From ce444234687a9fbffc58bdd5745bbeb93e0c4e98 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Wed, 14 Dec 2022 11:27:03 +0800
Subject: [PATCH] restart domains

Bug: 254378739
Test: boot to home
Change-Id: I427f1647d5a0a95e750fd59419575cdb7553111e
---
 legacy/whitechapel_pro/hbmsvmanager_app.te        | 11 -----------
 legacy/whitechapel_pro/platform_app.te            | 14 --------------
 legacy/whitechapel_pro/seapp_contexts             |  7 -------
 tracking_denials/permissive.te                    |  4 ++++
 vendor/hbmsvmanager_app.te                        |  6 ++++++
 {legacy/whitechapel_pro => vendor}/ramdump_app.te |  0
 vendor/seapp_contexts                             |  6 ++++++
 7 files changed, 16 insertions(+), 32 deletions(-)
 delete mode 100644 legacy/whitechapel_pro/hbmsvmanager_app.te
 delete mode 100644 legacy/whitechapel_pro/platform_app.te
 delete mode 100644 legacy/whitechapel_pro/seapp_contexts
 create mode 100644 vendor/hbmsvmanager_app.te
 rename {legacy/whitechapel_pro => vendor}/ramdump_app.te (100%)

diff --git a/legacy/whitechapel_pro/hbmsvmanager_app.te b/legacy/whitechapel_pro/hbmsvmanager_app.te
deleted file mode 100644
index 265bde7a..00000000
--- a/legacy/whitechapel_pro/hbmsvmanager_app.te
+++ /dev/null
@@ -1,11 +0,0 @@
-type hbmsvmanager_app, domain;
-
-app_domain(hbmsvmanager_app);
-
-allow hbmsvmanager_app hal_pixel_display_service:service_manager find;
-binder_call(hbmsvmanager_app, hal_graphics_composer_default)
-
-# Standard system services
-allow hbmsvmanager_app app_api_service:service_manager find;
-
-allow hbmsvmanager_app cameraserver_service:service_manager find;
diff --git a/legacy/whitechapel_pro/platform_app.te b/legacy/whitechapel_pro/platform_app.te
deleted file mode 100644
index 079846ad..00000000
--- a/legacy/whitechapel_pro/platform_app.te
+++ /dev/null
@@ -1,14 +0,0 @@
-allow platform_app hal_pixel_display_service:service_manager find;
-allow platform_app hal_wlc_hwservice:hwservice_manager find;
-allow platform_app nfc_service:service_manager find;
-
-# Fingerprint (UDFPS) GHBM/LHBM toggle
-get_prop(platform_app, fingerprint_ghbm_prop)
-
-# allow systemui to set boot animation colors
-set_prop(platform_app, bootanim_system_prop);
-
-binder_call(platform_app, hal_wlc)
-
-# allow udfps of systemui access lhbm
-binder_call(platform_app, hal_graphics_composer_default)
diff --git a/legacy/whitechapel_pro/seapp_contexts b/legacy/whitechapel_pro/seapp_contexts
deleted file mode 100644
index 97f8385c..00000000
--- a/legacy/whitechapel_pro/seapp_contexts
+++ /dev/null
@@ -1,7 +0,0 @@
-# coredump/ramdump
-user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
-
-# HbmSVManager
-user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all
-
-
diff --git a/tracking_denials/permissive.te b/tracking_denials/permissive.te
index 5a5e1176..b3c8925a 100644
--- a/tracking_denials/permissive.te
+++ b/tracking_denials/permissive.te
@@ -33,4 +33,8 @@ userdebug_or_eng(`
   permissive hal_wlc;
   permissive init;
   permissive logd;
+  permissive mediacodec_google;
+  permissive mediacodec_samsung;
+  permissive platform_app;
+  permissive hbmsvmanager_app;
 ')
diff --git a/vendor/hbmsvmanager_app.te b/vendor/hbmsvmanager_app.te
new file mode 100644
index 00000000..0804203c
--- /dev/null
+++ b/vendor/hbmsvmanager_app.te
@@ -0,0 +1,6 @@
+type hbmsvmanager_app, domain;
+
+app_domain(hbmsvmanager_app);
+
+# Standard system services
+allow hbmsvmanager_app app_api_service:service_manager find;
diff --git a/legacy/whitechapel_pro/ramdump_app.te b/vendor/ramdump_app.te
similarity index 100%
rename from legacy/whitechapel_pro/ramdump_app.te
rename to vendor/ramdump_app.te
diff --git a/vendor/seapp_contexts b/vendor/seapp_contexts
index 7c4496d4..9c4ad5ff 100644
--- a/vendor/seapp_contexts
+++ b/vendor/seapp_contexts
@@ -1,12 +1,18 @@
 # Domain for EuiccSupportPixel
 user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
 
+# coredump/ramdump
+user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
+
 # Domain for OFLBasicAgentApp to support NFC/eSIM fw upgrade
 user=_app isPrivApp=true  seinfo=platform name=com.thales.device.ofl.app.basicagent domain=ofl_app type=app_data_file levelFrom=user
 
 # Domain for connectivity monitor
 user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
 
+# HbmSVManager
+user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all
+
 # Google Camera
 user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all