From 0b3bc920664483468d4aee5939a01bd253c36ca3 Mon Sep 17 00:00:00 2001
From: Welly Hsu <wellyhsu@google.com>
Date: Mon, 6 Feb 2023 14:58:52 +0800
Subject: [PATCH] Remove unnecessary dontaudit for context euiccpixel_app

bug: 260522203
bug: 260922442
bug: 262455954
bug: 260522040
bug: 260768358
bug: 261933311

Test:
1. m atest && atest-dev com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
2. eSIM OS version check & OS upgrade successfully without avc error

Change-Id: I6e0771a5794a42af5e187e35881e6de06e01fff0
---
 tracking_denials/euiccpixel_app.te | 11 +++--------
 tracking_denials/priv_app.te       |  4 ----
 tracking_denials/system_server.te  |  4 ----
 tracking_denials/zygote.te         |  2 --
 4 files changed, 3 insertions(+), 18 deletions(-)

diff --git a/tracking_denials/euiccpixel_app.te b/tracking_denials/euiccpixel_app.te
index 1ebf3c36..6568cd53 100644
--- a/tracking_denials/euiccpixel_app.te
+++ b/tracking_denials/euiccpixel_app.te
@@ -1,9 +1,4 @@
-# b/261933311
-dontaudit euiccpixel_app dumpstate:fd { use };
-dontaudit euiccpixel_app dumpstate:fifo_file { append };
-dontaudit euiccpixel_app dumpstate:fifo_file { write };
-dontaudit euiccpixel_app system_server:fifo_file { write };
-dontaudit euiccpixel_app tombstoned:unix_stream_socket { connectto };
-dontaudit euiccpixel_app tombstoned_java_trace_socket:sock_file { write };
 # b/265286368
-dontaudit euiccpixel_app default_android_service:service_manager { find };
\ No newline at end of file
+dontaudit euiccpixel_app default_android_service:service_manager { find };
+# b/269218505
+dontaudit euiccpixel_app default_prop:file { read };
\ No newline at end of file
diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te
index 564edee1..604cf7d9 100644
--- a/tracking_denials/priv_app.te
+++ b/tracking_denials/priv_app.te
@@ -9,12 +9,8 @@ dontaudit priv_app privapp_data_file:file { open };
 dontaudit priv_app privapp_data_file:file { setattr };
 # b/260768358
 dontaudit priv_app default_android_service:service_manager { find };
-dontaudit priv_app euiccpixel_app:binder { transfer };
 # b/260922442
 dontaudit priv_app default_android_service:service_manager { find };
-dontaudit priv_app euiccpixel_app:binder { transfer };
-# b/262455954
-dontaudit priv_app euiccpixel_app:binder { call };
 # b/263185432
 dontaudit priv_app privapp_data_file:file { unlink };
 # b/264490074
diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te
index 28058c95..215de1a1 100644
--- a/tracking_denials/system_server.te
+++ b/tracking_denials/system_server.te
@@ -1,7 +1,3 @@
-# b/260522040
-dontaudit system_server euiccpixel_app:binder { call };
-dontaudit system_server euiccpixel_app:binder { transfer };
-dontaudit system_server euiccpixel_app:process { setsched };
 # b/261519050
 dontaudit system_server con_monitor_app:binder { call };
 dontaudit system_server con_monitor_app:binder { transfer };
diff --git a/tracking_denials/zygote.te b/tracking_denials/zygote.te
index 4604b01c..2dd799ee 100644
--- a/tracking_denials/zygote.te
+++ b/tracking_denials/zygote.te
@@ -1,5 +1,3 @@
-# b/260522203
-dontaudit zygote euiccpixel_app:process { dyntransition };
 # b/261782930
 dontaudit zygote con_monitor_app:process { dyntransition };
 # b/264490077