From 3d57d2da26c487a7ba8a096cee5e08a598f2992e Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Mon, 18 Dec 2023 04:30:35 +0000
Subject: [PATCH] Enforce vendor_init and allow tee and display access

Fix: 307468733
Fix: 308381748
Fix: 312372803
Test: make selinux_policy
Change-Id: Ic9c987e34bf8337e9a743371a00fd910442fab10
---
 tracking_denials/vendor_init.te | 8 --------
 vendor/vendor_init.te           | 3 ++-
 2 files changed, 2 insertions(+), 9 deletions(-)
 delete mode 100644 tracking_denials/vendor_init.te

diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te
deleted file mode 100644
index ff8d2b9..0000000
--- a/tracking_denials/vendor_init.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# b/307468733
-userdebug_or_eng(`
-  permissive vendor_init;
-')# b/308381748
-dontaudit vendor_init debugfs_trace_marker:file { getattr };
-dontaudit vendor_init default_prop:property_service { set };
-# b/312372803
-dontaudit vendor_init tee_data_file:lnk_file { read };
diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te
index 8bb8ad3..a732da8 100644
--- a/vendor/vendor_init.te
+++ b/vendor/vendor_init.te
@@ -1,3 +1,4 @@
 # USB property
 set_prop(vendor_init, vendor_usb_config_prop)
-
+set_prop(vendor_init, vendor_display_prop)
+allow vendor_init tee_data_file:lnk_file read;