Update permissions for st54spi and st33spi

Remove st33spi and update st54spi rules

Bug: 261519145
Bug: 261519169
Test: m atest && atest-dev com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I37736275204ad7bea98ce225121e71545260187c

legacy/whitechapel_pro/device.te

@@ -10,10 +10,6 @@ type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
 type vframe_heap_device, dmabuf_heap_device_type, dev_type;
 type vscaler_heap_device, dmabuf_heap_device_type, dev_type;
 
-# SecureElement SPI device
-type st54spi_device, dev_type;
-type st33spi_device, dev_type;
-
 # Raw HID device
 type hidraw_device, dev_type;
 

legacy/whitechapel_pro/file.te

@@ -60,10 +60,6 @@ type proc_f2fs, proc_type, fs_type;
 # Vendor tools
 type vendor_dumpsys, vendor_file_type, file_type;
 
-# SecureElement
-type sysfs_st33spi, sysfs_type, fs_type;
-typeattribute sysfs_st33spi mlstrustedobject;
-
 # USB-C throttling stats
 type sysfs_usbc_throttling_stats, sysfs_type, fs_type;
 

legacy/whitechapel_pro/file_contexts

@@ -99,8 +99,6 @@
 /dev/trusty-ipc-dev0                                                        u:object_r:tee_device:s0
 /dev/sg1                                                                    u:object_r:sg_device:s0
 /dev/st21nfc                                                                u:object_r:nfc_device:s0
-/dev/st54spi                                                                u:object_r:st54spi_device:s0
-/dev/st33spi                                                                u:object_r:st33spi_device:s0
 /dev/logbuffer_tcpm                                                         u:object_r:logbuffer_device:s0
 /dev/sys/block/bootdevice(/.*)?                                             u:object_r:bootdevice_sysdev:s0
 /dev/socket/chre                                                            u:object_r:chre_socket:s0

legacy/whitechapel_pro/genfs_contexts

@@ -150,9 +150,6 @@ genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a      u:object
 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
 
-#SecureElement
-genfscon sysfs /devices/platform/181c0000.spi/spi_master/spi17/spi17.0/st33spi u:object_r:sysfs_st33spi:s0
-
 # Thermal
 genfscon sysfs /devices/platform/100a0000.LITTLE                          u:object_r:sysfs_thermal:s0
 genfscon sysfs /devices/platform/100a0000.MID                             u:object_r:sysfs_thermal:s0

legacy/whitechapel_pro/vendor_init.te

@@ -14,7 +14,6 @@ allow vendor_init proc_sched:file w_file_perms;
 set_prop(vendor_init, vendor_nfc_prop)
 # SecureElement vendor property
 set_prop(vendor_init, vendor_secure_element_prop)
-allow vendor_init sysfs_st33spi:file w_file_perms;
 
 # Fingerprint property
 set_prop(vendor_init, vendor_fingerprint_prop)

tracking_denials/hal_secure_element_st54spi.te

@@ -1,13 +0,0 @@
-# b/261519145
-dontaudit hal_secure_element_st54spi hwservicemanager:binder { call };
-dontaudit hal_secure_element_st54spi hwservicemanager:binder { transfer };
-dontaudit hal_secure_element_st54spi hwservicemanager_prop:file { getattr };
-dontaudit hal_secure_element_st54spi hwservicemanager_prop:file { map };
-dontaudit hal_secure_element_st54spi hwservicemanager_prop:file { open };
-dontaudit hal_secure_element_st54spi hwservicemanager_prop:file { read };
-dontaudit hal_secure_element_st54spi init:unix_stream_socket { connectto };
-dontaudit hal_secure_element_st54spi property_socket:sock_file { write };
-dontaudit hal_secure_element_st54spi secure_element:binder { call };
-dontaudit hal_secure_element_st54spi st54spi_device:chr_file { open };
-dontaudit hal_secure_element_st54spi st54spi_device:chr_file { read write };
-dontaudit hal_secure_element_st54spi vendor_secure_element_prop:property_service { set };

tracking_denials/secure_element.te

@@ -2,9 +2,6 @@
 dontaudit secure_element euiccpixel_app:binder { transfer };
 # b/260922187
 dontaudit secure_element euiccpixel_app:binder { transfer };
-# b/261519169
-dontaudit secure_element hal_secure_element_st54spi:binder { call };
-dontaudit secure_element hal_secure_element_st54spi:binder { transfer };
 # b/261651095
 dontaudit secure_element hal_secure_element_uicc:binder { call };
 dontaudit secure_element hal_secure_element_uicc:binder { transfer };

vendor/device.te

@@ -3,3 +3,6 @@ type custom_ab_block_device, dev_type;
 type devinfo_block_device, dev_type;
 type mfg_data_block_device, dev_type;
 type logbuffer_device, dev_type;
+
+# SecureElement SPI device
+type st54spi_device, dev_type;

vendor/file_contexts

@@ -63,3 +63,4 @@
 /dev/logbuffer_maxfg_base_monitor                                           u:object_r:logbuffer_device:s0
 /dev/logbuffer_maxfg_flip_monitor                                           u:object_r:logbuffer_device:s0
 /dev/logbuffer_wc68                                                         u:object_r:logbuffer_device:s0
+/dev/st54spi                                                                u:object_r:st54spi_device:s0

vendor/hal_secure_element_st54spi.te

@@ -1,4 +1,6 @@
 type hal_secure_element_st54spi, domain;
 type hal_secure_element_st54spi_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_secure_element_st54spi)
-
+hal_server_domain(hal_secure_element_st54spi, hal_secure_element)
+allow hal_secure_element_st54spi st54spi_device:chr_file rw_file_perms;
+set_prop(hal_secure_element_st54spi, vendor_secure_element_prop)