From 341afe161d35fa0de2ef2c6de67342a5cfbebd99 Mon Sep 17 00:00:00 2001
From: sukiliu <sukiliu@google.com>
Date: Tue, 7 Feb 2023 11:29:20 +0800
Subject: [PATCH] Update error on ROM 9558720

Bug: 267843291
Bug: 267843408
Bug: 267843310
Bug: 267843409
Test: SELinuxUncheckedDenialBootTest
Change-Id: I4d8f448d9019232222f2e8385bb2f4b3cf5f5336
---
 bug_map                                 |  1 +
 tracking_denials/con_monitor_app.te     |  4 +++-
 tracking_denials/google_camera_app.te   |  2 ++
 tracking_denials/hal_bootctl_default.te |  7 ++++++-
 tracking_denials/vendor_init.te         | 10 +++++++++-
 5 files changed, 21 insertions(+), 3 deletions(-)
 create mode 100644 bug_map

diff --git a/bug_map b/bug_map
new file mode 100644
index 00000000..c15cd11f
--- /dev/null
+++ b/bug_map
@@ -0,0 +1 @@
+vendor_init device_config_configuration_prop property_service b/267843409
diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te
index 5d67f6a6..3baf9869 100644
--- a/tracking_denials/con_monitor_app.te
+++ b/tracking_denials/con_monitor_app.te
@@ -31,4 +31,6 @@ dontaudit con_monitor_app system_file:file { execute };
 # b/264489520
 userdebug_or_eng(`
   permissive con_monitor_app;
-')
\ No newline at end of file
+')
+# b/267843291
+dontaudit con_monitor_app resourcecache_data_file:file { read };
diff --git a/tracking_denials/google_camera_app.te b/tracking_denials/google_camera_app.te
index d3bec4f0..84c0acae 100644
--- a/tracking_denials/google_camera_app.te
+++ b/tracking_denials/google_camera_app.te
@@ -25,3 +25,5 @@ dontaudit google_camera_app legacy_permission_service:service_manager { find };
 dontaudit google_camera_app permission_checker_service:service_manager { find };
 # b/265220235
 dontaudit google_camera_app virtual_device_service:service_manager { find };
+# b/267843408
+dontaudit google_camera_app device_policy_service:service_manager { find };
diff --git a/tracking_denials/hal_bootctl_default.te b/tracking_denials/hal_bootctl_default.te
index 69728ef9..42d4ae61 100644
--- a/tracking_denials/hal_bootctl_default.te
+++ b/tracking_denials/hal_bootctl_default.te
@@ -4,4 +4,9 @@ dontaudit hal_bootctl_default devinfo_block_device:blk_file { read };
 # b/264489609
 userdebug_or_eng(`
   permissive hal_bootctl_default;
-')
\ No newline at end of file
+')
+# b/267843310
+dontaudit hal_bootctl_default hal_bootctl_default:capability { dac_override };
+dontaudit hal_bootctl_default tee_device:chr_file { ioctl };
+dontaudit hal_bootctl_default tee_device:chr_file { open };
+dontaudit hal_bootctl_default tee_device:chr_file { read write };
diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te
index fd22c52b..b3a9b7e0 100644
--- a/tracking_denials/vendor_init.te
+++ b/tracking_denials/vendor_init.te
@@ -14,4 +14,12 @@ dontaudit vendor_init system_boot_reason_prop:file { read };
 # b/264490095
 userdebug_or_eng(`
   permissive vendor_init;
-')
\ No newline at end of file
+')
+# b/267843409
+dontaudit vendor_init default_prop:property_service { set };
+dontaudit vendor_init logpersistd_logging_prop:property_service { set };
+dontaudit vendor_init vendor_camera_debug_prop:property_service { set };
+dontaudit vendor_init vendor_logger_prop:property_service { set };
+dontaudit vendor_init vendor_slog_prop:property_service { set };
+dontaudit vendor_init vendor_ssrdump_prop:property_service { set };
+dontaudit vendor_init vendor_vibrator_prop:property_service { set };