From d48baf4a6bcf52375ed32b749c7adda7c2bc4b84 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Fri, 25 Nov 2022 11:35:22 +0800
Subject: [PATCH] update error on ROM 9321621

Bug: 260366279
Bug: 260365725
Bug: 260366029
Bug: 260366438
Bug: 260366177
Bug: 260366126
Bug: 260366519
Bug: 260366399
Bug: 260366065
Bug: 260366169
Bug: 260366297
Bug: 260366066
Bug: 260366439
Bug: 260366322
Bug: 260366281
Bug: 260366398
Bug: 260366278
Bug: 260366344
Bug: 260366321
Bug: 260363384
Bug: 260366030
Bug: 260366031
Bug: 260366195
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I2ef4a0dc4a2ff373151feb11e1d52e9931d7c0a2
---
 tracking_denials/edgetpu_logging.te           |  4 +++
 tracking_denials/gmscore_app.te               |  2 ++
 tracking_denials/hal_camera_default.te        |  4 +++
 tracking_denials/hal_health_default.te        | 19 ++++++++++++
 tracking_denials/hal_neuralnetworks_armnn.te  |  2 ++
 tracking_denials/hal_power_default.te         | 10 ++++++
 tracking_denials/hal_power_stats_default.te   |  4 +++
 tracking_denials/hal_thermal_default.te       |  4 +++
 tracking_denials/hal_uwb_default.te           |  4 +++
 tracking_denials/hal_vibrator_default.te      | 31 +++++++++++++++++++
 tracking_denials/hal_wlc.te                   |  5 +++
 tracking_denials/insmod-sh.te                 |  3 ++
 tracking_denials/logger_app.te                |  6 ++++
 tracking_denials/pixelstats_vendor.te         |  2 ++
 tracking_denials/priv_app.te                  |  6 ++++
 tracking_denials/proc_vendor_sched.te         |  2 ++
 .../rebalance_interrupts_vendor.te            |  2 ++
 tracking_denials/rlsservice.te                |  5 +++
 tracking_denials/shell.te                     |  3 ++
 tracking_denials/system_app.te                |  3 ++
 tracking_denials/system_server.te             |  4 +++
 tracking_denials/system_suspend.te            | 11 +++++++
 tracking_denials/vendor_init.te               |  4 +++
 23 files changed, 140 insertions(+)
 create mode 100644 tracking_denials/edgetpu_logging.te
 create mode 100644 tracking_denials/hal_camera_default.te
 create mode 100644 tracking_denials/hal_health_default.te
 create mode 100644 tracking_denials/hal_neuralnetworks_armnn.te
 create mode 100644 tracking_denials/hal_power_default.te
 create mode 100644 tracking_denials/hal_power_stats_default.te
 create mode 100644 tracking_denials/hal_thermal_default.te
 create mode 100644 tracking_denials/hal_uwb_default.te
 create mode 100644 tracking_denials/hal_vibrator_default.te
 create mode 100644 tracking_denials/hal_wlc.te
 create mode 100644 tracking_denials/insmod-sh.te
 create mode 100644 tracking_denials/logger_app.te
 create mode 100644 tracking_denials/pixelstats_vendor.te
 create mode 100644 tracking_denials/priv_app.te
 create mode 100644 tracking_denials/proc_vendor_sched.te
 create mode 100644 tracking_denials/rebalance_interrupts_vendor.te
 create mode 100644 tracking_denials/rlsservice.te
 create mode 100644 tracking_denials/shell.te
 create mode 100644 tracking_denials/system_app.te
 create mode 100644 tracking_denials/system_server.te
 create mode 100644 tracking_denials/system_suspend.te
 create mode 100644 tracking_denials/vendor_init.te

diff --git a/tracking_denials/edgetpu_logging.te b/tracking_denials/edgetpu_logging.te
new file mode 100644
index 00000000..9f68d042
--- /dev/null
+++ b/tracking_denials/edgetpu_logging.te
@@ -0,0 +1,4 @@
+# b/260366279
+dontaudit edgetpu_logging sysfs:file { getattr };
+dontaudit edgetpu_logging sysfs:file { open };
+dontaudit edgetpu_logging sysfs:file { read };
diff --git a/tracking_denials/gmscore_app.te b/tracking_denials/gmscore_app.te
index 863ae44d..4efd56d8 100644
--- a/tracking_denials/gmscore_app.te
+++ b/tracking_denials/gmscore_app.te
@@ -1,2 +1,4 @@
 # b/259302023
 dontaudit gmscore_app property_type:file *;
+# b/260365725
+dontaudit gmscore_app property_type:file *;
diff --git a/tracking_denials/hal_camera_default.te b/tracking_denials/hal_camera_default.te
new file mode 100644
index 00000000..513cd0dd
--- /dev/null
+++ b/tracking_denials/hal_camera_default.te
@@ -0,0 +1,4 @@
+# b/260366029
+dontaudit hal_camera_default device:chr_file { ioctl };
+dontaudit hal_camera_default device:chr_file { open };
+dontaudit hal_camera_default device:chr_file { read };
diff --git a/tracking_denials/hal_health_default.te b/tracking_denials/hal_health_default.te
new file mode 100644
index 00000000..d52efb4b
--- /dev/null
+++ b/tracking_denials/hal_health_default.te
@@ -0,0 +1,19 @@
+# b/260366438
+dontaudit hal_health_default init:unix_stream_socket { connectto };
+dontaudit hal_health_default mnt_vendor_file:dir { search };
+dontaudit hal_health_default persist_file:dir { search };
+dontaudit hal_health_default property_socket:sock_file { write };
+dontaudit hal_health_default sysfs:file { getattr };
+dontaudit hal_health_default sysfs:file { open };
+dontaudit hal_health_default sysfs:file { read };
+dontaudit hal_health_default sysfs:file { write };
+dontaudit hal_health_default sysfs_scsi_devices_0000:dir { search };
+dontaudit hal_health_default sysfs_scsi_devices_0000:file { getattr };
+dontaudit hal_health_default sysfs_scsi_devices_0000:file { open };
+dontaudit hal_health_default sysfs_scsi_devices_0000:file { read open };
+dontaudit hal_health_default sysfs_scsi_devices_0000:file { read };
+dontaudit hal_health_default vendor_battery_defender_prop:file { getattr };
+dontaudit hal_health_default vendor_battery_defender_prop:file { map };
+dontaudit hal_health_default vendor_battery_defender_prop:file { open };
+dontaudit hal_health_default vendor_battery_defender_prop:file { read };
+dontaudit hal_health_default vendor_battery_defender_prop:property_service { set };
diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te
new file mode 100644
index 00000000..335dfc66
--- /dev/null
+++ b/tracking_denials/hal_neuralnetworks_armnn.te
@@ -0,0 +1,2 @@
+# b/260366177
+dontaudit hal_neuralnetworks_armnn system_data_file:dir { search };
diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te
new file mode 100644
index 00000000..1e14ea9a
--- /dev/null
+++ b/tracking_denials/hal_power_default.te
@@ -0,0 +1,10 @@
+# b/260366126
+dontaudit hal_power_default sysfs:file { open };
+dontaudit hal_power_default sysfs:file { write };
+dontaudit hal_power_default sysfs_camera:file { open };
+dontaudit hal_power_default sysfs_camera:file { write };
+dontaudit hal_power_default sysfs_display:file { open };
+dontaudit hal_power_default sysfs_display:file { write };
+dontaudit hal_power_default sysfs_fabric:file { open };
+dontaudit hal_power_default sysfs_fabric:file { write };
+dontaudit hal_power_default vendor_camera_prop:property_service { set };
diff --git a/tracking_denials/hal_power_stats_default.te b/tracking_denials/hal_power_stats_default.te
new file mode 100644
index 00000000..ce658dc6
--- /dev/null
+++ b/tracking_denials/hal_power_stats_default.te
@@ -0,0 +1,4 @@
+# b/260366519
+dontaudit hal_power_stats_default sysfs:file { getattr };
+dontaudit hal_power_stats_default sysfs:file { open };
+dontaudit hal_power_stats_default sysfs:file { read };
diff --git a/tracking_denials/hal_thermal_default.te b/tracking_denials/hal_thermal_default.te
new file mode 100644
index 00000000..9f9790d8
--- /dev/null
+++ b/tracking_denials/hal_thermal_default.te
@@ -0,0 +1,4 @@
+# b/260366399
+dontaudit hal_thermal_default sysfs:file { getattr };
+dontaudit hal_thermal_default sysfs:file { open };
+dontaudit hal_thermal_default sysfs:file { read };
diff --git a/tracking_denials/hal_uwb_default.te b/tracking_denials/hal_uwb_default.te
new file mode 100644
index 00000000..b9a3d4fe
--- /dev/null
+++ b/tracking_denials/hal_uwb_default.te
@@ -0,0 +1,4 @@
+# b/260366065
+dontaudit hal_uwb_default device:chr_file { ioctl };
+dontaudit hal_uwb_default device:chr_file { open };
+dontaudit hal_uwb_default device:chr_file { read write };
diff --git a/tracking_denials/hal_vibrator_default.te b/tracking_denials/hal_vibrator_default.te
new file mode 100644
index 00000000..ed9d9fbf
--- /dev/null
+++ b/tracking_denials/hal_vibrator_default.te
@@ -0,0 +1,31 @@
+# b/260366169
+dontaudit hal_vibrator_default input_device:chr_file { getattr };
+dontaudit hal_vibrator_default input_device:chr_file { ioctl };
+dontaudit hal_vibrator_default input_device:chr_file { open };
+dontaudit hal_vibrator_default input_device:chr_file { read write };
+dontaudit hal_vibrator_default input_device:dir { open };
+dontaudit hal_vibrator_default input_device:dir { read };
+dontaudit hal_vibrator_default input_device:dir { search };
+dontaudit hal_vibrator_default mnt_vendor_file:dir { search };
+dontaudit hal_vibrator_default persist_file:dir { search };
+dontaudit hal_vibrator_default persist_haptics_file:dir { search };
+dontaudit hal_vibrator_default persist_haptics_file:file { getattr };
+dontaudit hal_vibrator_default persist_haptics_file:file { open };
+dontaudit hal_vibrator_default persist_haptics_file:file { read };
+dontaudit hal_vibrator_default proc_asound:dir { search };
+dontaudit hal_vibrator_default proc_asound:file { getattr };
+dontaudit hal_vibrator_default proc_asound:file { open };
+dontaudit hal_vibrator_default proc_asound:file { read };
+dontaudit hal_vibrator_default sysfs:file { getattr };
+dontaudit hal_vibrator_default sysfs:file { open };
+dontaudit hal_vibrator_default sysfs:file { read };
+dontaudit hal_vibrator_default sysfs:file { write };
+dontaudit hal_vibrator_default vendor_vibrator_prop:file { getattr };
+dontaudit hal_vibrator_default vendor_vibrator_prop:file { map };
+dontaudit hal_vibrator_default vendor_vibrator_prop:file { open };
+dontaudit hal_vibrator_default vendor_vibrator_prop:file { read };
+dontaudit hal_vibrator_default vndbinder_device:chr_file { ioctl };
+dontaudit hal_vibrator_default vndbinder_device:chr_file { map };
+dontaudit hal_vibrator_default vndbinder_device:chr_file { open };
+dontaudit hal_vibrator_default vndbinder_device:chr_file { read };
+dontaudit hal_vibrator_default vndbinder_device:chr_file { write };
diff --git a/tracking_denials/hal_wlc.te b/tracking_denials/hal_wlc.te
new file mode 100644
index 00000000..c3afb322
--- /dev/null
+++ b/tracking_denials/hal_wlc.te
@@ -0,0 +1,5 @@
+# b/260366297
+dontaudit hal_wlc sysfs:file { getattr };
+dontaudit hal_wlc sysfs:file { open };
+dontaudit hal_wlc sysfs:file { read };
+dontaudit hal_wlc sysfs:file { write };
diff --git a/tracking_denials/insmod-sh.te b/tracking_denials/insmod-sh.te
new file mode 100644
index 00000000..b53a7fca
--- /dev/null
+++ b/tracking_denials/insmod-sh.te
@@ -0,0 +1,3 @@
+# b/260366066
+dontaudit insmod-sh insmod-sh:capability { sys_nice };
+dontaudit insmod-sh kernel:process { setsched };
diff --git a/tracking_denials/logger_app.te b/tracking_denials/logger_app.te
new file mode 100644
index 00000000..74fc423d
--- /dev/null
+++ b/tracking_denials/logger_app.te
@@ -0,0 +1,6 @@
+# b/260366439
+dontaudit logger_app radio_vendor_data_file:dir { search };
+dontaudit logger_app vendor_ssrdump_prop:file { getattr };
+dontaudit logger_app vendor_ssrdump_prop:file { map };
+dontaudit logger_app vendor_ssrdump_prop:file { open };
+dontaudit logger_app vendor_ssrdump_prop:file { read };
diff --git a/tracking_denials/pixelstats_vendor.te b/tracking_denials/pixelstats_vendor.te
new file mode 100644
index 00000000..19ef1f6d
--- /dev/null
+++ b/tracking_denials/pixelstats_vendor.te
@@ -0,0 +1,2 @@
+# b/260366322
+dontaudit pixelstats_vendor servicemanager:binder { call };
diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te
new file mode 100644
index 00000000..8aa86d71
--- /dev/null
+++ b/tracking_denials/priv_app.te
@@ -0,0 +1,6 @@
+# b/260366281
+dontaudit priv_app privapp_data_file:dir { getattr };
+dontaudit priv_app privapp_data_file:dir { search };
+dontaudit priv_app vendor_default_prop:file { getattr };
+dontaudit priv_app vendor_default_prop:file { map };
+dontaudit priv_app vendor_default_prop:file { open };
diff --git a/tracking_denials/proc_vendor_sched.te b/tracking_denials/proc_vendor_sched.te
new file mode 100644
index 00000000..2bc19057
--- /dev/null
+++ b/tracking_denials/proc_vendor_sched.te
@@ -0,0 +1,2 @@
+# b/260366398
+dontaudit proc_vendor_sched proc:filesystem { associate };
diff --git a/tracking_denials/rebalance_interrupts_vendor.te b/tracking_denials/rebalance_interrupts_vendor.te
new file mode 100644
index 00000000..f38b36f8
--- /dev/null
+++ b/tracking_denials/rebalance_interrupts_vendor.te
@@ -0,0 +1,2 @@
+# b/260366278
+dontaudit rebalance_interrupts_vendor rebalance_interrupts_vendor:capability { dac_override };
diff --git a/tracking_denials/rlsservice.te b/tracking_denials/rlsservice.te
new file mode 100644
index 00000000..a7fcc4b2
--- /dev/null
+++ b/tracking_denials/rlsservice.te
@@ -0,0 +1,5 @@
+# b/260366344
+dontaudit rlsservice vendor_camera_prop:file { getattr };
+dontaudit rlsservice vendor_camera_prop:file { map };
+dontaudit rlsservice vendor_camera_prop:file { open };
+dontaudit rlsservice vendor_camera_prop:file { read };
diff --git a/tracking_denials/shell.te b/tracking_denials/shell.te
new file mode 100644
index 00000000..e744c423
--- /dev/null
+++ b/tracking_denials/shell.te
@@ -0,0 +1,3 @@
+# b/260366321
+dontaudit shell property_type:file *;
+
diff --git a/tracking_denials/system_app.te b/tracking_denials/system_app.te
new file mode 100644
index 00000000..753939a1
--- /dev/null
+++ b/tracking_denials/system_app.te
@@ -0,0 +1,3 @@
+# b/260363384
+dontaudit system_app hal_wlc:binder { call };
+dontaudit system_app hal_wlc_hwservice:hwservice_manager { find };
diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te
new file mode 100644
index 00000000..bfafa5c5
--- /dev/null
+++ b/tracking_denials/system_server.te
@@ -0,0 +1,4 @@
+# b/260366030
+dontaudit system_server sysfs:file { getattr };
+dontaudit system_server sysfs:file { open };
+dontaudit system_server sysfs:file { read };
diff --git a/tracking_denials/system_suspend.te b/tracking_denials/system_suspend.te
new file mode 100644
index 00000000..48ce0f78
--- /dev/null
+++ b/tracking_denials/system_suspend.te
@@ -0,0 +1,11 @@
+# b/260366031
+dontaudit system_suspend_server sysfs:dir { open };
+dontaudit system_suspend_server sysfs:dir { read };
+dontaudit system_suspend_server sysfs:file { getattr };
+dontaudit system_suspend_server sysfs:file { open };
+dontaudit system_suspend_server sysfs:file { read };
+dontaudit system_suspend_server sysfs_aoc:dir { open };
+dontaudit system_suspend_server sysfs_aoc:dir { read };
+dontaudit system_suspend_server sysfs_aoc:file { getattr };
+dontaudit system_suspend_server sysfs_aoc:file { open };
+dontaudit system_suspend_server sysfs_aoc:file { read };
diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te
new file mode 100644
index 00000000..c6bfb4c4
--- /dev/null
+++ b/tracking_denials/vendor_init.te
@@ -0,0 +1,4 @@
+# b/260366195
+dontaudit vendor_init debugfs_trace_marker:file { getattr };
+dontaudit vendor_init vendor_init:capability2 { block_suspend };
+dontaudit vendor_init vendor_init:lockdown { integrity };