restart domains

Bug: 254378739
Test: boot to home
Change-Id: Ie67dbbdad041d84cddbabf62e98b0a8f2b1eadf2

legacy/whitechapel_pro/file_contexts

@@ -2,7 +2,6 @@
 /vendor/bin/chre                                                            u:object_r:chre_exec:s0
 /vendor/bin/storageproxyd                                                   u:object_r:tee_exec:s0
 /vendor/bin/tcpdump_logger                                                  u:object_r:tcpdump_logger_exec:s0
-/vendor/bin/init\.display\.sh                                               u:object_r:init-display-sh_exec:s0
 /vendor/bin/trusty_apploader                                                u:object_r:trusty_apploader_exec:s0
 /vendor/bin/trusty_metricsd                                                 u:object_r:trusty_metricsd_exec:s0
 /vendor/bin/dumpsys                                                         u:object_r:vendor_dumpsys:s0
@@ -10,8 +9,6 @@
 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty           u:object_r:hal_gatekeeper_default_exec:s0
 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty         u:object_r:hal_keymint_default_exec:s0
 /vendor/bin/hw/android\.hardware\.contexthub-service\.generic               u:object_r:hal_contexthub_default_exec:s0
-/vendor/bin/hw/samsung\.hardware\.media\.c2@1\.2-service                    u:object_r:mediacodec_samsung_exec:s0
-/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service                     u:object_r:mediacodec_google_exec:s0
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix  u:object_r:hal_fingerprint_default_exec:s0
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix   u:object_r:hal_fingerprint_default_exec:s0
 /vendor/bin/hw/android\.hardware\.nfc-service\.st                           u:object_r:hal_nfc_default_exec:s0

legacy/whitechapel_pro/init-display-sh.te

@@ -1,10 +0,0 @@
-type init-display-sh, domain;
-type init-display-sh_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(init-display-sh)
-
-allow init-display-sh self:capability sys_module;
-allow init-display-sh vendor_kernel_modules:system module_load;
-allow init-display-sh vendor_toolbox_exec:file execute_no_trans;
-
-dontaudit init-display-sh proc_cmdline:file r_file_perms;
-

legacy/whitechapel_pro/init.te

@@ -1,6 +0,0 @@
-allow init ram_device:blk_file w_file_perms;
-allow init sysfs_scsi_devices_0000:file w_file_perms;
-
-# Workaround for b/193113005 that modem_img unlabeled after disable-verity
-dontaudit init overlayfs_file:file rename;
-dontaudit init overlayfs_file:chr_file unlink;

legacy/whitechapel_pro/logd.te

@@ -1,2 +0,0 @@
-r_dir_file(logd, logbuffer_device)
-allow logd logbuffer_device:chr_file r_file_perms;

tracking_denials/permissive.te

@@ -31,4 +31,6 @@ userdebug_or_eng(`
   permissive uwb_vendor_app;
   permissive hal_wifi_ext;
   permissive hal_wlc;
+  permissive init;
+  permissive logd;
 ')

vendor/file_contexts

@@ -11,6 +11,8 @@
 /vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service                       u:object_r:hal_uwb_vendor_default_exec:s0
 /vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel             u:object_r:hal_graphics_composer_default_exec:s0
 /vendor/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor         u:object_r:hal_wlc_exec:s0
+/vendor/bin/hw/samsung\.hardware\.media\.c2@1\.2-service                    u:object_r:mediacodec_samsung_exec:s0
+/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service                     u:object_r:mediacodec_google_exec:s0
 
 # Vendor Firmwares
 /vendor/firmware(/.*)?                                                      u:object_r:vendor_fw_file:s0

vendor/mediacodec_google.te

@@ -3,22 +3,6 @@ type mediacodec_google_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(mediacodec_google)
 
-# can route /dev/binder traffic to /dev/vndbinder
-vndbinder_use(mediacodec_google)
-
-hal_server_domain(mediacodec_google, hal_codec2)
-
-# mediacodec_google may use an input surface from a different Codec2 service
-hal_client_domain(mediacodec_google, hal_codec2)
-
-hal_client_domain(mediacodec_google, hal_graphics_allocator)
-
-allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms;
-allow mediacodec_google dmabuf_system_secure_heap_device:chr_file r_file_perms;
-allow mediacodec_google video_device:chr_file rw_file_perms;
-
-crash_dump_fallback(mediacodec_google)
-
 # mediacodec_google should never execute any executable without a domain transition
 neverallow mediacodec_google { file_type fs_type }:file execute_no_trans;
 
@@ -27,4 +11,4 @@ neverallow mediacodec_google { file_type fs_type }:file execute_no_trans;
 # Lengthier explanation here:
 # https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
 neverallow mediacodec_google domain:{ udp_socket rawip_socket } *;
-neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *;
+neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *;

vendor/mediacodec_samsung.te

@@ -2,26 +2,6 @@ type mediacodec_samsung, domain;
 type mediacodec_samsung_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(mediacodec_samsung)
 
-hal_server_domain(mediacodec_samsung, hal_codec2)
-add_service(mediacodec_samsung, eco_service)
-
-# can route /dev/binder traffic to /dev/vndbinder
-vndbinder_use(mediacodec_samsung)
-
-allow mediacodec_samsung video_device:chr_file rw_file_perms;
-allow mediacodec_samsung dmabuf_system_heap_device:chr_file r_file_perms;
-allow mediacodec_samsung gpu_device:chr_file rw_file_perms;
-
-allow mediacodec_samsung sysfs_mfc:file r_file_perms;
-allow mediacodec_samsung sysfs_mfc:dir r_dir_perms;
-
-# can use graphics allocator
-hal_client_domain(mediacodec_samsung, hal_graphics_allocator)
-
-binder_call(mediacodec_samsung, hal_camera_default)
-
-crash_dump_fallback(mediacodec_samsung)
-
 # mediacodec_samsung should never execute any executable without a domain transition
 neverallow mediacodec_samsung { file_type fs_type }:file execute_no_trans;