From 6cf7ce5cc0f8f9a49bc7bd59ff05ff0b3fef60e2 Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Fri, 10 Feb 2023 18:34:51 +0800
Subject: [PATCH] Allow vendor_init chown gvotables

Bug: 267736435
Bug: 260366195
Change-Id: I0a27a7fb3719d57449fb3d7f4c4d746d09419a75
---
 tracking_denials/vendor_init.te | 1 -
 vendor/vendor_init.te           | 4 ++++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te
index b1538f92..f8dff5ef 100644
--- a/tracking_denials/vendor_init.te
+++ b/tracking_denials/vendor_init.te
@@ -1,7 +1,6 @@
 # b/260366195
 dontaudit vendor_init debugfs_trace_marker:file { getattr };
 dontaudit vendor_init vendor_init:capability2 { block_suspend };
-dontaudit vendor_init vendor_init:lockdown { integrity };
 # b/260522244
 dontaudit vendor_init sg_device:chr_file { getattr };
 # b/264490095
diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te
index 12c5198e..c03bf787 100644
--- a/vendor/vendor_init.te
+++ b/vendor/vendor_init.te
@@ -12,3 +12,7 @@ allow vendor_init modem_img_file:filesystem { getattr };
 
 # Audio property
 set_prop(vendor_init, vendor_audio_prop)
+
+userdebug_or_eng(`
+allow vendor_init vendor_init:lockdown { integrity };
+')