From 548848221175803277f11c7cdbf998026c23c788 Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Fri, 3 Mar 2023 16:10:14 +0800
Subject: [PATCH] Add system_ui required policy

Bug: 264266705
Bug: 268572197
Bug: 269813282
Change-Id: I6457f4a675d32578188c01ae581442300ac56a5b
---
 tracking_denials/systemui.te     |  4 ----
 tracking_denials/systemui_app.te | 27 ---------------------------
 vendor/systemui_app.te           | 13 +++++++++++--
 3 files changed, 11 insertions(+), 33 deletions(-)
 delete mode 100644 tracking_denials/systemui.te
 delete mode 100644 tracking_denials/systemui_app.te

diff --git a/tracking_denials/systemui.te b/tracking_denials/systemui.te
deleted file mode 100644
index 3159dd92..00000000
--- a/tracking_denials/systemui.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# b/264266705
-userdebug_or_eng(`
-    permissive systemui_app;
-')
diff --git a/tracking_denials/systemui_app.te b/tracking_denials/systemui_app.te
deleted file mode 100644
index 5b5bd400..00000000
--- a/tracking_denials/systemui_app.te
+++ /dev/null
@@ -1,27 +0,0 @@
-# b/268572197
-dontaudit systemui_app cameraserver_service:service_manager { find };
-dontaudit systemui_app color_display_service:service_manager { find };
-dontaudit systemui_app default_android_service:service_manager { find };
-dontaudit systemui_app hal_wireless_charger:binder { call };
-dontaudit systemui_app hal_wireless_charger:binder { transfer };
-dontaudit systemui_app hal_wireless_charger_service:service_manager { find };
-dontaudit systemui_app keyguard_config_prop:file { getattr };
-dontaudit systemui_app keyguard_config_prop:file { map };
-dontaudit systemui_app keyguard_config_prop:file { open };
-dontaudit systemui_app keyguard_config_prop:file { read };
-dontaudit systemui_app mediaextractor_service:service_manager { find };
-dontaudit systemui_app mediametrics_service:service_manager { find };
-dontaudit systemui_app mediaserver_service:service_manager { find };
-dontaudit systemui_app network_score_service:service_manager { find };
-dontaudit systemui_app overlay_service:service_manager { find };
-dontaudit systemui_app qemu_hw_prop:file { getattr };
-dontaudit systemui_app qemu_hw_prop:file { map };
-dontaudit systemui_app qemu_hw_prop:file { open };
-dontaudit systemui_app radio_service:service_manager { find };
-dontaudit systemui_app vr_manager_service:service_manager { find };
-dontaudit systemui_app service_manager_type:service_manager *;
-# b/269813282
-dontaudit systemui_app bootanim_system_prop:property_service { set };
-dontaudit systemui_app init:unix_stream_socket { connectto };
-dontaudit systemui_app property_socket:sock_file { write };
-dontaudit systemui_app qemu_hw_prop:file { read };
diff --git a/vendor/systemui_app.te b/vendor/systemui_app.te
index 9906dcb6..80a4e732 100644
--- a/vendor/systemui_app.te
+++ b/vendor/systemui_app.te
@@ -1,7 +1,16 @@
-type systemui_app, domain;
+type systemui_app, domain, coredomain;
 app_domain(systemui_app)
 allow systemui_app app_api_service:service_manager find;
 
+get_prop(systemui_app, keyguard_config_prop)
+set_prop(systemui_app, bootanim_system_prop)
+
+allow systemui_app hal_googlebattery_service:service_manager find;
+binder_call(systemui_app, hal_googlebattery)
+
+allow systemui_app touch_context_service:service_manager find;
+binder_call(systemui_app, twoshay)
+
 # WLC
 allow systemui_app hal_wireless_charger_service:service_manager find;
-binder_call(systemui_app, hal_wireless_charger)
\ No newline at end of file
+binder_call(systemui_app, hal_wireless_charger)