From ec17f1a1257df5b59bc7939ede24ab8760989b9e Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Mon, 28 Nov 2022 09:51:25 +0800
Subject: [PATCH] update error on ROM 9336524

Bug: 260522279
Bug: 260522435
Bug: 260522413
Bug: 260522434
Bug: 260522436
Bug: 260522378
Bug: 260522202
Bug: 260522245
Bug: 260522268
Bug: 260522282
Bug: 260522040
Bug: 260522041
Bug: 260522244
Bug: 260522203
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: Ib61f9c376c1351e1619621c79506396f6c291eed
---
 tracking_denials/bootanim.te            |  2 ++
 tracking_denials/chre.te                |  7 +++++
 tracking_denials/euiccpixel_app.te      | 37 +++++++++++++++++++++++++
 tracking_denials/gmscore_app.te         |  2 ++
 tracking_denials/hal_bootctl_default.te |  3 ++
 tracking_denials/insmod-sh.te           |  2 ++
 tracking_denials/installd.te            |  2 ++
 tracking_denials/kernel.te              |  8 ++++++
 tracking_denials/logger_app.te          |  9 ++++++
 tracking_denials/priv_app.te            |  3 ++
 tracking_denials/system_server.te       |  4 +++
 tracking_denials/toolbox.te             | 14 ++++++++++
 tracking_denials/vendor_init.te         |  2 ++
 tracking_denials/zygote.te              |  2 ++
 14 files changed, 97 insertions(+)
 create mode 100644 tracking_denials/bootanim.te
 create mode 100644 tracking_denials/chre.te
 create mode 100644 tracking_denials/euiccpixel_app.te
 create mode 100644 tracking_denials/hal_bootctl_default.te
 create mode 100644 tracking_denials/installd.te
 create mode 100644 tracking_denials/kernel.te
 create mode 100644 tracking_denials/toolbox.te
 create mode 100644 tracking_denials/zygote.te

diff --git a/tracking_denials/bootanim.te b/tracking_denials/bootanim.te
new file mode 100644
index 00000000..e15c110c
--- /dev/null
+++ b/tracking_denials/bootanim.te
@@ -0,0 +1,2 @@
+# b/260522279
+dontaudit bootanim system_data_file:dir { search };
diff --git a/tracking_denials/chre.te b/tracking_denials/chre.te
new file mode 100644
index 00000000..218bea4d
--- /dev/null
+++ b/tracking_denials/chre.te
@@ -0,0 +1,7 @@
+# b/260522435
+dontaudit chre aoc_device:chr_file { getattr };
+dontaudit chre aoc_device:chr_file { open };
+dontaudit chre aoc_device:chr_file { read write };
+dontaudit chre chre:capability2 { block_suspend };
+dontaudit chre device:dir { read };
+dontaudit chre device:dir { watch };
diff --git a/tracking_denials/euiccpixel_app.te b/tracking_denials/euiccpixel_app.te
new file mode 100644
index 00000000..62ed660b
--- /dev/null
+++ b/tracking_denials/euiccpixel_app.te
@@ -0,0 +1,37 @@
+# b/260522413
+dontaudit euiccpixel_app activity_service:service_manager { find };
+dontaudit euiccpixel_app data_file_type:dir *;
+dontaudit euiccpixel_app data_file_type:file *;
+dontaudit euiccpixel_app content_capture_service:service_manager { find };
+dontaudit euiccpixel_app dalvikcache_data_file:dir { getattr };
+dontaudit euiccpixel_app dalvikcache_data_file:dir { search };
+dontaudit euiccpixel_app game_service:service_manager { find };
+dontaudit euiccpixel_app graphics_config_prop:file { getattr };
+dontaudit euiccpixel_app graphics_config_prop:file { map };
+dontaudit euiccpixel_app graphics_config_prop:file { open };
+dontaudit euiccpixel_app graphics_config_prop:file { read };
+dontaudit euiccpixel_app mnt_expand_file:dir { getattr };
+dontaudit euiccpixel_app netstats_service:service_manager { find };
+dontaudit euiccpixel_app resourcecache_data_file:dir { search };
+dontaudit euiccpixel_app resourcecache_data_file:file { getattr };
+dontaudit euiccpixel_app resourcecache_data_file:file { map };
+dontaudit euiccpixel_app resourcecache_data_file:file { open };
+dontaudit euiccpixel_app resourcecache_data_file:file { read };
+dontaudit euiccpixel_app servicemanager:binder { call };
+dontaudit euiccpixel_app statsd:unix_dgram_socket { sendto };
+dontaudit euiccpixel_app statsdw_socket:sock_file { write };
+dontaudit euiccpixel_app system_file:file { execute };
+dontaudit euiccpixel_app system_file:file { getattr };
+dontaudit euiccpixel_app system_file:file { map };
+dontaudit euiccpixel_app system_file:file { open };
+dontaudit euiccpixel_app system_file:file { read };
+dontaudit euiccpixel_app system_server:binder { call };
+dontaudit euiccpixel_app system_server:binder { transfer };
+dontaudit euiccpixel_app system_server:fd { use };
+dontaudit euiccpixel_app system_userdir_file:dir { search };
+dontaudit euiccpixel_app tmpfs:file { execute };
+dontaudit euiccpixel_app tmpfs:file { map };
+dontaudit euiccpixel_app tmpfs:file { read };
+dontaudit euiccpixel_app tmpfs:file { write };
+dontaudit euiccpixel_app user_profile_data_file:dir { search };
+dontaudit euiccpixel_app user_profile_data_file:file { getattr };
diff --git a/tracking_denials/gmscore_app.te b/tracking_denials/gmscore_app.te
index 4efd56d8..a7a4c687 100644
--- a/tracking_denials/gmscore_app.te
+++ b/tracking_denials/gmscore_app.te
@@ -2,3 +2,5 @@
 dontaudit gmscore_app property_type:file *;
 # b/260365725
 dontaudit gmscore_app property_type:file *;
+# b/260522434
+dontaudit gmscore_app modem_img_file:filesystem { getattr };
diff --git a/tracking_denials/hal_bootctl_default.te b/tracking_denials/hal_bootctl_default.te
new file mode 100644
index 00000000..7b26806d
--- /dev/null
+++ b/tracking_denials/hal_bootctl_default.te
@@ -0,0 +1,3 @@
+# b/260522436
+dontaudit hal_bootctl_default devinfo_block_device:blk_file { open };
+dontaudit hal_bootctl_default devinfo_block_device:blk_file { read };
diff --git a/tracking_denials/insmod-sh.te b/tracking_denials/insmod-sh.te
index b53a7fca..12adcbea 100644
--- a/tracking_denials/insmod-sh.te
+++ b/tracking_denials/insmod-sh.te
@@ -1,3 +1,5 @@
 # b/260366066
 dontaudit insmod-sh insmod-sh:capability { sys_nice };
 dontaudit insmod-sh kernel:process { setsched };
+# b/260522378
+dontaudit insmod-sh vendor_regmap_debugfs:dir { search };
diff --git a/tracking_denials/installd.te b/tracking_denials/installd.te
new file mode 100644
index 00000000..efeeeee5
--- /dev/null
+++ b/tracking_denials/installd.te
@@ -0,0 +1,2 @@
+# b/260522202
+dontaudit installd modem_img_file:filesystem { quotaget };
diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te
new file mode 100644
index 00000000..8ad07d69
--- /dev/null
+++ b/tracking_denials/kernel.te
@@ -0,0 +1,8 @@
+# b/260522245
+dontaudit kernel per_boot_file:file { read };
+dontaudit kernel same_process_hal_file:file { open };
+dontaudit kernel same_process_hal_file:file { read };
+dontaudit kernel vendor_fw_file:dir { search };
+dontaudit kernel vendor_fw_file:file { open };
+dontaudit kernel vendor_fw_file:file { read };
+dontaudit kernel vendor_regmap_debugfs:dir { search };
diff --git a/tracking_denials/logger_app.te b/tracking_denials/logger_app.te
index 74fc423d..cd0e7255 100644
--- a/tracking_denials/logger_app.te
+++ b/tracking_denials/logger_app.te
@@ -4,3 +4,12 @@ dontaudit logger_app vendor_ssrdump_prop:file { getattr };
 dontaudit logger_app vendor_ssrdump_prop:file { map };
 dontaudit logger_app vendor_ssrdump_prop:file { open };
 dontaudit logger_app vendor_ssrdump_prop:file { read };
+# b/260522268
+dontaudit logger_app radio_vendor_data_file:dir { getattr };
+dontaudit logger_app radio_vendor_data_file:dir { open };
+dontaudit logger_app radio_vendor_data_file:dir { read };
+dontaudit logger_app radio_vendor_data_file:dir { setattr };
+dontaudit logger_app vendor_modem_prop:file { getattr };
+dontaudit logger_app vendor_modem_prop:file { map };
+dontaudit logger_app vendor_modem_prop:file { open };
+dontaudit logger_app vendor_modem_prop:file { read };
diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te
index 8aa86d71..f57e3d0e 100644
--- a/tracking_denials/priv_app.te
+++ b/tracking_denials/priv_app.te
@@ -4,3 +4,6 @@ dontaudit priv_app privapp_data_file:dir { search };
 dontaudit priv_app vendor_default_prop:file { getattr };
 dontaudit priv_app vendor_default_prop:file { map };
 dontaudit priv_app vendor_default_prop:file { open };
+# b/260522282
+dontaudit priv_app privapp_data_file:file { open };
+dontaudit priv_app privapp_data_file:file { setattr };
diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te
index bfafa5c5..53a9c474 100644
--- a/tracking_denials/system_server.te
+++ b/tracking_denials/system_server.te
@@ -2,3 +2,7 @@
 dontaudit system_server sysfs:file { getattr };
 dontaudit system_server sysfs:file { open };
 dontaudit system_server sysfs:file { read };
+# b/260522040
+dontaudit system_server euiccpixel_app:binder { call };
+dontaudit system_server euiccpixel_app:binder { transfer };
+dontaudit system_server euiccpixel_app:process { setsched };
diff --git a/tracking_denials/toolbox.te b/tracking_denials/toolbox.te
new file mode 100644
index 00000000..53373d91
--- /dev/null
+++ b/tracking_denials/toolbox.te
@@ -0,0 +1,14 @@
+# b/260522041
+dontaudit toolbox per_boot_file:dir { getattr };
+dontaudit toolbox per_boot_file:dir { open };
+dontaudit toolbox per_boot_file:dir { read };
+dontaudit toolbox per_boot_file:dir { remove_name };
+dontaudit toolbox per_boot_file:dir { rmdir };
+dontaudit toolbox per_boot_file:dir { search };
+dontaudit toolbox per_boot_file:dir { write };
+dontaudit toolbox per_boot_file:file { getattr };
+dontaudit toolbox per_boot_file:file { unlink };
+dontaudit toolbox ram_device:blk_file { getattr };
+dontaudit toolbox ram_device:blk_file { ioctl };
+dontaudit toolbox ram_device:blk_file { open };
+dontaudit toolbox ram_device:blk_file { read write };
diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te
index c6bfb4c4..78f166c1 100644
--- a/tracking_denials/vendor_init.te
+++ b/tracking_denials/vendor_init.te
@@ -2,3 +2,5 @@
 dontaudit vendor_init debugfs_trace_marker:file { getattr };
 dontaudit vendor_init vendor_init:capability2 { block_suspend };
 dontaudit vendor_init vendor_init:lockdown { integrity };
+# b/260522244
+dontaudit vendor_init sg_device:chr_file { getattr };
diff --git a/tracking_denials/zygote.te b/tracking_denials/zygote.te
new file mode 100644
index 00000000..5f0aae76
--- /dev/null
+++ b/tracking_denials/zygote.te
@@ -0,0 +1,2 @@
+# b/260522203
+dontaudit zygote euiccpixel_app:process { dyntransition };