From f40edb1ad56bd9939f53f2c54fd192ba55a20176 Mon Sep 17 00:00:00 2001
From: George Chang <georgekgchang@google.com>
Date: Thu, 1 Dec 2022 13:58:02 +0800
Subject: [PATCH] Fix hal_nfc_default selinux denial

Allow hal_nfc_default to access vendor_nfc_prop

Bug: 260769165
Bug: 260921340
Test: m atest && atest-dev com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I53ff6262ac3210ee166df6d87c0fa587aa594b86
---
 tracking_denials/hal_nfc_default.te | 10 ----------
 tracking_denials/permissive.te      |  1 -
 vendor/hal_nfc_default.te           |  2 ++
 3 files changed, 2 insertions(+), 11 deletions(-)
 delete mode 100644 tracking_denials/hal_nfc_default.te
 create mode 100644 vendor/hal_nfc_default.te

diff --git a/tracking_denials/hal_nfc_default.te b/tracking_denials/hal_nfc_default.te
deleted file mode 100644
index 8333fe6f..00000000
--- a/tracking_denials/hal_nfc_default.te
+++ /dev/null
@@ -1,10 +0,0 @@
-# b/260769165
-dontaudit hal_nfc_default vendor_nfc_prop:file { getattr };
-dontaudit hal_nfc_default vendor_nfc_prop:file { map };
-dontaudit hal_nfc_default vendor_nfc_prop:file { open };
-dontaudit hal_nfc_default vendor_nfc_prop:file { read };
-# b/260921340
-dontaudit hal_nfc_default vendor_nfc_prop:file { getattr };
-dontaudit hal_nfc_default vendor_nfc_prop:file { map };
-dontaudit hal_nfc_default vendor_nfc_prop:file { open };
-dontaudit hal_nfc_default vendor_nfc_prop:file { read };
diff --git a/tracking_denials/permissive.te b/tracking_denials/permissive.te
index 92452851..e799b149 100644
--- a/tracking_denials/permissive.te
+++ b/tracking_denials/permissive.te
@@ -12,7 +12,6 @@ userdebug_or_eng(`
   permissive hal_graphics_allocator_default;
   permissive hal_graphics_composer_default;
   permissive hal_health_storage_default;
-  permissive hal_nfc_default;
   permissive hal_power_stats_default;
   permissive hal_fingerprint_default;
   permissive gxp_logging;
diff --git a/vendor/hal_nfc_default.te b/vendor/hal_nfc_default.te
new file mode 100644
index 00000000..344ff8af
--- /dev/null
+++ b/vendor/hal_nfc_default.te
@@ -0,0 +1,2 @@
+# HAL NFC property
+get_prop(hal_nfc_default, vendor_nfc_prop)