From 2682fc7fc499ed0c2e1f84a07345d8d4819d4b97 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Tue, 20 Dec 2022 08:38:41 +0800
Subject: [PATCH] update error on ROM 9420981

Bug: 263185135
Bug: 263184738
Bug: 263185136
Bug: 263185161
Bug: 263185431
Bug: 263185547
Bug: 263185432
Bug: 263185565
Bug: 263184920
Bug: 263185566
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ia305204ccda294f7ad38edb669c85907485e4db3
---
 tracking_denials/hal_camera_default.te        |  2 ++
 .../hal_graphics_composer_default.te          |  7 ++++++
 tracking_denials/hbmsvmanager_app.te          |  2 ++
 tracking_denials/kernel.te                    |  2 ++
 tracking_denials/mediacodec_google.te         |  2 ++
 tracking_denials/nfc.te                       |  3 +++
 tracking_denials/priv_app.te                  |  2 ++
 tracking_denials/rlsservice.te                | 25 +++++++++++++++++++
 tracking_denials/system_server.te             |  2 ++
 tracking_denials/vendor_init.te               |  5 ++++
 10 files changed, 52 insertions(+)
 create mode 100644 tracking_denials/hal_graphics_composer_default.te
 create mode 100644 tracking_denials/nfc.te
 create mode 100644 tracking_denials/rlsservice.te

diff --git a/tracking_denials/hal_camera_default.te b/tracking_denials/hal_camera_default.te
index 18aeefe0..d2c3e45a 100644
--- a/tracking_denials/hal_camera_default.te
+++ b/tracking_denials/hal_camera_default.te
@@ -60,3 +60,5 @@ dontaudit hal_camera_default vndbinder_device:chr_file { open };
 dontaudit hal_camera_default vndbinder_device:chr_file { read };
 dontaudit hal_camera_default vndbinder_device:chr_file { write };
 dontaudit hal_camera_default vndservicemanager:binder { call };
+# b/263185135
+dontaudit hal_camera_default system_server:binder { transfer };
diff --git a/tracking_denials/hal_graphics_composer_default.te b/tracking_denials/hal_graphics_composer_default.te
new file mode 100644
index 00000000..dbf5e817
--- /dev/null
+++ b/tracking_denials/hal_graphics_composer_default.te
@@ -0,0 +1,7 @@
+# b/263184738
+dontaudit hal_graphics_composer_default vendor_hwc_log_file:dir { search };
+dontaudit hal_graphics_composer_default vendor_hwc_log_file:file { append };
+dontaudit hal_graphics_composer_default vendor_hwc_log_file:file { getattr };
+dontaudit hal_graphics_composer_default vendor_hwc_log_file:file { open };
+dontaudit hal_graphics_composer_default vendor_hwc_log_file:file { write };
+dontaudit hal_graphics_composer_default vendor_log_file:dir { search };
diff --git a/tracking_denials/hbmsvmanager_app.te b/tracking_denials/hbmsvmanager_app.te
index 19e7a7c5..6c1ea1c7 100644
--- a/tracking_denials/hbmsvmanager_app.te
+++ b/tracking_denials/hbmsvmanager_app.te
@@ -1,2 +1,4 @@
 # b/262794939
 dontaudit hbmsvmanager_app hal_pixel_display_service:service_manager { find };
+# b/263185136
+dontaudit hbmsvmanager_app hal_graphics_composer_default:binder { call };
diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te
index b64826ee..133733f6 100644
--- a/tracking_denials/kernel.te
+++ b/tracking_denials/kernel.te
@@ -18,3 +18,5 @@ dontaudit kernel system_bootstrap_lib_file:file { getattr };
 dontaudit kernel system_dlkm_file:dir { getattr };
 dontaudit kernel vendor_fw_file:dir { getattr };
 dontaudit kernel vendor_fw_file:dir { read };
+# b/263185161
+dontaudit kernel kernel:capability { net_bind_service };
diff --git a/tracking_denials/mediacodec_google.te b/tracking_denials/mediacodec_google.te
index a1c9e2d8..b2657a27 100644
--- a/tracking_denials/mediacodec_google.te
+++ b/tracking_denials/mediacodec_google.te
@@ -15,3 +15,5 @@ dontaudit mediacodec_google vndbinder_device:chr_file { map };
 dontaudit mediacodec_google vndbinder_device:chr_file { open };
 dontaudit mediacodec_google vndbinder_device:chr_file { read };
 dontaudit mediacodec_google vndbinder_device:chr_file { write };
+# b/263185431
+dontaudit mediacodec_google nfc:binder { transfer };
diff --git a/tracking_denials/nfc.te b/tracking_denials/nfc.te
new file mode 100644
index 00000000..1723af93
--- /dev/null
+++ b/tracking_denials/nfc.te
@@ -0,0 +1,3 @@
+# b/263185547
+dontaudit nfc mediacodec_google:binder { call };
+dontaudit nfc mediacodec_google:binder { transfer };
diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te
index 8312d43e..4a8c3c8f 100644
--- a/tracking_denials/priv_app.te
+++ b/tracking_denials/priv_app.te
@@ -20,3 +20,5 @@ dontaudit priv_app vendor_file:file { open };
 dontaudit priv_app vendor_file:file { read };
 # b/262455954
 dontaudit priv_app euiccpixel_app:binder { call };
+# b/263185432
+dontaudit priv_app privapp_data_file:file { unlink };
diff --git a/tracking_denials/rlsservice.te b/tracking_denials/rlsservice.te
new file mode 100644
index 00000000..f628c62b
--- /dev/null
+++ b/tracking_denials/rlsservice.te
@@ -0,0 +1,25 @@
+# b/263185565
+dontaudit rlsservice aoc_device:chr_file { getattr };
+dontaudit rlsservice aoc_device:chr_file { open };
+dontaudit rlsservice aoc_device:chr_file { read write };
+dontaudit rlsservice apex_info_file:file { getattr };
+dontaudit rlsservice apex_info_file:file { open };
+dontaudit rlsservice apex_info_file:file { read };
+dontaudit rlsservice apex_info_file:file { watch };
+dontaudit rlsservice device:dir { read };
+dontaudit rlsservice device:dir { watch };
+dontaudit rlsservice rls_service:service_manager { add };
+dontaudit rlsservice sysfs_leds:dir { search };
+dontaudit rlsservice sysfs_leds:file { open };
+dontaudit rlsservice sysfs_leds:file { read };
+dontaudit rlsservice vendor_camera_prop:file { getattr };
+dontaudit rlsservice vendor_camera_prop:file { map };
+dontaudit rlsservice vendor_camera_prop:file { open };
+dontaudit rlsservice vendor_camera_prop:file { read };
+dontaudit rlsservice vndbinder_device:chr_file { ioctl };
+dontaudit rlsservice vndbinder_device:chr_file { map };
+dontaudit rlsservice vndbinder_device:chr_file { open };
+dontaudit rlsservice vndbinder_device:chr_file { read };
+dontaudit rlsservice vndbinder_device:chr_file { write };
+dontaudit rlsservice vndservicemanager:binder { call };
+dontaudit rlsservice vndservicemanager:binder { transfer };
diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te
index 28623c87..d79b5637 100644
--- a/tracking_denials/system_server.te
+++ b/tracking_denials/system_server.te
@@ -21,3 +21,5 @@ dontaudit system_server mediacodec_google:binder { call };
 dontaudit system_server mediacodec_google:binder { transfer };
 dontaudit system_server mediacodec_samsung:binder { call };
 dontaudit system_server mediacodec_samsung:binder { transfer };
+# b/263184920
+dontaudit system_server hal_camera_default:binder { transfer };
diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te
index 78f166c1..2caca382 100644
--- a/tracking_denials/vendor_init.te
+++ b/tracking_denials/vendor_init.te
@@ -4,3 +4,8 @@ dontaudit vendor_init vendor_init:capability2 { block_suspend };
 dontaudit vendor_init vendor_init:lockdown { integrity };
 # b/260522244
 dontaudit vendor_init sg_device:chr_file { getattr };
+# b/263185566
+dontaudit vendor_init bootdevice_sysdev:file { create };
+dontaudit vendor_init modem_img_file:filesystem { getattr };
+dontaudit vendor_init proc_dirty:file { write };
+dontaudit vendor_init proc_sched:file { write };