label GPU as same_process_hal

Bug: 261933250 Bug: 261933249 Bug: 261933226 Bug: 261933097 Bug: 261933428 Bug: 261933227 Bug: 260768740 Bug: 260922185 Test: boot to home under enforcing mode Change-Id: Ied95ce0c1f851785e0848f7af788969f27e45101
2023-01-04 11:59:09 +08:00 · 2023-01-04 11:59:09 +08:00 · 92f2edf487
commit 92f2edf487
parent 97748d82a9
10 changed files with 1 additions and 53 deletions
--- a/private/mediaprovider_app.te
+++ b/private/mediaprovider_app.te
@ -1,6 +0,0 @@
-# b/261933250
-dontaudit mediaprovider_app vendor_file:file { getattr };
-dontaudit mediaprovider_app vendor_file:file { map };
-dontaudit mediaprovider_app vendor_file:file { open };
-dontaudit mediaprovider_app vendor_file:file { read };
-permissive mediaprovider_app;
--- a/tracking_denials/bootanim.te
+++ b/tracking_denials/bootanim.te
@ -2,8 +2,3 @@
 dontaudit bootanim system_data_file:dir { search };
 # b/261105374
 dontaudit bootanim default_android_service:service_manager { find };
-dontaudit bootanim vendor_file:file { execute };
-dontaudit bootanim vendor_file:file { getattr };
-dontaudit bootanim vendor_file:file { map };
-dontaudit bootanim vendor_file:file { open };
-dontaudit bootanim vendor_file:file { read };
--- a/tracking_denials/google_camera_app.te
+++ b/tracking_denials/google_camera_app.te
@ -1,8 +1,3 @@
-# b/261933249
-dontaudit google_camera_app vendor_file:file { getattr };
-dontaudit google_camera_app vendor_file:file { map };
-dontaudit google_camera_app vendor_file:file { open };
-dontaudit google_camera_app vendor_file:file { read };
 # b/262455755
 dontaudit google_camera_app activity_service:service_manager { find };
 dontaudit google_camera_app cameraserver_service:service_manager { find };
--- a/tracking_denials/isolated_app.te
+++ b/tracking_denials/isolated_app.te
@ -1,5 +0,0 @@
-# b/261933226
-dontaudit isolated_app vendor_file:file { getattr };
-dontaudit isolated_app vendor_file:file { map };
-dontaudit isolated_app vendor_file:file { open };
-dontaudit isolated_app vendor_file:file { read };
--- a/tracking_denials/priv_app.te
+++ b/tracking_denials/priv_app.te
@ -13,11 +13,6 @@ dontaudit priv_app euiccpixel_app:binder { transfer };
 # b/260922442
 dontaudit priv_app default_android_service:service_manager { find };
 dontaudit priv_app euiccpixel_app:binder { transfer };
-# b/261933097
-dontaudit priv_app vendor_file:file { getattr };
-dontaudit priv_app vendor_file:file { map };
-dontaudit priv_app vendor_file:file { open };
-dontaudit priv_app vendor_file:file { read };
 # b/262455954
 dontaudit priv_app euiccpixel_app:binder { call };
 # b/263185432
--- a/tracking_denials/surfaceflinger.te
+++ b/tracking_denials/surfaceflinger.te
@ -1,7 +1,2 @@
 # b/261105092
 dontaudit surfaceflinger default_android_service:service_manager { find };
-dontaudit surfaceflinger vendor_file:file { execute };
-dontaudit surfaceflinger vendor_file:file { getattr };
-dontaudit surfaceflinger vendor_file:file { map };
-dontaudit surfaceflinger vendor_file:file { open };
-dontaudit surfaceflinger vendor_file:file { read };
--- a/tracking_denials/untrusted_app.te
+++ b/tracking_denials/untrusted_app.te
@ -1,5 +0,0 @@
-# b/261933428
-dontaudit untrusted_app vendor_file:file { getattr };
-dontaudit untrusted_app vendor_file:file { map };
-dontaudit untrusted_app vendor_file:file { open };
-dontaudit untrusted_app vendor_file:file { read };
--- a/tracking_denials/untrusted_app_30.te
+++ b/tracking_denials/untrusted_app_30.te
@ -1,5 +0,0 @@
-# b/261933227
-dontaudit untrusted_app_30 vendor_file:file { getattr };
-dontaudit untrusted_app_30 vendor_file:file { map };
-dontaudit untrusted_app_30 vendor_file:file { open };
-dontaudit untrusted_app_30 vendor_file:file { read };
--- a/tracking_denials/zygote.te
+++ b/tracking_denials/zygote.te
@ -1,16 +1,4 @@
 # b/260522203
 dontaudit zygote euiccpixel_app:process { dyntransition };
-# b/260768740
-dontaudit zygote vendor_file:file { execute };
-dontaudit zygote vendor_file:file { getattr };
-dontaudit zygote vendor_file:file { map };
-dontaudit zygote vendor_file:file { open };
-dontaudit zygote vendor_file:file { read };
-# b/260922185
-dontaudit zygote vendor_file:file { execute };
-dontaudit zygote vendor_file:file { getattr };
-dontaudit zygote vendor_file:file { map };
-dontaudit zygote vendor_file:file { open };
-dontaudit zygote vendor_file:file { read };
 # b/261782930
 dontaudit zygote con_monitor_app:process { dyntransition };
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@ -26,6 +26,7 @@

 # Vendor Firmwares
 /vendor/firmware(/.*)?                                                      u:object_r:vendor_fw_file:s0
+/vendor/lib64/arm\.mali\.platform-V1-ndk\.so                                u:object_r:same_process_hal_file:s0

 # persist
 /mnt/vendor/persist/camera(/.*)?                                            u:object_r:persist_camera_file:s0