From 8c535e410a5b75d0cf61b52f0844550a994b09d1 Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Fri, 3 Mar 2023 16:10:14 +0800
Subject: [PATCH] Add system_ui required policy

Bug: 264266705
Bug: 268572197
Bug: 269813282
Change-Id: I8d782a5879dd531c29328517f67245913808ae93
---
 tracking_denials/systemui_app.te | 27 ---------------------------
 vendor/systemui_app.te           | 16 ++++++++++++++--
 2 files changed, 14 insertions(+), 29 deletions(-)
 delete mode 100644 tracking_denials/systemui_app.te

diff --git a/tracking_denials/systemui_app.te b/tracking_denials/systemui_app.te
deleted file mode 100644
index 5b5bd400..00000000
--- a/tracking_denials/systemui_app.te
+++ /dev/null
@@ -1,27 +0,0 @@
-# b/268572197
-dontaudit systemui_app cameraserver_service:service_manager { find };
-dontaudit systemui_app color_display_service:service_manager { find };
-dontaudit systemui_app default_android_service:service_manager { find };
-dontaudit systemui_app hal_wireless_charger:binder { call };
-dontaudit systemui_app hal_wireless_charger:binder { transfer };
-dontaudit systemui_app hal_wireless_charger_service:service_manager { find };
-dontaudit systemui_app keyguard_config_prop:file { getattr };
-dontaudit systemui_app keyguard_config_prop:file { map };
-dontaudit systemui_app keyguard_config_prop:file { open };
-dontaudit systemui_app keyguard_config_prop:file { read };
-dontaudit systemui_app mediaextractor_service:service_manager { find };
-dontaudit systemui_app mediametrics_service:service_manager { find };
-dontaudit systemui_app mediaserver_service:service_manager { find };
-dontaudit systemui_app network_score_service:service_manager { find };
-dontaudit systemui_app overlay_service:service_manager { find };
-dontaudit systemui_app qemu_hw_prop:file { getattr };
-dontaudit systemui_app qemu_hw_prop:file { map };
-dontaudit systemui_app qemu_hw_prop:file { open };
-dontaudit systemui_app radio_service:service_manager { find };
-dontaudit systemui_app vr_manager_service:service_manager { find };
-dontaudit systemui_app service_manager_type:service_manager *;
-# b/269813282
-dontaudit systemui_app bootanim_system_prop:property_service { set };
-dontaudit systemui_app init:unix_stream_socket { connectto };
-dontaudit systemui_app property_socket:sock_file { write };
-dontaudit systemui_app qemu_hw_prop:file { read };
diff --git a/vendor/systemui_app.te b/vendor/systemui_app.te
index 9906dcb6..f4142c33 100644
--- a/vendor/systemui_app.te
+++ b/vendor/systemui_app.te
@@ -1,7 +1,19 @@
-type systemui_app, domain;
+type systemui_app, domain, coredomain;
 app_domain(systemui_app)
 allow systemui_app app_api_service:service_manager find;
+allow systemui_app network_score_service:service_manager find;
+allow systemui_app overlay_service:service_manager find;
+allow systemui_app color_display_service:service_manager find;
+
+get_prop(systemui_app, keyguard_config_prop)
+set_prop(systemui_app, bootanim_system_prop)
+
+allow systemui_app pixel_battery_service_type:service_manager find;
+binder_call(systemui_app, pixel_battery_domain)
+
+allow systemui_app touch_context_service:service_manager find;
+binder_call(systemui_app, twoshay)
 
 # WLC
 allow systemui_app hal_wireless_charger_service:service_manager find;
-binder_call(systemui_app, hal_wireless_charger)
\ No newline at end of file
+binder_call(systemui_app, hal_wireless_charger)