From 0801e5e421722138e8d4ce2ad468848dbd0fbef6 Mon Sep 17 00:00:00 2001
From: Ray Chi <raychi@google.com>
Date: Mon, 16 Jan 2023 15:40:48 +0800
Subject: [PATCH] Fix avc denied and remove tracking_denials for hal_usb_impl

Fix avc denial for hal_usb_impl.

Bug: 263048760
Test: no avc denied for hal_usb_impl
Change-Id: Iaeea9d1f99f715c0f856a3a9f9fcd2e8d371f3d3
---
 tracking_denials/hal_usb_impl.te | 42 --------------------------------
 vendor/hal_usb_impl.te           | 12 +++++++++
 2 files changed, 12 insertions(+), 42 deletions(-)
 delete mode 100644 tracking_denials/hal_usb_impl.te

diff --git a/tracking_denials/hal_usb_impl.te b/tracking_denials/hal_usb_impl.te
deleted file mode 100644
index 668a2621..00000000
--- a/tracking_denials/hal_usb_impl.te
+++ /dev/null
@@ -1,42 +0,0 @@
-# b/261651326
-dontaudit hal_usb_impl hal_thermal_default:binder { call };
-dontaudit hal_usb_impl hal_thermal_default:binder { transfer };
-dontaudit hal_usb_impl hal_usb_impl:capability2 { block_suspend };
-dontaudit hal_usb_impl hal_usb_impl:capability2 { wake_alarm };
-dontaudit hal_usb_impl hal_usb_impl:netlink_kobject_uevent_socket { bind };
-dontaudit hal_usb_impl hal_usb_impl:netlink_kobject_uevent_socket { create };
-dontaudit hal_usb_impl hal_usb_impl:netlink_kobject_uevent_socket { getopt };
-dontaudit hal_usb_impl hal_usb_impl:netlink_kobject_uevent_socket { read };
-dontaudit hal_usb_impl hal_usb_impl:netlink_kobject_uevent_socket { setopt };
-dontaudit hal_usb_impl hal_usb_service:service_manager { add };
-dontaudit hal_usb_impl hwservicemanager:binder { call };
-dontaudit hal_usb_impl hwservicemanager:binder { transfer };
-dontaudit hal_usb_impl hwservicemanager_prop:file { getattr };
-dontaudit hal_usb_impl hwservicemanager_prop:file { map };
-dontaudit hal_usb_impl hwservicemanager_prop:file { open };
-dontaudit hal_usb_impl hwservicemanager_prop:file { read };
-dontaudit hal_usb_impl servicemanager:binder { call };
-dontaudit hal_usb_impl servicemanager:binder { transfer };
-dontaudit hal_usb_impl sysfs:dir { open };
-dontaudit hal_usb_impl sysfs:dir { read };
-dontaudit hal_usb_impl sysfs:file { getattr };
-dontaudit hal_usb_impl sysfs:file { open };
-dontaudit hal_usb_impl sysfs:file { read };
-dontaudit hal_usb_impl system_server:binder { call };
-# b/263048760
-dontaudit hal_usb_impl dumpstate:fd { use };
-dontaudit hal_usb_impl dumpstate:fifo_file { write };
-# b/264204023
-dontaudit hal_usb_impl sysfs_batteryinfo:dir { search };
-dontaudit hal_usb_impl sysfs_batteryinfo:file { getattr };
-dontaudit hal_usb_impl sysfs_batteryinfo:file { open };
-dontaudit hal_usb_impl sysfs_batteryinfo:file { read };
-# b/264489561
-userdebug_or_eng(`
-  permissive hal_usb_impl;
-')# b/264606212
-dontaudit hal_usb_impl hal_thermal_hwservice:hwservice_manager { find };
-dontaudit hal_usb_impl hidl_manager_hwservice:hwservice_manager { find };
-# b/265383532
-dontaudit hal_usb_impl sysfs_batteryinfo:dir { open };
-dontaudit hal_usb_impl sysfs_batteryinfo:dir { read };
diff --git a/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te
index 3caf54a2..15d74c5e 100644
--- a/vendor/hal_usb_impl.te
+++ b/vendor/hal_usb_impl.te
@@ -2,3 +2,15 @@ type hal_usb_impl, domain;
 
 type hal_usb_impl_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(hal_usb_impl)
+hal_server_domain(hal_usb_impl, hal_usb)
+hal_server_domain(hal_usb_impl, hal_usb_gadget)
+
+allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms;
+allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms;
+
+# Needed for monitoring usb port temperature
+allow hal_usb_impl self:capability2 wake_alarm;
+wakelock_use(hal_usb_impl);
+
+# For interfacing with ThermalHAL
+hal_client_domain(hal_usb_impl, hal_thermal);