[automerger skipped] Merge "Move coredomain seapp ctx and types to system_ext" into main am: 11a443f3f2 -s ours am: b0da3e388d -s ours am: bc069c8249 -s ours am: 6d0480d3f8 -s ours am: 2787c32dcc -s ours
am skip reason: Merged-In I48441749de4eb1de90ce5a307b1d47ae3cb9592d with SHA-1 3770a8a19c is already in history
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2752329
Change-Id: I533006b40e96b2d1d7cc8bff0591e2c33e0542e0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/oriole/euiccpixel_app.te b/oriole/euiccpixel_app.te
new file mode 100644
index 0000000..5472658
--- /dev/null
+++ b/oriole/euiccpixel_app.te
@@ -0,0 +1,6 @@
+# EuiccSupportPixel app
+
+userdebug_or_eng(`
+ allow euiccpixel_app sysfs_touch:dir search;
+')
+
diff --git a/oriole/grilservice_app.te b/oriole/grilservice_app.te
index c5b6146..ad0a779 100644
--- a/oriole/grilservice_app.te
+++ b/oriole/grilservice_app.te
@@ -1,2 +1 @@
allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;
-
diff --git a/raven/euiccpixel_app.te b/raven/euiccpixel_app.te
new file mode 100644
index 0000000..5472658
--- /dev/null
+++ b/raven/euiccpixel_app.te
@@ -0,0 +1,6 @@
+# EuiccSupportPixel app
+
+userdebug_or_eng(`
+ allow euiccpixel_app sysfs_touch:dir search;
+')
+
diff --git a/raven/grilservice_app.te b/raven/grilservice_app.te
index c5b6146..ad0a779 100644
--- a/raven/grilservice_app.te
+++ b/raven/grilservice_app.te
@@ -1,2 +1 @@
allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;
-
diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index b50d3d0..817374a 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -1,11 +1,3 @@
-dump_stm sysfs_spi dir b/277989397
-hal_camera_default boot_status_prop file b/275002227
-hal_camera_default edgetpu_app_service service_manager b/275002227
-hal_drm_default default_prop file b/232714489
hal_power_default hal_power_default capability b/240632824
-incidentd debugfs_wakeup_sources file b/238263568
-incidentd incidentd anon_inode b/268146971
-rfsd vendor_rild_prop property_service b/269218654
-su modem_img_file filesystem b/238825802
-system_server system_userdir_file dir b/281814691
-system_suspend sysfs_aoc dir b/291237382
+incidentd debugfs_wakeup_sources file b/282626428
+incidentd incidentd anon_inode b/282626428
diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te
index 6025bd5..9d082cb 100644
--- a/tracking_denials/dumpstate.te
+++ b/tracking_denials/dumpstate.te
@@ -1,4 +1,2 @@
# b/277155042
-dontaudit dumpstate app_zygote:process { signal };
-dontaudit dumpstate default_android_service:service_manager { find };
dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find };
diff --git a/tracking_denials/hal_drm_widevine.te b/tracking_denials/hal_drm_widevine.te
deleted file mode 100644
index 01581ca..0000000
--- a/tracking_denials/hal_drm_widevine.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# b/223502652
-dontaudit hal_drm_widevine vndbinder_device:chr_file { read };
-# b/232714489
-dontaudit hal_drm_widevine default_prop:file { read };
diff --git a/tracking_denials/hal_dumpstate_default.te b/tracking_denials/hal_dumpstate_default.te
deleted file mode 100644
index dbcd88e..0000000
--- a/tracking_denials/hal_dumpstate_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/277989067
-dontaudit hal_dumpstate_default vendor_shell_exec:file { execute_no_trans };
diff --git a/tracking_denials/surfaceflinger.te b/tracking_denials/surfaceflinger.te
deleted file mode 100644
index 2db24d7..0000000
--- a/tracking_denials/surfaceflinger.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/176868297
-dontaudit surfaceflinger hal_graphics_composer_default:dir search ;
diff --git a/tracking_denials/untrusted_app.te b/tracking_denials/untrusted_app.te
deleted file mode 100644
index 9b098f8..0000000
--- a/tracking_denials/untrusted_app.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# b/184593993
-dontaudit untrusted_app vendor_camera_prop:file { read };
-dontaudit untrusted_app vendor_camera_prop:file { read };
-dontaudit untrusted_app vendor_camera_prop:file { read };
diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index 8eec86a..a1baa85 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -125,8 +125,6 @@
# Chosen
type sysfs_chosen, sysfs_type, fs_type;
-type sysfs_spi, sysfs_type, fs_type;
-
# Battery
type persist_battery_file, file_type, vendor_persist_type;
diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts
index 59e5b2f..8f31f09 100644
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@@ -75,6 +75,17 @@
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-7/7-0057/chg_stats u:object_r:sysfs_pca:s0
genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-8/8-0057/chg_stats u:object_r:sysfs_pca:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-0/0-003c u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-1/1-003c u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/2-003c u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/3-003c u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/4-003c u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/5-003c u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/6-003c u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/7-003c u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/8-003c u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-9/9-003c u:object_r:sysfs_wlc:s0
+
# Storage
genfscon proc /fs/f2fs u:object_r:proc_f2fs:s0
genfscon proc /sys/vm/swappiness u:object_r:proc_dirty:s0
@@ -271,6 +282,7 @@
genfscon sysfs /devices/platform/19000000.aoc/com.google.usf/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/19000000.aoc/com.google.usf.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/19000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.0.auto/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-0/i2c-s2mpg10mfd/s2mpg10-rtc/wakeup u:object_r:sysfs_wakeup:s0
@@ -589,8 +601,6 @@
# ACPM
genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0
-genfscon sysfs /devices/platform/10d40000.spi/spi_master u:object_r:sysfs_spi:s0
-
# CPU
genfscon sysfs /devices/platform/1c500000.mali/time_in_state u:object_r:sysfs_cpu:s0
genfscon sysfs /devices/platform/1c500000.mali/uid_time_in_state u:object_r:sysfs_cpu:s0
diff --git a/whitechapel/vendor/google/hal_usb_impl.te b/whitechapel/vendor/google/hal_usb_impl.te
index 97ec1c7..cd2cbf8 100644
--- a/whitechapel/vendor/google/hal_usb_impl.te
+++ b/whitechapel/vendor/google/hal_usb_impl.te
@@ -26,3 +26,7 @@
# For checking contaminant detection status
get_prop(hal_usb_impl, vendor_usb_config_prop);
+
+# For monitoring usb sysfs attributes
+allow hal_usb_impl sysfs_wakeup:dir search;
+allow hal_usb_impl sysfs_wakeup:file r_file_perms;
diff --git a/whitechapel/vendor/google/hal_wireless_charger.te b/whitechapel/vendor/google/hal_wireless_charger.te
index 04b3e5e..8d6c011 100644
--- a/whitechapel/vendor/google/hal_wireless_charger.te
+++ b/whitechapel/vendor/google/hal_wireless_charger.te
@@ -1,2 +1,7 @@
type hal_wireless_charger, domain;
type hal_wireless_charger_exec, exec_type, vendor_file_type, file_type;
+
+r_dir_file(hal_wireless_charger, sysfs_wlc)
+
+allow hal_wireless_charger sysfs_wlc:dir search;
+allow hal_wireless_charger sysfs_wlc:file rw_file_perms;
diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te
index 34f17a7..934e13a 100644
--- a/whitechapel/vendor/google/property.te
+++ b/whitechapel/vendor/google/property.te
@@ -57,6 +57,3 @@
# Mali Integration
vendor_restricted_prop(vendor_arm_runtime_option_prop)
-
-# ArmNN configuration
-vendor_internal_prop(vendor_armnn_config_prop)
diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts
index 17e9af5..4c01239 100644
--- a/whitechapel/vendor/google/property_contexts
+++ b/whitechapel/vendor/google/property_contexts
@@ -101,6 +101,3 @@
# Mali GPU driver configuration and debug options
vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix
-
-# ArmNN configuration
-ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix
diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te
index 43e2056..5ff78d4 100644
--- a/whitechapel/vendor/google/vendor_init.te
+++ b/whitechapel/vendor/google/vendor_init.te
@@ -46,6 +46,3 @@
# Mali
set_prop(vendor_init, vendor_arm_runtime_option_prop)
-
-# ArmNN
-set_prop(vendor_init, vendor_armnn_config_prop)