From ab9b7f760926f30bea12545381423405c6da8375 Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Thu, 20 Apr 2023 00:13:52 +0800
Subject: [PATCH 1/2] Label ims_remote_app and rcs_service_app

Bug: 260522282
Change-Id: I4bf27e30eda51794d2047da9ca17044632ec3786
---
 radio/seapp_contexts            | 3 +++
 radio/vendor_ims_remote_app.te  | 4 ++++
 radio/vendor_rcs_service_app.te | 5 +++++
 3 files changed, 12 insertions(+)
 create mode 100644 radio/vendor_ims_remote_app.te
 create mode 100644 radio/vendor_rcs_service_app.te

diff --git a/radio/seapp_contexts b/radio/seapp_contexts
index 9e748531..c167dbea 100644
--- a/radio/seapp_contexts
+++ b/radio/seapp_contexts
@@ -14,7 +14,10 @@ user=_app isPrivApp=true name=com.google.android.grilservice domain=grilservice_
 user=_app isPrivApp=true name=com.samsung.slsi.telephony.oemril domain=oemrilservice_app levelFrom=all
 user=_app isPrivApp=true name=com.shannon.qualifiednetworksservice domain=vendor_qualifiednetworks_app levelFrom=all
 user=_app isPrivApp=true name=com.shannon.rcsservice domain=vendor_rcs_app levelFrom=all
+user=_app isPrivApp=true name=com.shannon.rcsservice:shannonrcsservice domain=vendor_rcs_service_app levelFrom=all
 user=_app isPrivApp=true name=com.shannon.imsservice domain=vendor_ims_app levelFrom=all
+user=_app isPrivApp=true name=com.shannon.imsservice:remote domain=vendor_ims_remote_app levelFrom=all
+
 
 # slsi logging apps
 user=system seinfo=platform name=com.samsung.slsi.telephony.silentlogging domain=vendor_telephony_silentlogging_app levelFrom=all
diff --git a/radio/vendor_ims_remote_app.te b/radio/vendor_ims_remote_app.te
new file mode 100644
index 00000000..f5d3846e
--- /dev/null
+++ b/radio/vendor_ims_remote_app.te
@@ -0,0 +1,4 @@
+type vendor_ims_remote_app, domain;
+app_domain(vendor_ims_remote_app)
+
+allow vendor_ims_remote_app app_api_service:service_manager find;
diff --git a/radio/vendor_rcs_service_app.te b/radio/vendor_rcs_service_app.te
new file mode 100644
index 00000000..a7ae221f
--- /dev/null
+++ b/radio/vendor_rcs_service_app.te
@@ -0,0 +1,5 @@
+type vendor_rcs_service_app, domain;
+app_domain(vendor_rcs_service_app)
+
+allow vendor_rcs_service_app app_api_service:service_manager find;
+allow vendor_rcs_service_app radio_service:service_manager find;

From dc75da30a1a99baed8524580a0bf6c183687b05a Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Wed, 19 Apr 2023 12:45:31 +0800
Subject: [PATCH 2/2] Revert^2 "Enforce priv_app"

This reverts commit 61a95fc71a31eec4d2362bf5d20b8f9ac94cdd40.

Fix: 260522282
Change-Id: I0d5dd994d3acacfee854ae27669358cfc2c249fc
---
 tracking_denials/priv_app.te | 21 ---------------------
 1 file changed, 21 deletions(-)
 delete mode 100644 tracking_denials/priv_app.te

diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te
deleted file mode 100644
index 604cf7d9..00000000
--- a/tracking_denials/priv_app.te
+++ /dev/null
@@ -1,21 +0,0 @@
-# b/260366281
-dontaudit priv_app privapp_data_file:dir { getattr };
-dontaudit priv_app privapp_data_file:dir { search };
-dontaudit priv_app vendor_default_prop:file { getattr };
-dontaudit priv_app vendor_default_prop:file { map };
-dontaudit priv_app vendor_default_prop:file { open };
-# b/260522282
-dontaudit priv_app privapp_data_file:file { open };
-dontaudit priv_app privapp_data_file:file { setattr };
-# b/260768358
-dontaudit priv_app default_android_service:service_manager { find };
-# b/260922442
-dontaudit priv_app default_android_service:service_manager { find };
-# b/263185432
-dontaudit priv_app privapp_data_file:file { unlink };
-# b/264490074
-userdebug_or_eng(`
-  permissive priv_app;
-')# b/268572216
-dontaudit priv_app privapp_data_file:dir { add_name };
-dontaudit priv_app privapp_data_file:dir { remove_name };