Merge tag 'android-15.0.0_r32' of https://android.googlesource.com/device/google/gs101-sepolicy into HEAD
Android 15.0.0 Release 32 (BP1A.250505.005)
Change-Id: Iee3b4ff7be2b0ba0c06252eb3cf610d298596bb9
# -----BEGIN PGP SIGNATURE-----
#
# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCaBqG7QAKCRDorT+BmrEO
# eAqpAJ4nA7ilH8pboRFLQfnbfGiKpBVePwCgh65yzTAzEQ3dmZyUaQk047JOR5k=
# =pHTQ
# -----END PGP SIGNATURE-----
# gpg: Signature faite le mar 06 mai 2025 18:02:21 EDT
# gpg: avec la clef DSA 4340D13570EF945E83810964E8AD3F819AB10E78
# gpg: Impossible de vérifier la signature : Pas de clef publique
diff --git a/gs101-sepolicy.mk b/gs101-sepolicy.mk
index 227479c..22b588c 100644
--- a/gs101-sepolicy.mk
+++ b/gs101-sepolicy.mk
@@ -7,7 +7,7 @@
BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/connectivity_thermal_power_manager
# sepolicy that are shared among devices using whitechapel
-BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/whitechapel/vendor/google
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs101-sepolicy/whitechapel/vendor/google
# unresolved SELinux error log with bug tracking
BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/tracking_denials
diff --git a/tracking_denials/bluetooth.te b/tracking_denials/bluetooth.te
new file mode 100644
index 0000000..fa48fcb
--- /dev/null
+++ b/tracking_denials/bluetooth.te
@@ -0,0 +1,2 @@
+# b/382362462
+dontaudit bluetooth default_android_service:service_manager { find };
diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index 0f17944..2574e7c 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -1,18 +1,30 @@
battery_mitigation sysfs file b/364446534
+bluetooth audio_config_prop file b/379226761
+bluetooth audio_config_prop file b/379245675
chre vendor_data_file dir b/301948771
dump_display sysfs file b/340722772
dump_modem sscoredump_vendor_data_coredump_file dir b/366115873
dump_modem sscoredump_vendor_data_logcat_file dir b/366115873
+hal_camera_default aconfig_storage_metadata_file dir b/383013727
hal_power_default hal_power_default capability b/240632824
hal_sensors_default sysfs file b/340723303
-hal_vibrator_default default_android_service service_manager b/317316478
incidentd debugfs_wakeup_sources file b/282626428
incidentd incidentd anon_inode b/282626428
+init init capability b/379591559
kernel dm_device blk_file b/315907959
kernel kernel capability b/340722537
kernel kernel capability b/340723030
kernel tmpfs chr_file b/315907959
+modem_svc_sit hal_radioext_default process b/372348067
+pixelstats_vendor block_device dir b/369537606
+pixelstats_vendor block_device dir b/369735407
+platform_app vendor_fw_file dir b/372122654
+platform_app vendor_rild_prop file b/372122654
+priv_app audio_config_prop file b/379226710
+priv_app audio_config_prop file b/379246066
+radio audio_config_prop file b/379227275
+ramdump ramdump capability b/369538457
rfsd vendor_cbd_prop file b/317734418
shell sysfs_net file b/329380904
ssr_detector_app default_prop file b/350831964
@@ -20,13 +32,19 @@
system_server vendor_default_prop file b/366115457
system_server vendor_default_prop file b/366116435
system_server vendor_default_prop file b/366116587
+untrusted_app audio_config_prop file b/379226644
+untrusted_app audio_config_prop file b/379246340
untrusted_app nativetest_data_file dir b/305600845
untrusted_app shell_test_data_file dir b/305600845
untrusted_app system_data_root_file dir b/305600845
untrusted_app userdebug_or_eng_prop file b/305600845
+untrusted_app_29 audio_config_prop file b/379246143
vendor_init debugfs_trace_marker file b/340723222
vendor_init default_prop file b/315104713
vendor_init default_prop file b/316817111
vendor_init default_prop property_service b/315104713
vendor_init default_prop property_service b/366115458
vendor_init default_prop property_service b/366116214
+vendor_init default_prop property_service b/369735133
+vendor_init default_prop property_service b/369735170
+zygote zygote capability b/379591519
diff --git a/whitechapel/vendor/google/dump_power.te b/whitechapel/vendor/google/dump_power.te
index d745b20..cf7c14e 100644
--- a/whitechapel/vendor/google/dump_power.te
+++ b/whitechapel/vendor/google/dump_power.te
@@ -13,3 +13,12 @@
allow dump_power mitigation_vendor_data_file:file r_file_perms;
allow dump_power sysfs_bcl:dir r_dir_perms;
allow dump_power sysfs_bcl:file r_file_perms;
+
+userdebug_or_eng(`
+ r_dir_file(dump_power, vendor_battery_debugfs)
+ r_dir_file(dump_power, vendor_maxfg_debugfs)
+ r_dir_file(dump_power, vendor_charger_debugfs)
+ r_dir_file(dump_power, vendor_votable_debugfs)
+ allow dump_power debugfs:dir r_dir_perms;
+ allow dump_power vendor_usb_debugfs:dir { search };
+')
diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index 150c575..9daa96a 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -167,7 +167,7 @@
/vendor/lib(64)?/libGralloc4Wrapper\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/pixel-power-ext-V1-ndk\.so u:object_r:same_process_hal_file:s0
-/dev/stmvl53l1_ranging u:object_r:rls_device:s0
+/dev/ispolin_ranging u:object_r:rls_device:s0
/dev/lwis-act0 u:object_r:lwis_device:s0
/dev/lwis-act1 u:object_r:lwis_device:s0
@@ -245,8 +245,7 @@
# TCP logging
/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0
-# modem_svc_sit files
-/vendor/bin/modem_svc_sit u:object_r:modem_svc_sit_exec:s0
+# shared_modem_platform files
/data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0
# modem mnt files
diff --git a/whitechapel/vendor/google/hwservice_contexts b/whitechapel/vendor/google/hwservice_contexts
index baf720b..577a678 100644
--- a/whitechapel/vendor/google/hwservice_contexts
+++ b/whitechapel/vendor/google/hwservice_contexts
@@ -11,7 +11,6 @@
vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal u:object_r:hal_exynos_rild_hwservice:s0
# VIDEO
-android.hardware.media.c2::IComponentStore u:object_r:hal_codec2_hwservice:s0
android.hardware.media.c2::IConfigurable u:object_r:hal_codec2_hwservice:s0
# GRIL HAL
diff --git a/whitechapel/vendor/google/modem_svc_sit.te b/whitechapel/vendor/google/modem_svc_sit.te
index 8e4ac3d..467e879 100644
--- a/whitechapel/vendor/google/modem_svc_sit.te
+++ b/whitechapel/vendor/google/modem_svc_sit.te
@@ -1,3 +1,4 @@
+# Selinux rule for modem_svc_sit daemon
type modem_svc_sit, domain;
type modem_svc_sit_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(modem_svc_sit)
diff --git a/whitechapel/vendor/google/service_contexts b/whitechapel/vendor/google/service_contexts
index 2536252..074dedf 100644
--- a/whitechapel/vendor/google/service_contexts
+++ b/whitechapel/vendor/google/service_contexts
@@ -3,4 +3,3 @@
android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0
vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0
rlsservice u:object_r:rls_service:s0
-android.hardware.media.c2.IComponentStore/default1 u:object_r:hal_codec2_service:s0