From 81112ab63aae949b1ee4a75e36540d11b364eb7f Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Fri, 16 Dec 2022 09:26:05 +0800
Subject: [PATCH] Update error on ROM 9409984

Bug: 262794634
Bug: 262793919
Bug: 262794428
Bug: 262794938
Bug: 262794359
Bug: 262794939
Bug: 262793920
Bug: 262794577
Bug: 262794578
Bug: 262794969
Bug: 262794970
Bug: 262794360
Bug: 262794429
Test: scanAvcDeniedLogRightAfterReboot
Change-Id: Iaa3d4e54ccee70f48a322df6d229d3cae1ba1df6
---
 tracking_denials/hal_health_default.te |  2 ++
 tracking_denials/hal_wifi_ext.te       |  3 +++
 tracking_denials/hbmsvmanager_app.te   |  2 ++
 tracking_denials/init.te               |  4 ++++
 tracking_denials/kernel.te             |  8 ++++++++
 tracking_denials/mediacodec_google.te  | 15 +++++++++++++++
 tracking_denials/mediacodec_samsung.te | 21 +++++++++++++++++++++
 tracking_denials/mediaprovider_app.te  |  3 +++
 tracking_denials/mediaserver.te        |  3 +++
 tracking_denials/mediaswcodec.te       |  2 ++
 tracking_denials/platform_app.te       |  7 +++++++
 tracking_denials/secure_element.te     |  2 ++
 tracking_denials/system_server.te      |  5 +++++
 13 files changed, 77 insertions(+)
 create mode 100644 tracking_denials/hbmsvmanager_app.te
 create mode 100644 tracking_denials/init.te
 create mode 100644 tracking_denials/mediaprovider_app.te
 create mode 100644 tracking_denials/mediaserver.te
 create mode 100644 tracking_denials/mediaswcodec.te

diff --git a/tracking_denials/hal_health_default.te b/tracking_denials/hal_health_default.te
index c0708947..bb6eeae7 100644
--- a/tracking_denials/hal_health_default.te
+++ b/tracking_denials/hal_health_default.te
@@ -21,3 +21,5 @@ dontaudit hal_health_default vendor_battery_defender_prop:property_service { set
 dontaudit hal_health_default dumpstate:fd { use };
 # b/262178574
 dontaudit hal_health_default dumpstate:fifo_file { write };
+# b/262794970
+dontaudit hal_health_default sysfs_batteryinfo:file { write };
diff --git a/tracking_denials/hal_wifi_ext.te b/tracking_denials/hal_wifi_ext.te
index cde3a01c..0011590b 100644
--- a/tracking_denials/hal_wifi_ext.te
+++ b/tracking_denials/hal_wifi_ext.te
@@ -1,2 +1,5 @@
 # b/262455388
 dontaudit hal_wifi_ext grilservice_app:binder { call };
+# b/262794359
+dontaudit hal_wifi_ext updated_wifi_firmware_data_file:dir { search };
+dontaudit hal_wifi_ext vendor_wifi_version:property_service { set };
diff --git a/tracking_denials/hbmsvmanager_app.te b/tracking_denials/hbmsvmanager_app.te
new file mode 100644
index 00000000..19e7a7c5
--- /dev/null
+++ b/tracking_denials/hbmsvmanager_app.te
@@ -0,0 +1,2 @@
+# b/262794939
+dontaudit hbmsvmanager_app hal_pixel_display_service:service_manager { find };
diff --git a/tracking_denials/init.te b/tracking_denials/init.te
new file mode 100644
index 00000000..587bf07b
--- /dev/null
+++ b/tracking_denials/init.te
@@ -0,0 +1,4 @@
+# b/262794360
+dontaudit init ram_device:blk_file { write };
+dontaudit init sysfs_scsi_devices_0000:file { open };
+dontaudit init sysfs_scsi_devices_0000:file { write };
diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te
index 2a401319..b64826ee 100644
--- a/tracking_denials/kernel.te
+++ b/tracking_denials/kernel.te
@@ -10,3 +10,11 @@ dontaudit kernel vendor_regmap_debugfs:dir { search };
 dontaudit kernel vendor_battery_debugfs:dir { search };
 # b/261933155
 dontaudit kernel vendor_fw_file:file { getattr };
+# b/262794429
+dontaudit kernel same_process_hal_file:file { getattr };
+dontaudit kernel sepolicy_file:file { getattr };
+dontaudit kernel system_bootstrap_lib_file:dir { getattr };
+dontaudit kernel system_bootstrap_lib_file:file { getattr };
+dontaudit kernel system_dlkm_file:dir { getattr };
+dontaudit kernel vendor_fw_file:dir { getattr };
+dontaudit kernel vendor_fw_file:dir { read };
diff --git a/tracking_denials/mediacodec_google.te b/tracking_denials/mediacodec_google.te
index 20392125..a1c9e2d8 100644
--- a/tracking_denials/mediacodec_google.te
+++ b/tracking_denials/mediacodec_google.te
@@ -1,2 +1,17 @@
 # b/262633230
 dontaudit mediacodec_google vndbinder_device:chr_file { ioctl };
+# b/262793920
+dontaudit mediacodec_google dmabuf_system_heap_device:chr_file { getattr };
+dontaudit mediacodec_google hwservicemanager:binder { call };
+dontaudit mediacodec_google hwservicemanager:binder { transfer };
+dontaudit mediacodec_google hwservicemanager_prop:file { getattr };
+dontaudit mediacodec_google hwservicemanager_prop:file { map };
+dontaudit mediacodec_google hwservicemanager_prop:file { open };
+dontaudit mediacodec_google hwservicemanager_prop:file { read };
+dontaudit mediacodec_google mediaserver:binder { transfer };
+dontaudit mediacodec_google platform_app:binder { transfer };
+dontaudit mediacodec_google system_server:binder { transfer };
+dontaudit mediacodec_google vndbinder_device:chr_file { map };
+dontaudit mediacodec_google vndbinder_device:chr_file { open };
+dontaudit mediacodec_google vndbinder_device:chr_file { read };
+dontaudit mediacodec_google vndbinder_device:chr_file { write };
diff --git a/tracking_denials/mediacodec_samsung.te b/tracking_denials/mediacodec_samsung.te
index dc939ac6..5476c617 100644
--- a/tracking_denials/mediacodec_samsung.te
+++ b/tracking_denials/mediacodec_samsung.te
@@ -1,3 +1,24 @@
 # b/262633502
 dontaudit mediacodec_samsung tombstoned:unix_stream_socket { connectto };
 dontaudit mediacodec_samsung tombstoned_crash_socket:sock_file { write };
+# b/262794634
+dontaudit mediacodec_samsung dmabuf_system_heap_device:chr_file { getattr };
+dontaudit mediacodec_samsung eco_service:service_manager { add };
+dontaudit mediacodec_samsung hwservicemanager:binder { call };
+dontaudit mediacodec_samsung hwservicemanager:binder { transfer };
+dontaudit mediacodec_samsung hwservicemanager_prop:file { getattr };
+dontaudit mediacodec_samsung hwservicemanager_prop:file { map };
+dontaudit mediacodec_samsung hwservicemanager_prop:file { open };
+dontaudit mediacodec_samsung hwservicemanager_prop:file { read };
+dontaudit mediacodec_samsung appdomain:binder { transfer };
+dontaudit mediacodec_samsung mediaserver:binder { transfer };
+dontaudit mediacodec_samsung mediaswcodec:binder { transfer };
+dontaudit mediacodec_samsung platform_app:binder { transfer };
+dontaudit mediacodec_samsung system_server:binder { transfer };
+dontaudit mediacodec_samsung vndbinder_device:chr_file { ioctl };
+dontaudit mediacodec_samsung vndbinder_device:chr_file { map };
+dontaudit mediacodec_samsung vndbinder_device:chr_file { open };
+dontaudit mediacodec_samsung vndbinder_device:chr_file { read };
+dontaudit mediacodec_samsung vndbinder_device:chr_file { write };
+dontaudit mediacodec_samsung vndservicemanager:binder { call };
+dontaudit mediacodec_samsung vndservicemanager:binder { transfer };
diff --git a/tracking_denials/mediaprovider_app.te b/tracking_denials/mediaprovider_app.te
new file mode 100644
index 00000000..cbd7d9b2
--- /dev/null
+++ b/tracking_denials/mediaprovider_app.te
@@ -0,0 +1,3 @@
+# b/262793919
+dontaudit appdomain mediacodec_samsung:binder { call };
+dontaudit appdomain mediacodec_samsung:binder { transfer };
diff --git a/tracking_denials/mediaserver.te b/tracking_denials/mediaserver.te
new file mode 100644
index 00000000..3c873cea
--- /dev/null
+++ b/tracking_denials/mediaserver.te
@@ -0,0 +1,3 @@
+# b/262794577
+dontaudit mediaserver mediacodec_google:binder { call };
+dontaudit mediaserver mediacodec_samsung:binder { call };
diff --git a/tracking_denials/mediaswcodec.te b/tracking_denials/mediaswcodec.te
new file mode 100644
index 00000000..debcef75
--- /dev/null
+++ b/tracking_denials/mediaswcodec.te
@@ -0,0 +1,2 @@
+# b/262794578
+dontaudit mediaswcodec mediacodec_samsung:binder { call };
diff --git a/tracking_denials/platform_app.te b/tracking_denials/platform_app.te
index 4a540388..2e526121 100644
--- a/tracking_denials/platform_app.te
+++ b/tracking_denials/platform_app.te
@@ -2,3 +2,10 @@
 dontaudit platform_app default_android_service:service_manager { find };
 # b/260922162
 dontaudit platform_app default_android_service:service_manager { find };
+# b/262794428
+dontaudit platform_app hal_wlc:binder { call };
+dontaudit platform_app hal_wlc:binder { transfer };
+dontaudit platform_app mediacodec_google:binder { call };
+dontaudit platform_app mediacodec_google:binder { transfer };
+dontaudit platform_app mediacodec_samsung:binder { call };
+dontaudit platform_app mediacodec_samsung:binder { transfer };
diff --git a/tracking_denials/secure_element.te b/tracking_denials/secure_element.te
index 6d834ef7..6a028a7b 100644
--- a/tracking_denials/secure_element.te
+++ b/tracking_denials/secure_element.te
@@ -10,3 +10,5 @@ dontaudit secure_element system_data_file:dir { remove_name };
 dontaudit secure_element system_data_file:file { create };
 dontaudit secure_element system_data_file:file { rename };
 dontaudit secure_element system_data_file:file { write open };
+# b/262794969
+dontaudit secure_element system_data_file:file { unlink };
diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te
index 7ef08827..28623c87 100644
--- a/tracking_denials/system_server.te
+++ b/tracking_denials/system_server.te
@@ -16,3 +16,8 @@ dontaudit system_server hal_usb_impl:binder { call };
 dontaudit system_server hal_usb_impl:binder { transfer };
 # b/262455682
 dontaudit system_server con_monitor_app:process { setsched };
+# b/262794938
+dontaudit system_server mediacodec_google:binder { call };
+dontaudit system_server mediacodec_google:binder { transfer };
+dontaudit system_server mediacodec_samsung:binder { call };
+dontaudit system_server mediacodec_samsung:binder { transfer };