Merge "Add hal_contexthub_default to zuma sepolicy; Remove dontaudit rules for chre" into udc-d1-dev

legacy/whitechapel_pro/file_contexts

@@ -2,7 +2,6 @@
 /vendor/bin/dumpsys                                                         u:object_r:vendor_dumpsys:s0
 /vendor/bin/hw/android\.hardware\.gatekeeper-service\.trusty                u:object_r:hal_gatekeeper_default_exec:s0
 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty           u:object_r:hal_gatekeeper_default_exec:s0
-/vendor/bin/hw/android\.hardware\.contexthub-service\.generic               u:object_r:hal_contexthub_default_exec:s0
 /vendor/bin/hw/android\.hardware\.nfc-service\.st                           u:object_r:hal_nfc_default_exec:s0
 
 # Vendor libraries

tracking_denials/chre.te

@@ -1,4 +0,0 @@
-# b/261105224
-dontaudit chre hal_system_suspend_service:service_manager { find };
-dontaudit chre servicemanager:binder { call };
-dontaudit chre system_suspend_server:binder { call };

tracking_denials/hal_contexthub_default.te

@@ -1,7 +0,0 @@
-# b/261105182
-dontaudit hal_contexthub_default chre:unix_stream_socket { connectto };
-dontaudit hal_contexthub_default chre_socket:sock_file { write };
-# b/264489794
-userdebug_or_eng(`
-  permissive hal_contexthub_default;
-')

tracking_denials/system_suspend.te

@@ -1,2 +0,0 @@
-# b/261105356
-dontaudit system_suspend_server chre:binder { transfer };

vendor/file_contexts

@@ -12,6 +12,7 @@
 /vendor/bin/hw/android\.hardware\.secure_element-service.uicc               u:object_r:hal_secure_element_uicc_exec:s0
 /vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service                       u:object_r:hal_uwb_vendor_default_exec:s0
 /vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel             u:object_r:hal_graphics_composer_default_exec:s0
+/vendor/bin/hw/android\.hardware\.contexthub-service\.generic               u:object_r:hal_contexthub_default_exec:s0
 /vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service                     u:object_r:mediacodec_google_exec:s0
 /vendor/bin/dump/dump_wlan\.sh                                              u:object_r:dump_wlan_exec:s0
 /vendor/bin/dump/dump_cma\.sh                                               u:object_r:dump_cma_exec:s0

vendor/hal_contexthub_default.te

@@ -0,0 +1,2 @@
+# Allow context hub HAL to communicate with daemon via socket
+unix_socket_connect(hal_contexthub_default, chre, chre)