From 9966805569f90ec0c966284da51ba867ac9dc4ca Mon Sep 17 00:00:00 2001
From: Chih Wei Chang <aaronchang@google.com>
Date: Wed, 8 Mar 2023 08:10:57 +0000
Subject: [PATCH] Revert "Add system_ui required policy"

This reverts commit 548848221175803277f11c7cdbf998026c23c788.

Bug: 272204013

Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_udc-d1-dev&target=aosp_shiba-userdebug&lkgb=9707521&lkbb=9708227&fkbb=9708227, bug 272204013

Change-Id: Ia2d74374325d594d9dbd1e5ba8b1510f8d432e4d
---
 tracking_denials/systemui.te     |  4 ++++
 tracking_denials/systemui_app.te | 27 +++++++++++++++++++++++++++
 vendor/systemui_app.te           | 13 ++-----------
 3 files changed, 33 insertions(+), 11 deletions(-)
 create mode 100644 tracking_denials/systemui.te
 create mode 100644 tracking_denials/systemui_app.te

diff --git a/tracking_denials/systemui.te b/tracking_denials/systemui.te
new file mode 100644
index 00000000..3159dd92
--- /dev/null
+++ b/tracking_denials/systemui.te
@@ -0,0 +1,4 @@
+# b/264266705
+userdebug_or_eng(`
+    permissive systemui_app;
+')
diff --git a/tracking_denials/systemui_app.te b/tracking_denials/systemui_app.te
new file mode 100644
index 00000000..5b5bd400
--- /dev/null
+++ b/tracking_denials/systemui_app.te
@@ -0,0 +1,27 @@
+# b/268572197
+dontaudit systemui_app cameraserver_service:service_manager { find };
+dontaudit systemui_app color_display_service:service_manager { find };
+dontaudit systemui_app default_android_service:service_manager { find };
+dontaudit systemui_app hal_wireless_charger:binder { call };
+dontaudit systemui_app hal_wireless_charger:binder { transfer };
+dontaudit systemui_app hal_wireless_charger_service:service_manager { find };
+dontaudit systemui_app keyguard_config_prop:file { getattr };
+dontaudit systemui_app keyguard_config_prop:file { map };
+dontaudit systemui_app keyguard_config_prop:file { open };
+dontaudit systemui_app keyguard_config_prop:file { read };
+dontaudit systemui_app mediaextractor_service:service_manager { find };
+dontaudit systemui_app mediametrics_service:service_manager { find };
+dontaudit systemui_app mediaserver_service:service_manager { find };
+dontaudit systemui_app network_score_service:service_manager { find };
+dontaudit systemui_app overlay_service:service_manager { find };
+dontaudit systemui_app qemu_hw_prop:file { getattr };
+dontaudit systemui_app qemu_hw_prop:file { map };
+dontaudit systemui_app qemu_hw_prop:file { open };
+dontaudit systemui_app radio_service:service_manager { find };
+dontaudit systemui_app vr_manager_service:service_manager { find };
+dontaudit systemui_app service_manager_type:service_manager *;
+# b/269813282
+dontaudit systemui_app bootanim_system_prop:property_service { set };
+dontaudit systemui_app init:unix_stream_socket { connectto };
+dontaudit systemui_app property_socket:sock_file { write };
+dontaudit systemui_app qemu_hw_prop:file { read };
diff --git a/vendor/systemui_app.te b/vendor/systemui_app.te
index 80a4e732..9906dcb6 100644
--- a/vendor/systemui_app.te
+++ b/vendor/systemui_app.te
@@ -1,16 +1,7 @@
-type systemui_app, domain, coredomain;
+type systemui_app, domain;
 app_domain(systemui_app)
 allow systemui_app app_api_service:service_manager find;
 
-get_prop(systemui_app, keyguard_config_prop)
-set_prop(systemui_app, bootanim_system_prop)
-
-allow systemui_app hal_googlebattery_service:service_manager find;
-binder_call(systemui_app, hal_googlebattery)
-
-allow systemui_app touch_context_service:service_manager find;
-binder_call(systemui_app, twoshay)
-
 # WLC
 allow systemui_app hal_wireless_charger_service:service_manager find;
-binder_call(systemui_app, hal_wireless_charger)
+binder_call(systemui_app, hal_wireless_charger)
\ No newline at end of file