From 226ad038500fe419c5346b9263f75a1676aaeb12 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Wed, 7 Dec 2022 09:35:16 +0800
Subject: [PATCH] update error on ROM 9377107

Bug: 261651113
Bug: 261651093
Bug: 261650934
Bug: 261651283
Bug: 261651325
Bug: 261651187
Bug: 261651110
Bug: 261651326
Bug: 261651112
Bug: 261650972
Bug: 261651095
Bug: 261651131
Bug: 261651009
Bug: 261650953
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I560c6fe5901fda018ff3f640d04954d245635db4
---
 tracking_denials/euiccpixel_app.te          |  2 +
 tracking_denials/hal_camera_default.te      | 58 +++++++++++++++++++++
 tracking_denials/hal_power_default.te       |  2 +
 tracking_denials/hal_power_stats_default.te |  6 +++
 tracking_denials/hal_secure_element_uicc.te |  7 +++
 tracking_denials/hal_thermal_default.te     |  4 ++
 tracking_denials/hal_usb_gadget_impl.te     | 32 ++++++++++++
 tracking_denials/hal_usb_impl.te            | 25 +++++++++
 tracking_denials/hwservicemanager.te        |  3 ++
 tracking_denials/kernel.te                  |  2 +
 tracking_denials/secure_element.te          |  8 +++
 tracking_denials/ssr_detector_app.te        |  2 +
 tracking_denials/system_server.te           |  5 ++
 tracking_denials/usbd.te                    |  2 +
 14 files changed, 158 insertions(+)
 create mode 100644 tracking_denials/hal_secure_element_uicc.te
 create mode 100644 tracking_denials/hal_usb_gadget_impl.te
 create mode 100644 tracking_denials/hal_usb_impl.te
 create mode 100644 tracking_denials/hwservicemanager.te
 create mode 100644 tracking_denials/ssr_detector_app.te
 create mode 100644 tracking_denials/usbd.te

diff --git a/tracking_denials/euiccpixel_app.te b/tracking_denials/euiccpixel_app.te
index 5af6c164..d83c6a06 100644
--- a/tracking_denials/euiccpixel_app.te
+++ b/tracking_denials/euiccpixel_app.te
@@ -52,3 +52,5 @@ dontaudit euiccpixel_app dck_prop:file { getattr };
 dontaudit euiccpixel_app dck_prop:file { open };
 dontaudit euiccpixel_app dck_prop:file { read };
 dontaudit euiccpixel_app vendor_secure_element_prop:property_service { set };
+# b/261651113
+dontaudit euiccpixel_app dck_prop:file { map };
diff --git a/tracking_denials/hal_camera_default.te b/tracking_denials/hal_camera_default.te
index 513cd0dd..18aeefe0 100644
--- a/tracking_denials/hal_camera_default.te
+++ b/tracking_denials/hal_camera_default.te
@@ -2,3 +2,61 @@
 dontaudit hal_camera_default device:chr_file { ioctl };
 dontaudit hal_camera_default device:chr_file { open };
 dontaudit hal_camera_default device:chr_file { read };
+# b/261651093
+dontaudit hal_camera_default apex_info_file:file { getattr };
+dontaudit hal_camera_default apex_info_file:file { open };
+dontaudit hal_camera_default apex_info_file:file { read };
+dontaudit hal_camera_default apex_info_file:file { watch };
+dontaudit hal_camera_default edgetpu_device:chr_file { ioctl };
+dontaudit hal_camera_default edgetpu_device:chr_file { map };
+dontaudit hal_camera_default edgetpu_device:chr_file { open };
+dontaudit hal_camera_default edgetpu_device:chr_file { read write };
+dontaudit hal_camera_default edgetpu_vendor_server:binder { call };
+dontaudit hal_camera_default edgetpu_vendor_server:fd { use };
+dontaudit hal_camera_default edgetpu_vendor_service:service_manager { find };
+dontaudit hal_camera_default fwk_stats_service:service_manager { find };
+dontaudit hal_camera_default hal_camera_default:capability { sys_nice };
+dontaudit hal_camera_default hal_power_default:binder { call };
+dontaudit hal_camera_default hal_power_service:service_manager { find };
+dontaudit hal_camera_default hal_radioext_default:binder { call };
+dontaudit hal_camera_default init:unix_stream_socket { connectto };
+dontaudit hal_camera_default kernel:process { setsched };
+dontaudit hal_camera_default lwis_device:chr_file { ioctl };
+dontaudit hal_camera_default lwis_device:chr_file { open };
+dontaudit hal_camera_default lwis_device:chr_file { read };
+dontaudit hal_camera_default lwis_device:chr_file { write };
+dontaudit hal_camera_default mnt_vendor_file:dir { search };
+dontaudit hal_camera_default persist_camera_file:dir { search };
+dontaudit hal_camera_default persist_camera_file:file { getattr };
+dontaudit hal_camera_default persist_camera_file:file { open };
+dontaudit hal_camera_default persist_camera_file:file { read };
+dontaudit hal_camera_default persist_file:dir { search };
+dontaudit hal_camera_default property_socket:sock_file { write };
+dontaudit hal_camera_default rls_service:service_manager { find };
+dontaudit hal_camera_default rlsservice:binder { call };
+dontaudit hal_camera_default system_data_file:dir { search };
+dontaudit hal_camera_default system_server:binder { call };
+dontaudit hal_camera_default traced:unix_stream_socket { connectto };
+dontaudit hal_camera_default traced_producer_socket:sock_file { write };
+dontaudit hal_camera_default vendor_camera_data_file:dir { getattr };
+dontaudit hal_camera_default vendor_camera_data_file:dir { open };
+dontaudit hal_camera_default vendor_camera_data_file:dir { read };
+dontaudit hal_camera_default vendor_camera_data_file:dir { search };
+dontaudit hal_camera_default vendor_camera_data_file:file { getattr };
+dontaudit hal_camera_default vendor_camera_data_file:file { open };
+dontaudit hal_camera_default vendor_camera_data_file:file { read };
+dontaudit hal_camera_default vendor_camera_debug_prop:file { getattr };
+dontaudit hal_camera_default vendor_camera_debug_prop:file { map };
+dontaudit hal_camera_default vendor_camera_debug_prop:file { open };
+dontaudit hal_camera_default vendor_camera_debug_prop:file { read };
+dontaudit hal_camera_default vendor_camera_prop:file { getattr };
+dontaudit hal_camera_default vendor_camera_prop:file { map };
+dontaudit hal_camera_default vendor_camera_prop:file { open };
+dontaudit hal_camera_default vendor_camera_prop:file { read };
+dontaudit hal_camera_default vendor_camera_prop:property_service { set };
+dontaudit hal_camera_default vndbinder_device:chr_file { ioctl };
+dontaudit hal_camera_default vndbinder_device:chr_file { map };
+dontaudit hal_camera_default vndbinder_device:chr_file { open };
+dontaudit hal_camera_default vndbinder_device:chr_file { read };
+dontaudit hal_camera_default vndbinder_device:chr_file { write };
+dontaudit hal_camera_default vndservicemanager:binder { call };
diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te
index ab3700c2..4b75149c 100644
--- a/tracking_denials/hal_power_default.te
+++ b/tracking_denials/hal_power_default.te
@@ -12,3 +12,5 @@ dontaudit hal_power_default vendor_camera_prop:property_service { set };
 dontaudit hal_power_default hal_graphics_composer_default:binder { transfer };
 # b/261105028
 dontaudit hal_power_default hal_fingerprint_default:binder { transfer };
+# b/261650934
+dontaudit hal_power_default hal_camera_default:binder { transfer };
diff --git a/tracking_denials/hal_power_stats_default.te b/tracking_denials/hal_power_stats_default.te
index 74888bfa..4c1f2eb6 100644
--- a/tracking_denials/hal_power_stats_default.te
+++ b/tracking_denials/hal_power_stats_default.te
@@ -37,3 +37,9 @@ dontaudit hal_power_stats_default sysfs_acpm_stats:file { read };
 dontaudit hal_power_stats_default sysfs_aoc_dumpstate:file { getattr };
 dontaudit hal_power_stats_default sysfs_aoc_dumpstate:file { open };
 dontaudit hal_power_stats_default sysfs_aoc_dumpstate:file { read };
+# b/261651283
+dontaudit hal_power_stats_default device:chr_file { getattr };
+dontaudit hal_power_stats_default device:chr_file { open };
+dontaudit hal_power_stats_default device:chr_file { read };
+dontaudit hal_power_stats_default sysfs_acpm_stats:file { getattr };
+dontaudit hal_power_stats_default sysfs_acpm_stats:file { open };
diff --git a/tracking_denials/hal_secure_element_uicc.te b/tracking_denials/hal_secure_element_uicc.te
new file mode 100644
index 00000000..8c83a68e
--- /dev/null
+++ b/tracking_denials/hal_secure_element_uicc.te
@@ -0,0 +1,7 @@
+# b/261651325
+dontaudit hal_secure_element_uicc hwservicemanager:binder { call };
+dontaudit hal_secure_element_uicc hwservicemanager:binder { transfer };
+dontaudit hal_secure_element_uicc hwservicemanager_prop:file { getattr };
+dontaudit hal_secure_element_uicc hwservicemanager_prop:file { map };
+dontaudit hal_secure_element_uicc hwservicemanager_prop:file { open };
+dontaudit hal_secure_element_uicc hwservicemanager_prop:file { read };
diff --git a/tracking_denials/hal_thermal_default.te b/tracking_denials/hal_thermal_default.te
index 9f9790d8..72ff75d8 100644
--- a/tracking_denials/hal_thermal_default.te
+++ b/tracking_denials/hal_thermal_default.te
@@ -2,3 +2,7 @@
 dontaudit hal_thermal_default sysfs:file { getattr };
 dontaudit hal_thermal_default sysfs:file { open };
 dontaudit hal_thermal_default sysfs:file { read };
+# b/261651187
+dontaudit hal_thermal_default sysfs_iio_devices:dir { open };
+dontaudit hal_thermal_default sysfs_iio_devices:dir { read };
+dontaudit hal_thermal_default sysfs_iio_devices:dir { search };
diff --git a/tracking_denials/hal_usb_gadget_impl.te b/tracking_denials/hal_usb_gadget_impl.te
new file mode 100644
index 00000000..99fce60c
--- /dev/null
+++ b/tracking_denials/hal_usb_gadget_impl.te
@@ -0,0 +1,32 @@
+# b/261651110
+dontaudit hal_usb_gadget_impl configfs:dir { add_name };
+dontaudit hal_usb_gadget_impl configfs:dir { open };
+dontaudit hal_usb_gadget_impl configfs:dir { read };
+dontaudit hal_usb_gadget_impl configfs:dir { remove_name };
+dontaudit hal_usb_gadget_impl configfs:dir { search };
+dontaudit hal_usb_gadget_impl configfs:dir { write };
+dontaudit hal_usb_gadget_impl configfs:file { create };
+dontaudit hal_usb_gadget_impl configfs:file { open };
+dontaudit hal_usb_gadget_impl configfs:file { unlink };
+dontaudit hal_usb_gadget_impl configfs:file { write };
+dontaudit hal_usb_gadget_impl configfs:lnk_file { create };
+dontaudit hal_usb_gadget_impl configfs:lnk_file { read };
+dontaudit hal_usb_gadget_impl functionfs:dir { read };
+dontaudit hal_usb_gadget_impl functionfs:dir { search };
+dontaudit hal_usb_gadget_impl functionfs:dir { watch watch_reads };
+dontaudit hal_usb_gadget_impl functionfs:file { read };
+dontaudit hal_usb_gadget_impl hwservicemanager:binder { call };
+dontaudit hal_usb_gadget_impl hwservicemanager:binder { transfer };
+dontaudit hal_usb_gadget_impl hwservicemanager_prop:file { getattr };
+dontaudit hal_usb_gadget_impl hwservicemanager_prop:file { map };
+dontaudit hal_usb_gadget_impl hwservicemanager_prop:file { open };
+dontaudit hal_usb_gadget_impl hwservicemanager_prop:file { read };
+dontaudit hal_usb_gadget_impl proc_interrupts:file { getattr };
+dontaudit hal_usb_gadget_impl proc_interrupts:file { open };
+dontaudit hal_usb_gadget_impl proc_interrupts:file { read };
+dontaudit hal_usb_gadget_impl sysfs:file { read };
+dontaudit hal_usb_gadget_impl system_server:binder { call };
+dontaudit hal_usb_gadget_impl vendor_usb_config_prop:file { getattr };
+dontaudit hal_usb_gadget_impl vendor_usb_config_prop:file { map };
+dontaudit hal_usb_gadget_impl vendor_usb_config_prop:file { open };
+dontaudit hal_usb_gadget_impl vendor_usb_config_prop:file { read };
diff --git a/tracking_denials/hal_usb_impl.te b/tracking_denials/hal_usb_impl.te
new file mode 100644
index 00000000..73df0d5e
--- /dev/null
+++ b/tracking_denials/hal_usb_impl.te
@@ -0,0 +1,25 @@
+# b/261651326
+dontaudit hal_usb_impl hal_thermal_default:binder { call };
+dontaudit hal_usb_impl hal_thermal_default:binder { transfer };
+dontaudit hal_usb_impl hal_usb_impl:capability2 { block_suspend };
+dontaudit hal_usb_impl hal_usb_impl:capability2 { wake_alarm };
+dontaudit hal_usb_impl hal_usb_impl:netlink_kobject_uevent_socket { bind };
+dontaudit hal_usb_impl hal_usb_impl:netlink_kobject_uevent_socket { create };
+dontaudit hal_usb_impl hal_usb_impl:netlink_kobject_uevent_socket { getopt };
+dontaudit hal_usb_impl hal_usb_impl:netlink_kobject_uevent_socket { read };
+dontaudit hal_usb_impl hal_usb_impl:netlink_kobject_uevent_socket { setopt };
+dontaudit hal_usb_impl hal_usb_service:service_manager { add };
+dontaudit hal_usb_impl hwservicemanager:binder { call };
+dontaudit hal_usb_impl hwservicemanager:binder { transfer };
+dontaudit hal_usb_impl hwservicemanager_prop:file { getattr };
+dontaudit hal_usb_impl hwservicemanager_prop:file { map };
+dontaudit hal_usb_impl hwservicemanager_prop:file { open };
+dontaudit hal_usb_impl hwservicemanager_prop:file { read };
+dontaudit hal_usb_impl servicemanager:binder { call };
+dontaudit hal_usb_impl servicemanager:binder { transfer };
+dontaudit hal_usb_impl sysfs:dir { open };
+dontaudit hal_usb_impl sysfs:dir { read };
+dontaudit hal_usb_impl sysfs:file { getattr };
+dontaudit hal_usb_impl sysfs:file { open };
+dontaudit hal_usb_impl sysfs:file { read };
+dontaudit hal_usb_impl system_server:binder { call };
diff --git a/tracking_denials/hwservicemanager.te b/tracking_denials/hwservicemanager.te
new file mode 100644
index 00000000..98681bfc
--- /dev/null
+++ b/tracking_denials/hwservicemanager.te
@@ -0,0 +1,3 @@
+# b/261651112
+dontaudit hwservicemanager hal_usb_impl:binder { call };
+dontaudit hwservicemanager hal_usb_impl:binder { transfer };
diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te
index 8ad07d69..349f76fc 100644
--- a/tracking_denials/kernel.te
+++ b/tracking_denials/kernel.te
@@ -6,3 +6,5 @@ dontaudit kernel vendor_fw_file:dir { search };
 dontaudit kernel vendor_fw_file:file { open };
 dontaudit kernel vendor_fw_file:file { read };
 dontaudit kernel vendor_regmap_debugfs:dir { search };
+# b/261650972
+dontaudit kernel vendor_battery_debugfs:dir { search };
diff --git a/tracking_denials/secure_element.te b/tracking_denials/secure_element.te
index 841c9e83..91937c0d 100644
--- a/tracking_denials/secure_element.te
+++ b/tracking_denials/secure_element.te
@@ -5,3 +5,11 @@ dontaudit secure_element euiccpixel_app:binder { transfer };
 # b/261519169
 dontaudit secure_element hal_secure_element_st54spi:binder { call };
 dontaudit secure_element hal_secure_element_st54spi:binder { transfer };
+# b/261651095
+dontaudit secure_element hal_secure_element_uicc:binder { call };
+dontaudit secure_element hal_secure_element_uicc:binder { transfer };
+dontaudit secure_element system_data_file:dir { add_name };
+dontaudit secure_element system_data_file:dir { remove_name };
+dontaudit secure_element system_data_file:file { create };
+dontaudit secure_element system_data_file:file { rename };
+dontaudit secure_element system_data_file:file { write open };
diff --git a/tracking_denials/ssr_detector_app.te b/tracking_denials/ssr_detector_app.te
new file mode 100644
index 00000000..354e33ef
--- /dev/null
+++ b/tracking_denials/ssr_detector_app.te
@@ -0,0 +1,2 @@
+# b/261651131
+dontaudit ssr_detector_app system_app_data_file:file { open };
diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te
index e312ba30..7b5f543e 100644
--- a/tracking_denials/system_server.te
+++ b/tracking_denials/system_server.te
@@ -9,3 +9,8 @@ dontaudit system_server euiccpixel_app:process { setsched };
 # b/261519050
 dontaudit system_server con_monitor_app:binder { call };
 dontaudit system_server con_monitor_app:binder { transfer };
+# b/261651009
+dontaudit system_server hal_usb_gadget_impl:binder { call };
+dontaudit system_server hal_usb_gadget_impl:binder { transfer };
+dontaudit system_server hal_usb_impl:binder { call };
+dontaudit system_server hal_usb_impl:binder { transfer };
diff --git a/tracking_denials/usbd.te b/tracking_denials/usbd.te
new file mode 100644
index 00000000..e208d0a5
--- /dev/null
+++ b/tracking_denials/usbd.te
@@ -0,0 +1,2 @@
+# b/261650953
+dontaudit usbd hal_usb_gadget_impl:binder { call };