restart a number of domains

Bug: 254378739
Test: boot to home
Change-Id: I2390670d7d885d0e63fd6d1b4a1c9996ac3b6ee5

legacy/whitechapel_pro/audioserver.te

@@ -1,3 +0,0 @@
-# allow access to ALSA MMAP FDs for AAudio API
-allow audioserver audio_device:chr_file r_file_perms;
-allow audioserver audio_service:service_manager find;

legacy/whitechapel_pro/bluetooth.te

@@ -1,2 +0,0 @@
-allow hal_bluetooth_btlinux aoc_device:chr_file { getattr open read write };
-allow hal_bluetooth_btlinux device:dir r_dir_perms;

legacy/whitechapel_pro/bootdevice_sysdev.te

@@ -1 +0,0 @@
-allow bootdevice_sysdev sysfs:filesystem associate;

legacy/whitechapel_pro/cccdk_timesync_app.te

@@ -1,10 +0,0 @@
-type vendor_cccdktimesync_app, domain;
-app_domain(vendor_cccdktimesync_app)
-
-allow vendor_cccdktimesync_app app_api_service:service_manager find;
-
-binder_call(vendor_cccdktimesync_app, hal_bluetooth_btlinux)
-allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find;
-
-# allow the HAL to call our registered callbacks
-binder_call(hal_bluetooth_btlinux, vendor_cccdktimesync_app)

legacy/whitechapel_pro/charger_vendor.te

@@ -1,10 +0,0 @@
-allow charger_vendor mnt_vendor_file:dir search;
-allow charger_vendor sysfs_batteryinfo:file w_file_perms;
-allow charger_vendor persist_file:dir search;
-allow charger_vendor persist_battery_file:dir search;
-allow charger_vendor persist_battery_file:file rw_file_perms;
-allow charger_vendor sysfs_scsi_devices_0000:file r_file_perms;
-allow charger_vendor sysfs_thermal:file w_file_perms;
-allow charger_vendor sysfs_thermal:lnk_file read;
-allow charger_vendor thermal_link_device:dir search;
-set_prop(charger_vendor, vendor_battery_defender_prop)

legacy/whitechapel_pro/chre.te

@@ -1,24 +0,0 @@
-type chre, domain;
-type chre_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(chre)
-
-# Permit communication with AoC
-allow chre aoc_device:chr_file rw_file_perms;
-
-# Allow CHRE to determine AoC's current clock
-allow chre sysfs_aoc:dir search;
-allow chre sysfs_aoc_boottime:file r_file_perms;
-
-# Allow CHRE to create thread to watch AOC's device
-allow chre device:dir r_dir_perms;
-
-# Allow CHRE to use the USF low latency transport
-usf_low_latency_transport(chre)
-
-# Allow CHRE to talk to the WiFi HAL
-allow chre hal_wifi_ext:binder { call transfer };
-allow chre hal_wifi_ext_hwservice:hwservice_manager find;
-allow chre hal_wifi_ext_service:service_manager find;
-
-# Allow CHRE to block suspend, which is required to use EPOLLWAKEUP.
-allow chre self:global_capability2_class_set block_suspend;

legacy/whitechapel_pro/euiccpixel_app.te

@@ -1,26 +0,0 @@
-# EuiccSupportPixel app
-
-type euiccpixel_app, domain;
-app_domain(euiccpixel_app)
-
-allow euiccpixel_app app_api_service:service_manager find;
-allow euiccpixel_app radio_service:service_manager find;
-allow euiccpixel_app nfc_service:service_manager find;
-allow euiccpixel_app sysfs_st33spi:dir search;
-allow euiccpixel_app sysfs_st33spi:file rw_file_perms;
-
-set_prop(euiccpixel_app, vendor_secure_element_prop)
-set_prop(euiccpixel_app, vendor_modem_prop)
-get_prop(euiccpixel_app, dck_prop)
-
-userdebug_or_eng(`
-    net_domain(euiccpixel_app)
-
-    # Access to directly upgrade firmware on st54spi_device used for engineering devices
-    typeattribute st54spi_device mlstrustedobject;
-    allow euiccpixel_app st54spi_device:chr_file rw_file_perms;
-    # Access to directly upgrade firmware on st33spi_device used for engineering devices
-    typeattribute st33spi_device mlstrustedobject;
-    allow euiccpixel_app st33spi_device:chr_file rw_file_perms;
-')
-

legacy/whitechapel_pro/kernel.te

@@ -1,11 +0,0 @@
-allow kernel vendor_fw_file:dir search;
-allow kernel vendor_fw_file:file r_file_perms;
-
-# ZRam
-allow kernel per_boot_file:file r_file_perms;
-
-# memlat needs permision to create/delete perf events when hotplug on/off
-allow kernel self:capability2 perfmon;
-allow kernel self:perf_event cpu;
-
-dontaudit kernel vendor_battery_debugfs:dir search;

legacy/whitechapel_pro/seapp_contexts

@@ -14,11 +14,7 @@ user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymon
 # TODO(b/222204912): Should this run under uwb user?
 user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
 
-# Domain for EuiccSupportPixel
-user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
-
 # Google Camera
 user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all
 
-# CccDkTimeSyncService
-user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all
+

tracking_denials/permissive.te

@@ -2,4 +2,10 @@ userdebug_or_eng(`
   permissive pixelstats_vendor;
   permissive logger_app;
   permissive fastbootd;
+  permissive audioserver;
+  permissive hal_bluetooth_btlinux;
+  permissive bootdevice_sysdev;
+  permissive charger_vendor;
+  permissive chre;
+  permissive kernel;
 ')

vendor/cccdk_timesync_app.te

@@ -0,0 +1,2 @@
+type vendor_cccdktimesync_app, domain;
+

vendor/chre.te

@@ -0,0 +1,4 @@
+type chre, domain;
+type chre_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(chre)
+

vendor/euiccpixel_app.te

@@ -0,0 +1,4 @@
+# EuiccSupportPixel app
+
+type euiccpixel_app, domain;
+

vendor/seapp_contexts

@@ -0,0 +1,5 @@
+# Domain for EuiccSupportPixel
+user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
+
+# CccDkTimeSyncService
+user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all