_health_default sysfs_touch:dir *;
\ No newline at end of file

From a6f591bdff47457345cd8dc3e8bc942b628f6bb7 Mon Sep 17 00:00:00 2001
From: Hyungwoo Yang <hyungwooyang@google.com>
Date: Tue, 28 May 2024 05:52:46 +0000
Subject: [PATCH 2/3] selinux: add sysfs_wake label for USI pen battery

Bug: 337984471, 342968299

Change-Id: Ia190f99eb684bddcd59dae8f560b4a8eb8979446
Signed-off-by: Hyungwoo Yang <hyungwooyang@google.com>
---
 vendor/genfs_contexts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts
index 4f0385d..91f9912 100644
--- a/vendor/genfs_contexts
+++ b/vendor/genfs_contexts
@@ -7,6 +7,7 @@ genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0   u:object_
 # system suspend wakeup files
 genfscon sysfs /devices/platform/google,dock/power_supply/dock/wakeup                                                     u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0/power_supply/nvt-pen-battery/wakeup                  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0/power_supply/USI_Stylus_Battery/wakeup               u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0/input/input2/wakeup                                  u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0/wakeup                                               u:object_r:sysfs_wakeup:s0
 

From 04b05427fc6de58c21fcd4718b05b5e66efdb459 Mon Sep 17 00:00:00 2001
From: Erin Yan <yiranyan@google.com>
Date: Mon, 22 Apr 2024 14:35:47 -0700
Subject: [PATCH 3/3] Remove SEPolicy for Mediashell from device level make
 file

Bug: 343288392
Test: Verified L1 content Cast working on Tangorpro and no avc error on mediashell_app in logs with forest build.

Change-Id: I7d27c3d1aa5f6e5e666b05e157333fd217f776c0
---
 tangorpro-sepolicy.mk | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tangorpro-sepolicy.mk b/tangorpro-sepolicy.mk
index f16f331..c771713 100644
--- a/tangorpro-sepolicy.mk
+++ b/tangorpro-sepolicy.mk
@@ -8,7 +8,6 @@ BOARD_SEPOLICY_DIRS += device/google/tangorpro-sepolicy/fingerprint_capacitance
 # for mediashell
 PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/atv/audio_proxy/sepolicy/public
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/atv/audio_proxy/sepolicy/vendor
-PRODUCT_PRIVATE_SEPOLICY_DIRS += vendor/google/gms/src/sepolicy/tv
 
 # system_ext
 SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/tangorpro-sepolicy/system_ext/private