From 3a3a4e31111e003807b7f093e40ebd206f0a0460 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Tue, 6 Dec 2022 10:17:31 +0800
Subject: [PATCH] update error on ROM 9372160

Bug: 261518779
Bug: 261516808
Bug: 261519183
Bug: 261519145
Bug: 261519049
Bug: 261519169
Bug: 261519050
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ib42e6f3cb730a8e8cd45cfe164b6dc9eb1e41940
---
 tracking_denials/con_monitor_app.te            |  8 ++++++++
 tracking_denials/euiccpixel_app.te             |  5 +++++
 tracking_denials/hal_power_stats_default.te    |  6 ++++++
 tracking_denials/hal_secure_element_st54spi.te | 13 +++++++++++++
 tracking_denials/logger_app.te                 | 10 ++++++++++
 tracking_denials/secure_element.te             |  3 +++
 tracking_denials/system_server.te              |  3 +++
 7 files changed, 48 insertions(+)
 create mode 100644 tracking_denials/con_monitor_app.te
 create mode 100644 tracking_denials/hal_secure_element_st54spi.te

diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te
new file mode 100644
index 00000000..e37a9775
--- /dev/null
+++ b/tracking_denials/con_monitor_app.te
@@ -0,0 +1,8 @@
+# b/261518779
+dontaudit con_monitor_app activity_service:service_manager { find };
+dontaudit con_monitor_app content_capture_service:service_manager { find };
+dontaudit con_monitor_app game_service:service_manager { find };
+dontaudit con_monitor_app netstats_service:service_manager { find };
+dontaudit con_monitor_app system_server:binder { call };
+dontaudit con_monitor_app system_server:binder { transfer };
+dontaudit con_monitor_app system_server:fd { use };
diff --git a/tracking_denials/euiccpixel_app.te b/tracking_denials/euiccpixel_app.te
index 6874c630..5af6c164 100644
--- a/tracking_denials/euiccpixel_app.te
+++ b/tracking_denials/euiccpixel_app.te
@@ -47,3 +47,8 @@ dontaudit euiccpixel_app priv_app:binder { transfer };
 dontaudit euiccpixel_app property_socket:sock_file { write };
 dontaudit euiccpixel_app secure_element:binder { call };
 dontaudit euiccpixel_app secure_element:binder { transfer };
+# b/261516808
+dontaudit euiccpixel_app dck_prop:file { getattr };
+dontaudit euiccpixel_app dck_prop:file { open };
+dontaudit euiccpixel_app dck_prop:file { read };
+dontaudit euiccpixel_app vendor_secure_element_prop:property_service { set };
diff --git a/tracking_denials/hal_power_stats_default.te b/tracking_denials/hal_power_stats_default.te
index 1c9525f9..74888bfa 100644
--- a/tracking_denials/hal_power_stats_default.te
+++ b/tracking_denials/hal_power_stats_default.te
@@ -31,3 +31,9 @@ dontaudit hal_power_stats_default sysfs_aoc:file { open };
 dontaudit hal_power_stats_default sysfs_aoc:file { read };
 # b/261363958
 dontaudit hal_power_stats_default default_android_service:service_manager { add };
+# b/261519183
+dontaudit hal_power_stats_default sysfs_acpm_stats:dir { search };
+dontaudit hal_power_stats_default sysfs_acpm_stats:file { read };
+dontaudit hal_power_stats_default sysfs_aoc_dumpstate:file { getattr };
+dontaudit hal_power_stats_default sysfs_aoc_dumpstate:file { open };
+dontaudit hal_power_stats_default sysfs_aoc_dumpstate:file { read };
diff --git a/tracking_denials/hal_secure_element_st54spi.te b/tracking_denials/hal_secure_element_st54spi.te
new file mode 100644
index 00000000..fb44b62c
--- /dev/null
+++ b/tracking_denials/hal_secure_element_st54spi.te
@@ -0,0 +1,13 @@
+# b/261519145
+dontaudit hal_secure_element_st54spi hwservicemanager:binder { call };
+dontaudit hal_secure_element_st54spi hwservicemanager:binder { transfer };
+dontaudit hal_secure_element_st54spi hwservicemanager_prop:file { getattr };
+dontaudit hal_secure_element_st54spi hwservicemanager_prop:file { map };
+dontaudit hal_secure_element_st54spi hwservicemanager_prop:file { open };
+dontaudit hal_secure_element_st54spi hwservicemanager_prop:file { read };
+dontaudit hal_secure_element_st54spi init:unix_stream_socket { connectto };
+dontaudit hal_secure_element_st54spi property_socket:sock_file { write };
+dontaudit hal_secure_element_st54spi secure_element:binder { call };
+dontaudit hal_secure_element_st54spi st54spi_device:chr_file { open };
+dontaudit hal_secure_element_st54spi st54spi_device:chr_file { read write };
+dontaudit hal_secure_element_st54spi vendor_secure_element_prop:property_service { set };
diff --git a/tracking_denials/logger_app.te b/tracking_denials/logger_app.te
index 77d5cc90..03e0e69c 100644
--- a/tracking_denials/logger_app.te
+++ b/tracking_denials/logger_app.te
@@ -20,3 +20,13 @@ dontaudit logger_app radio_vendor_data_file:dir { write };
 dontaudit logger_app radio_vendor_data_file:file { create };
 dontaudit logger_app radio_vendor_data_file:file { unlink };
 dontaudit logger_app radio_vendor_data_file:file { write open };
+# b/261519049
+dontaudit logger_app radio_vendor_data_file:dir { create };
+dontaudit logger_app radio_vendor_data_file:dir { rmdir };
+dontaudit logger_app radio_vendor_data_file:file { getattr };
+dontaudit logger_app radio_vendor_data_file:file { setattr };
+dontaudit logger_app vendor_gps_file:dir { getattr };
+dontaudit logger_app vendor_gps_file:dir { read };
+dontaudit logger_app vendor_gps_file:dir { search };
+dontaudit logger_app vendor_gps_prop:property_service { set };
+dontaudit logger_app vendor_logger_prop:property_service { set };
diff --git a/tracking_denials/secure_element.te b/tracking_denials/secure_element.te
index c5599af5..841c9e83 100644
--- a/tracking_denials/secure_element.te
+++ b/tracking_denials/secure_element.te
@@ -2,3 +2,6 @@
 dontaudit secure_element euiccpixel_app:binder { transfer };
 # b/260922187
 dontaudit secure_element euiccpixel_app:binder { transfer };
+# b/261519169
+dontaudit secure_element hal_secure_element_st54spi:binder { call };
+dontaudit secure_element hal_secure_element_st54spi:binder { transfer };
diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te
index 53a9c474..e312ba30 100644
--- a/tracking_denials/system_server.te
+++ b/tracking_denials/system_server.te
@@ -6,3 +6,6 @@ dontaudit system_server sysfs:file { read };
 dontaudit system_server euiccpixel_app:binder { call };
 dontaudit system_server euiccpixel_app:binder { transfer };
 dontaudit system_server euiccpixel_app:process { setsched };
+# b/261519050
+dontaudit system_server con_monitor_app:binder { call };
+dontaudit system_server con_monitor_app:binder { transfer };