From 92f2edf487a20cfb3be6687f848dfd0c4047f179 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Wed, 4 Jan 2023 11:59:09 +0800
Subject: [PATCH] label GPU as same_process_hal

Bug: 261933250
Bug: 261933249
Bug: 261933226
Bug: 261933097
Bug: 261933428
Bug: 261933227
Bug: 260768740
Bug: 260922185
Test: boot to home under enforcing mode
Change-Id: Ied95ce0c1f851785e0848f7af788969f27e45101
---
 private/mediaprovider_app.te          |  6 ------
 tracking_denials/bootanim.te          |  5 -----
 tracking_denials/google_camera_app.te |  5 -----
 tracking_denials/isolated_app.te      |  5 -----
 tracking_denials/priv_app.te          |  5 -----
 tracking_denials/surfaceflinger.te    |  5 -----
 tracking_denials/untrusted_app.te     |  5 -----
 tracking_denials/untrusted_app_30.te  |  5 -----
 tracking_denials/zygote.te            | 12 ------------
 vendor/file_contexts                  |  1 +
 10 files changed, 1 insertion(+), 53 deletions(-)
 delete mode 100644 private/mediaprovider_app.te
 delete mode 100644 tracking_denials/isolated_app.te
 delete mode 100644 tracking_denials/untrusted_app.te
 delete mode 100644 tracking_denials/untrusted_app_30.te

diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
deleted file mode 100644
index 35aa13e4..00000000
--- a/private/mediaprovider_app.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# b/261933250
-dontaudit mediaprovider_app vendor_file:file { getattr };
-dontaudit mediaprovider_app vendor_file:file { map };
-dontaudit mediaprovider_app vendor_file:file { open };
-dontaudit mediaprovider_app vendor_file:file { read };
-permissive mediaprovider_app;
diff --git a/tracking_denials/bootanim.te b/tracking_denials/bootanim.te
index a0346b1c..8989036e 100644
--- a/tracking_denials/bootanim.te
+++ b/tracking_denials/bootanim.te
@@ -2,8 +2,3 @@
 dontaudit bootanim system_data_file:dir { search };
 # b/261105374
 dontaudit bootanim default_android_service:service_manager { find };
-dontaudit bootanim vendor_file:file { execute };
-dontaudit bootanim vendor_file:file { getattr };
-dontaudit bootanim vendor_file:file { map };
-dontaudit bootanim vendor_file:file { open };
-dontaudit bootanim vendor_file:file { read };
diff --git a/tracking_denials/google_camera_app.te b/tracking_denials/google_camera_app.te
index bfb0444d..ff17ccc1 100644
--- a/tracking_denials/google_camera_app.te
+++ b/tracking_denials/google_camera_app.te
@@ -1,8 +1,3 @@
-# b/261933249
-dontaudit google_camera_app vendor_file:file { getattr };
-dontaudit google_camera_app vendor_file:file { map };
-dontaudit google_camera_app vendor_file:file { open };
-dontaudit google_camera_app vendor_file:file { read };
 # b/262455755
 dontaudit google_camera_app activity_service:service_manager { find };
 dontaudit google_camera_app cameraserver_service:service_manager { find };
diff --git a/tracking_denials/isolated_app.te b/tracking_denials/isolated_app.te
deleted file mode 100644
index b4b36a30..00000000
--- a/tracking_denials/isolated_app.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# b/261933226
-dontaudit isolated_app vendor_file:file { getattr };
-dontaudit isolated_app vendor_file:file { map };
-dontaudit isolated_app vendor_file:file { open };
-dontaudit isolated_app vendor_file:file { read };
diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te
index 4a8c3c8f..c9c80487 100644
--- a/tracking_denials/priv_app.te
+++ b/tracking_denials/priv_app.te
@@ -13,11 +13,6 @@ dontaudit priv_app euiccpixel_app:binder { transfer };
 # b/260922442
 dontaudit priv_app default_android_service:service_manager { find };
 dontaudit priv_app euiccpixel_app:binder { transfer };
-# b/261933097
-dontaudit priv_app vendor_file:file { getattr };
-dontaudit priv_app vendor_file:file { map };
-dontaudit priv_app vendor_file:file { open };
-dontaudit priv_app vendor_file:file { read };
 # b/262455954
 dontaudit priv_app euiccpixel_app:binder { call };
 # b/263185432
diff --git a/tracking_denials/surfaceflinger.te b/tracking_denials/surfaceflinger.te
index ef3a689f..c09f2957 100644
--- a/tracking_denials/surfaceflinger.te
+++ b/tracking_denials/surfaceflinger.te
@@ -1,7 +1,2 @@
 # b/261105092
 dontaudit surfaceflinger default_android_service:service_manager { find };
-dontaudit surfaceflinger vendor_file:file { execute };
-dontaudit surfaceflinger vendor_file:file { getattr };
-dontaudit surfaceflinger vendor_file:file { map };
-dontaudit surfaceflinger vendor_file:file { open };
-dontaudit surfaceflinger vendor_file:file { read };
diff --git a/tracking_denials/untrusted_app.te b/tracking_denials/untrusted_app.te
deleted file mode 100644
index 7f589d68..00000000
--- a/tracking_denials/untrusted_app.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# b/261933428
-dontaudit untrusted_app vendor_file:file { getattr };
-dontaudit untrusted_app vendor_file:file { map };
-dontaudit untrusted_app vendor_file:file { open };
-dontaudit untrusted_app vendor_file:file { read };
diff --git a/tracking_denials/untrusted_app_30.te b/tracking_denials/untrusted_app_30.te
deleted file mode 100644
index 7d9ac4b2..00000000
--- a/tracking_denials/untrusted_app_30.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# b/261933227
-dontaudit untrusted_app_30 vendor_file:file { getattr };
-dontaudit untrusted_app_30 vendor_file:file { map };
-dontaudit untrusted_app_30 vendor_file:file { open };
-dontaudit untrusted_app_30 vendor_file:file { read };
diff --git a/tracking_denials/zygote.te b/tracking_denials/zygote.te
index e3d11012..a608a468 100644
--- a/tracking_denials/zygote.te
+++ b/tracking_denials/zygote.te
@@ -1,16 +1,4 @@
 # b/260522203
 dontaudit zygote euiccpixel_app:process { dyntransition };
-# b/260768740
-dontaudit zygote vendor_file:file { execute };
-dontaudit zygote vendor_file:file { getattr };
-dontaudit zygote vendor_file:file { map };
-dontaudit zygote vendor_file:file { open };
-dontaudit zygote vendor_file:file { read };
-# b/260922185
-dontaudit zygote vendor_file:file { execute };
-dontaudit zygote vendor_file:file { getattr };
-dontaudit zygote vendor_file:file { map };
-dontaudit zygote vendor_file:file { open };
-dontaudit zygote vendor_file:file { read };
 # b/261782930
 dontaudit zygote con_monitor_app:process { dyntransition };
diff --git a/vendor/file_contexts b/vendor/file_contexts
index a96cf5e9..e1e071bc 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -26,6 +26,7 @@
 
 # Vendor Firmwares
 /vendor/firmware(/.*)?                                                      u:object_r:vendor_fw_file:s0
+/vendor/lib64/arm\.mali\.platform-V1-ndk\.so                                u:object_r:same_process_hal_file:s0
 
 # persist
 /mnt/vendor/persist/camera(/.*)?                                            u:object_r:persist_camera_file:s0