From f5fc404dca85399b96e658d19c88eddc690779fe Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Wed, 30 Nov 2022 07:57:53 +0800
Subject: [PATCH] update error on ROM 9344284

Bug: 260769064
Bug: 260769163
Bug: 260768359
Bug: 260769165
Bug: 260769063
Bug: 260768935
Bug: 260769144
Bug: 260768402
Bug: 260768358
Bug: 260768672
Bug: 260768379
Bug: 260768740
Test: pts-tradefed run pts -m PtsSELinuxTest
Change-Id: I2a4f4bffc251e43ed139b8e910a4195b141033f7
---
 tracking_denials/euiccpixel_app.te                |  5 +++++
 tracking_denials/hal_graphics_composer_default.te |  8 ++++++++
 tracking_denials/hal_neuralnetworks_armnn.te      |  5 +++++
 tracking_denials/hal_nfc_default.te               |  5 +++++
 tracking_denials/hal_power_default.te             |  2 ++
 tracking_denials/hal_power_stats_default.te       | 11 +++++++++++
 tracking_denials/logger_app.te                    |  7 +++++++
 tracking_denials/platform_app.te                  |  2 ++
 tracking_denials/priv_app.te                      |  3 +++
 tracking_denials/secure_element.te                |  2 ++
 tracking_denials/system_app.te                    |  3 +++
 tracking_denials/zygote.te                        |  6 ++++++
 12 files changed, 59 insertions(+)
 create mode 100644 tracking_denials/hal_graphics_composer_default.te
 create mode 100644 tracking_denials/hal_nfc_default.te
 create mode 100644 tracking_denials/platform_app.te
 create mode 100644 tracking_denials/secure_element.te

diff --git a/tracking_denials/euiccpixel_app.te b/tracking_denials/euiccpixel_app.te
index 62ed660b..20f0dcac 100644
--- a/tracking_denials/euiccpixel_app.te
+++ b/tracking_denials/euiccpixel_app.te
@@ -35,3 +35,8 @@ dontaudit euiccpixel_app tmpfs:file { read };
 dontaudit euiccpixel_app tmpfs:file { write };
 dontaudit euiccpixel_app user_profile_data_file:dir { search };
 dontaudit euiccpixel_app user_profile_data_file:file { getattr };
+# b/260769064
+dontaudit euiccpixel_app priv_app:binder { call };
+dontaudit euiccpixel_app priv_app:binder { transfer };
+dontaudit euiccpixel_app secure_element:binder { call };
+dontaudit euiccpixel_app secure_element:binder { transfer };
diff --git a/tracking_denials/hal_graphics_composer_default.te b/tracking_denials/hal_graphics_composer_default.te
new file mode 100644
index 00000000..e23513c7
--- /dev/null
+++ b/tracking_denials/hal_graphics_composer_default.te
@@ -0,0 +1,8 @@
+# b/260769163
+dontaudit hal_graphics_composer_default hal_graphics_composer_default:netlink_kobject_uevent_socket { read };
+dontaudit hal_graphics_composer_default hal_power_default:binder { call };
+dontaudit hal_graphics_composer_default sysfs_leds:dir { search };
+dontaudit hal_graphics_composer_default sysfs_leds:file { getattr };
+dontaudit hal_graphics_composer_default sysfs_leds:file { open };
+dontaudit hal_graphics_composer_default sysfs_leds:file { read };
+dontaudit hal_graphics_composer_default vndbinder_device:chr_file { ioctl };
diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te
index 335dfc66..5f8b8438 100644
--- a/tracking_denials/hal_neuralnetworks_armnn.te
+++ b/tracking_denials/hal_neuralnetworks_armnn.te
@@ -1,2 +1,7 @@
 # b/260366177
 dontaudit hal_neuralnetworks_armnn system_data_file:dir { search };
+# b/260768359
+dontaudit hal_neuralnetworks_armnn default_prop:file { getattr };
+dontaudit hal_neuralnetworks_armnn default_prop:file { map };
+dontaudit hal_neuralnetworks_armnn default_prop:file { open };
+dontaudit hal_neuralnetworks_armnn default_prop:file { read };
diff --git a/tracking_denials/hal_nfc_default.te b/tracking_denials/hal_nfc_default.te
new file mode 100644
index 00000000..eecee98a
--- /dev/null
+++ b/tracking_denials/hal_nfc_default.te
@@ -0,0 +1,5 @@
+# b/260769165
+dontaudit hal_nfc_default vendor_nfc_prop:file { getattr };
+dontaudit hal_nfc_default vendor_nfc_prop:file { map };
+dontaudit hal_nfc_default vendor_nfc_prop:file { open };
+dontaudit hal_nfc_default vendor_nfc_prop:file { read };
diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te
index 1e14ea9a..b01c64be 100644
--- a/tracking_denials/hal_power_default.te
+++ b/tracking_denials/hal_power_default.te
@@ -8,3 +8,5 @@ dontaudit hal_power_default sysfs_display:file { write };
 dontaudit hal_power_default sysfs_fabric:file { open };
 dontaudit hal_power_default sysfs_fabric:file { write };
 dontaudit hal_power_default vendor_camera_prop:property_service { set };
+# b/260769063
+dontaudit hal_power_default hal_graphics_composer_default:binder { transfer };
diff --git a/tracking_denials/hal_power_stats_default.te b/tracking_denials/hal_power_stats_default.te
index ce658dc6..3a601722 100644
--- a/tracking_denials/hal_power_stats_default.te
+++ b/tracking_denials/hal_power_stats_default.te
@@ -2,3 +2,14 @@
 dontaudit hal_power_stats_default sysfs:file { getattr };
 dontaudit hal_power_stats_default sysfs:file { open };
 dontaudit hal_power_stats_default sysfs:file { read };
+# b/260768935
+dontaudit hal_power_stats_default powerstats_vendor_data_file:dir { search };
+dontaudit hal_power_stats_default sysfs_cpu:file { getattr };
+dontaudit hal_power_stats_default sysfs_cpu:file { open };
+dontaudit hal_power_stats_default sysfs_cpu:file { read };
+dontaudit hal_power_stats_default sysfs_iio_devices:dir { open };
+dontaudit hal_power_stats_default sysfs_iio_devices:dir { read };
+dontaudit hal_power_stats_default sysfs_iio_devices:dir { search };
+dontaudit hal_power_stats_default sysfs_leds:dir { search };
+dontaudit hal_power_stats_default sysfs_leds:file { open };
+dontaudit hal_power_stats_default sysfs_leds:file { read };
diff --git a/tracking_denials/logger_app.te b/tracking_denials/logger_app.te
index cd0e7255..77d5cc90 100644
--- a/tracking_denials/logger_app.te
+++ b/tracking_denials/logger_app.te
@@ -13,3 +13,10 @@ dontaudit logger_app vendor_modem_prop:file { getattr };
 dontaudit logger_app vendor_modem_prop:file { map };
 dontaudit logger_app vendor_modem_prop:file { open };
 dontaudit logger_app vendor_modem_prop:file { read };
+# b/260769144
+dontaudit logger_app radio_vendor_data_file:dir { add_name };
+dontaudit logger_app radio_vendor_data_file:dir { remove_name };
+dontaudit logger_app radio_vendor_data_file:dir { write };
+dontaudit logger_app radio_vendor_data_file:file { create };
+dontaudit logger_app radio_vendor_data_file:file { unlink };
+dontaudit logger_app radio_vendor_data_file:file { write open };
diff --git a/tracking_denials/platform_app.te b/tracking_denials/platform_app.te
new file mode 100644
index 00000000..327822ad
--- /dev/null
+++ b/tracking_denials/platform_app.te
@@ -0,0 +1,2 @@
+# b/260768402
+dontaudit platform_app default_android_service:service_manager { find };
diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te
index f57e3d0e..86f04c9c 100644
--- a/tracking_denials/priv_app.te
+++ b/tracking_denials/priv_app.te
@@ -7,3 +7,6 @@ dontaudit priv_app vendor_default_prop:file { open };
 # b/260522282
 dontaudit priv_app privapp_data_file:file { open };
 dontaudit priv_app privapp_data_file:file { setattr };
+# b/260768358
+dontaudit priv_app default_android_service:service_manager { find };
+dontaudit priv_app euiccpixel_app:binder { transfer };
diff --git a/tracking_denials/secure_element.te b/tracking_denials/secure_element.te
new file mode 100644
index 00000000..1edd5210
--- /dev/null
+++ b/tracking_denials/secure_element.te
@@ -0,0 +1,2 @@
+# b/260768672
+dontaudit secure_element euiccpixel_app:binder { transfer };
diff --git a/tracking_denials/system_app.te b/tracking_denials/system_app.te
index 753939a1..a80647c6 100644
--- a/tracking_denials/system_app.te
+++ b/tracking_denials/system_app.te
@@ -1,3 +1,6 @@
 # b/260363384
 dontaudit system_app hal_wlc:binder { call };
 dontaudit system_app hal_wlc_hwservice:hwservice_manager { find };
+# b/260768379
+dontaudit system_app default_android_service:service_manager { find };
+dontaudit system_app vendor_default_prop:file { open };
diff --git a/tracking_denials/zygote.te b/tracking_denials/zygote.te
index 5f0aae76..fae90907 100644
--- a/tracking_denials/zygote.te
+++ b/tracking_denials/zygote.te
@@ -1,2 +1,8 @@
 # b/260522203
 dontaudit zygote euiccpixel_app:process { dyntransition };
+# b/260768740
+dontaudit zygote vendor_file:file { execute };
+dontaudit zygote vendor_file:file { getattr };
+dontaudit zygote vendor_file:file { map };
+dontaudit zygote vendor_file:file { open };
+dontaudit zygote vendor_file:file { read };