From 1e31efbc3a85f5b285b4168a0e07dc0e9f9eb285 Mon Sep 17 00:00:00 2001
From: Allen Xu <xalle@google.com>
Date: Fri, 5 Jan 2024 22:59:42 +0000
Subject: [PATCH] Update sepolicy for ConnectivityMonitor

Bug: 307468771
Test: v2/pixel-health-guard/device-boot-health-check-extra
Change-Id: I08caf6a8e48118151df72ad883490551af0c464c
---
 tracking_denials/con_monitor_app.te | 14 --------------
 vendor/con_monitor_app.te           |  8 ++++++++
 2 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te
index cd49788..e69de29 100644
--- a/tracking_denials/con_monitor_app.te
+++ b/tracking_denials/con_monitor_app.te
@@ -1,14 +0,0 @@
-# b/307468771
-userdebug_or_eng(`
-  permissive con_monitor_app;
-')# b/308381432
-dontaudit con_monitor_app activity_service:service_manager { find };
-dontaudit con_monitor_app content_capture_service:service_manager { find };
-dontaudit con_monitor_app game_service:service_manager { find };
-dontaudit con_monitor_app netstats_service:service_manager { find };
-# b/309732305
-dontaudit con_monitor_app batterystats_service:service_manager { find };
-dontaudit con_monitor_app init:unix_stream_socket { connectto };
-dontaudit con_monitor_app property_socket:sock_file { write };
-dontaudit con_monitor_app radio_prop:property_service { set };
-dontaudit con_monitor_app virtual_device_service:service_manager { find };
diff --git a/vendor/con_monitor_app.te b/vendor/con_monitor_app.te
index 814c5e8..2fffbb5 100644
--- a/vendor/con_monitor_app.te
+++ b/vendor/con_monitor_app.te
@@ -1,3 +1,11 @@
 # ConnectivityMonitor app
 type con_monitor_app, domain;
 app_domain(con_monitor_app);
+
+allow con_monitor_app app_api_service:service_manager find;
+allow con_monitor_app batterystats_service:service_manager find;
+allow con_monitor_app virtual_device_service:service_manager find;
+
+binder_call(con_monitor_app, servicemanager);
+
+set_prop(con_monitor_app, radio_prop);