Merge "gs101-sepolicy: Fix avc denial for sysfs_vendor_sched" into sc-dev

commit: a501b656dd263cd47d5d03eaab1ae62fc050b180 [log] [tgz]
author: TreeHugger Robot <treehugger-gerrit@google.com> Thu Jun 10 07:20:58 2021 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Thu Jun 10 07:20:58 2021 +0000
tree: 3a9b02eb2862ccee8b024345f93be5d2bed3464d
parent: a81732dd6fe657253f0df53f35de9fd0ac3f94f2 [diff]
parent: 797b646234dc1d97fd15cb263342d7bc0971d0b1 [diff]
diff --git a/gs101-sepolicy.mk b/gs101-sepolicy.mk
index ffe102f..989bb70 100644
--- a/gs101-sepolicy.mk
+++ b/gs101-sepolicy.mk

@@ -37,3 +37,6 @@
 
 # Wifi Logger
 BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/wifi_logger
+
+# Public
+PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs101-sepolicy/public

diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
new file mode 100644
index 0000000..9d50844
--- /dev/null
+++ b/private/mediaprovider_app.te

@@ -0,0 +1,2 @@
+dontaudit mediaprovider_app sysfs_vendor_sched:dir search;
+

diff --git a/public/file.te b/public/file.te
new file mode 100644
index 0000000..4c15c47
--- /dev/null
+++ b/public/file.te

@@ -0,0 +1,7 @@
+# Vendor sched files
+type sysfs_vendor_sched, sysfs_type, fs_type;
+userdebug_or_eng(`
+    typeattribute sysfs_vendor_sched mlstrustedobject;
+')
+type proc_vendor_sched, proc_type, fs_type;
+

diff --git a/tracking_denials/bluetooth.te b/tracking_denials/bluetooth.te
deleted file mode 100644
index ff6d7f9..0000000
--- a/tracking_denials/bluetooth.te
+++ /dev/null

@@ -1,2 +0,0 @@
-# b/190563916
-dontaudit bluetooth sysfs_vendor_sched:dir search;

diff --git a/whitechapel/vendor/google/bluetooth.te b/whitechapel/vendor/google/bluetooth.te
new file mode 100644
index 0000000..b246eca
--- /dev/null
+++ b/whitechapel/vendor/google/bluetooth.te

@@ -0,0 +1,3 @@
+allow bluetooth sysfs_vendor_sched:dir search;
+allow bluetooth sysfs_vendor_sched:file w_file_perms;
+

diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index e0a05a5..55d1f16 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te

@@ -134,13 +134,6 @@
 type vendor_camera_data_file, file_type, data_file_type;
 type sysfs_camera, sysfs_type, fs_type;
 
-# Vendor sched files
-type sysfs_vendor_sched, sysfs_type, fs_type;
-userdebug_or_eng(`
-    typeattribute sysfs_vendor_sched mlstrustedobject;
-')
-type proc_vendor_sched, proc_type, fs_type;
-
 # GPS
 type vendor_gps_file, file_type, data_file_type;
 userdebug_or_eng(`
commit	a501b656dd263cd47d5d03eaab1ae62fc050b180	[log] [tgz]
author	TreeHugger Robot <treehugger-gerrit@google.com>	Thu Jun 10 07:20:58 2021 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Thu Jun 10 07:20:58 2021 +0000
tree	3a9b02eb2862ccee8b024345f93be5d2bed3464d
parent	a81732dd6fe657253f0df53f35de9fd0ac3f94f2 [diff]
parent	797b646234dc1d97fd15cb263342d7bc0971d0b1 [diff]