Merge "Remove legacy tracking_denials" into main

2023-09-04 07:07:27 +00:00 · 2023-09-04 07:07:27 +00:00 · 25a9b1808b
commit 25a9b1808b
parent 863d41f6c6 eac7ac91c3
13 changed files with 4 additions and 76 deletions
--- a/tracking_denials/con_monitor_app.te
+++ b/tracking_denials/con_monitor_app.te
@ -1,36 +0,0 @@
-# b/261518779
-dontaudit con_monitor_app activity_service:service_manager { find };
-dontaudit con_monitor_app content_capture_service:service_manager { find };
-dontaudit con_monitor_app game_service:service_manager { find };
-dontaudit con_monitor_app netstats_service:service_manager { find };
-dontaudit con_monitor_app system_server:binder { call };
-dontaudit con_monitor_app system_server:binder { transfer };
-dontaudit con_monitor_app system_server:fd { use };
-# b/261783158
-dontaudit con_monitor_app system_file:file { getattr };
-dontaudit con_monitor_app system_file:file { map };
-dontaudit con_monitor_app system_file:file { open };
-dontaudit con_monitor_app system_file:file { read };
-dontaudit con_monitor_app tmpfs:file { execute };
-dontaudit con_monitor_app tmpfs:file { map };
-dontaudit con_monitor_app tmpfs:file { read };
-dontaudit con_monitor_app tmpfs:file { write };
-# b/261933171
-dontaudit con_monitor_app dumpstate:fd { use };
-dontaudit con_monitor_app dumpstate:fifo_file { append };
-dontaudit con_monitor_app dumpstate:fifo_file { write };
-dontaudit con_monitor_app system_server:fifo_file { write };
-dontaudit con_monitor_app tombstoned:unix_stream_socket { connectto };
-dontaudit con_monitor_app tombstoned_java_trace_socket:sock_file { write };
-# b/262455571
-dontaudit con_monitor_app data_file_type:dir { search };
-dontaudit con_monitor_app servicemanager:binder { call };
-dontaudit con_monitor_app statsd:unix_dgram_socket { sendto };
-dontaudit con_monitor_app statsdw_socket:sock_file { write };
-dontaudit con_monitor_app system_file:file { execute };
-# b/264489520
-userdebug_or_eng(`
-  permissive con_monitor_app;
-')
-# b/267843291
-dontaudit con_monitor_app resourcecache_data_file:file { read };
--- a/tracking_denials/dumpstate.te
+++ b/tracking_denials/dumpstate.te
@ -1,2 +0,0 @@
-# b/277155496
-dontaudit dumpstate default_android_service:service_manager { find };
--- a/tracking_denials/fastbootd.te
+++ b/tracking_denials/fastbootd.te
@ -1,4 +0,0 @@
-# b/264489957
-userdebug_or_eng(`
-  permissive fastbootd;
-')
--- a/tracking_denials/hal_sensors_default.te
+++ b/tracking_denials/hal_sensors_default.te
@ -1,3 +0,0 @@
-# b/267260619
-dontaudit hal_sensors_default dumpstate:fd { use };
-dontaudit hal_sensors_default dumpstate:fifo_file { write };
--- a/tracking_denials/hal_usb_impl.te
+++ b/tracking_denials/hal_usb_impl.te
@ -1,2 +0,0 @@
-# b/267261163
-dontaudit hal_usb_impl dumpstate:fd { use };
--- a/tracking_denials/incidentd.te
+++ b/tracking_denials/incidentd.te
@ -1,3 +0,0 @@
-# b/261933310
-dontaudit incidentd debugfs_wakeup_sources:file { open };
-dontaudit incidentd debugfs_wakeup_sources:file { read };
--- a/tracking_denials/kernel.te
+++ b/tracking_denials/kernel.te
@ -1,7 +0,0 @@
-# b/262794429
-dontaudit kernel sepolicy_file:file { getattr };
-dontaudit kernel system_bootstrap_lib_file:dir { getattr };
-dontaudit kernel system_bootstrap_lib_file:file { getattr };
-dontaudit kernel system_dlkm_file:dir { getattr };
-# b/263185161
-dontaudit kernel kernel:capability { net_bind_service };
--- a/tracking_denials/permissive.te
+++ b/tracking_denials/permissive.te
@ -14,4 +14,8 @@ userdebug_or_eng(`
    permissive kernel;
    permissive hal_power_default;
    permissive servicemanager;
+    permissive con_monitor_app;
+    permissive systemui_app;
+    permissive ssr_detector_app;
+    permissive fastbootd;
 ')
--- a/tracking_denials/rebalance_interrupts_vendor.te
+++ b/tracking_denials/rebalance_interrupts_vendor.te
@ -1,2 +0,0 @@
-# b/260366278
-dontaudit rebalance_interrupts_vendor rebalance_interrupts_vendor:capability { dac_override };
--- a/tracking_denials/ssr_detector_app.te
+++ b/tracking_denials/ssr_detector_app.te
@ -1,6 +0,0 @@
-# b/261651131
-dontaudit ssr_detector_app system_app_data_file:file { open };
-# b/264489567
-userdebug_or_eng(`
-  permissive ssr_detector_app;
-')
--- a/tracking_denials/systemui_app.te
+++ b/tracking_denials/systemui_app.te
@ -1,6 +0,0 @@
-# b/272628396
-#dontaudit systemui_app service_manager_type:service_manager find;
-# b/294300348
-userdebug_or_eng(`
-    permissive systemui_app;
-')
--- a/tracking_denials/update_engine.te
+++ b/tracking_denials/update_engine.te
@ -1,2 +0,0 @@
-# b/267261048
-dontaudit update_engine dumpstate:fd { use };
--- a/tracking_denials/vendor_init.te
+++ b/tracking_denials/vendor_init.te
@ -1,3 +0,0 @@
-# b/260366195
-dontaudit vendor_init debugfs_trace_marker:file { getattr };
-dontaudit vendor_init vendor_init:capability2 { block_suspend };