diff --git a/microdroid/system/public/te_macros b/microdroid/system/public/te_macros
index b274417..d68c5ed 100644
--- a/microdroid/system/public/te_macros
+++ b/microdroid/system/public/te_macros
@@ -618,16 +618,6 @@
 ')
 
 ###########################################
-# use_drmservice(domain)
-# Ability to use DrmService which requires
-# DrmService to call getpidcon.
-define(`use_drmservice', `
-  allow drmserver $1:dir search;
-  allow drmserver $1:file { read open };
-  allow drmserver $1:process getattr;
-')
-
-###########################################
 # add_service(domain, service)
 # Ability for domain to add a service to service_manager
 # and find it. It also creates a neverallow preventing
diff --git a/prebuilts/api/202504/202504_general_sepolicy.conf b/prebuilts/api/202504/202504_general_sepolicy.conf
index 33ca1ac..be3c5f9 100644
--- a/prebuilts/api/202504/202504_general_sepolicy.conf
+++ b/prebuilts/api/202504/202504_general_sepolicy.conf
@@ -3602,55 +3602,55 @@
 #####################################
 # binder_use(domain)
 # Allow domain to use Binder IPC.
-#line 429
+#line 425
 
 
 #####################################
 # hwbinder_use(domain)
 # Allow domain to use HwBinder IPC.
-#line 445
+#line 437
 
 
 #####################################
 # vndbinder_use(domain)
 # Allow domain to use Binder IPC.
-#line 459
+#line 447
 
 
 #####################################
 # binder_call(clientdomain, serverdomain)
 # Allow clientdomain to perform binder IPC to serverdomain.
-#line 471
+#line 459
 
 
 #####################################
 # binder_service(domain)
 # Deprecated. Consider granting the exact permissions required by your service.
-#line 478
+#line 466
 
 
 #####################################
 # wakelock_use(domain)
 # Allow domain to manage wake locks
-#line 500
+#line 488
 
 
 #####################################
 # selinux_check_access(domain)
 # Allow domain to check SELinux permissions via selinuxfs.
-#line 510
+#line 498
 
 
 #####################################
 # selinux_check_context(domain)
 # Allow domain to check SELinux contexts via selinuxfs.
-#line 519
+#line 507
 
 
 #####################################
 # create_pty(domain)
 # Allow domain to create and use a pty, isolated from any other domain ptys.
-#line 538
+#line 526
 
 
 #####################################
@@ -3674,7 +3674,7 @@
 # Full TREBLE only
 # SELinux rules which apply only to full TREBLE devices
 #
-#line 566
+#line 554
 
 
 #####################################
@@ -3688,7 +3688,7 @@
 # SELinux rules which apply to devices that enable debugfs restrictions.
 # The keyword "cts" is used to insert markers to only CTS test the neverallows
 # added by the macro for S-launch devices and newer.
-#line 584
+#line 572
 
 
 #####################################
@@ -3700,7 +3700,7 @@
 # Compatible property only
 # SELinux rules which apply only to devices with compatible property
 #
-#line 600
+#line 588
 
 
 #####################################
@@ -3736,7 +3736,7 @@
 ####################################
 # Fallback crash handling for processes that can't exec crash_dump (e.g. because of seccomp).
 #
-#line 650
+#line 638
 
 
 #####################################
@@ -3749,48 +3749,39 @@
 # write_logd(domain)
 # Ability to write to android log
 # daemon via sockets
-#line 665
+#line 653
 
 
 #####################################
 # read_logd(domain)
 # Ability to run logcat and read from android
 # log daemon via sockets
-#line 674
+#line 662
 
 
 #####################################
 # read_runtime_log_tags(domain)
 # ability to directly map the runtime event log tags
-#line 681
+#line 669
 
 
 #####################################
 # control_logd(domain)
 # Ability to control
 # android log daemon via sockets
-#line 691
+#line 679
 
 
 #####################################
 # use_keystore(domain)
 # Ability to use keystore.
-# Keystore is requires the following permissions
-# to call getpidcon.
-#line 707
+#line 690
 
 
 #####################################
 # use_credstore(domain)
 # Ability to use credstore.
-#line 719
-
-
-###########################################
-# use_drmservice(domain)
-# Ability to use DrmService which requires
-# DrmService to call getpidcon.
-#line 729
+#line 699
 
 
 ###########################################
@@ -3798,7 +3789,7 @@
 # Ability for domain to add a service to service_manager
 # and find it. It also creates a neverallow preventing
 # others from adding it.
-#line 745
+#line 715
 
 
 ###########################################
@@ -3806,7 +3797,7 @@
 # Ability for domain to add a service to hwservice_manager
 # and find it. It also creates a neverallow preventing
 # others from adding it.
-#line 756
+#line 726
 
 
 ###########################################
@@ -3816,7 +3807,7 @@
 # others from adding it.
 #
 # Used to pair hal_foo_client with hal_foo_hwservice
-#line 775
+#line 745
 
 
 ###########################################
@@ -3826,33 +3817,33 @@
 # others from adding it.
 #
 # Used to pair hal_foo_client with hal_foo_service
-#line 803
+#line 773
 
 
 ###################################
 # can_profile_heap(domain)
 # Allow processes within the domain to have their heap profiled by central
 # heapprofd.
-#line 833
+#line 803
 
 
 ###################################
 # never_profile_heap(domain)
 # Opt out of heap profiling by heapprofd.
-#line 841
+#line 811
 
 
 ###################################
 # can_profile_perf(domain)
 # Allow processes within the domain to be profiled, and have their stacks
 # sampled, by traced_perf.
-#line 861
+#line 831
 
 
 ###################################
 # never_profile_perf(domain)
 # Opt out of profiling by traced_perf.
-#line 869
+#line 839
 
 
 ###################################
@@ -3861,14 +3852,14 @@
 # When applying this macro, you might need to also allow traced to use the
 # producer tmpfs domain, if the producer will be the one creating the shared
 # memory.
-#line 886
+#line 856
 
 
 ###########################################
 # dump_hal(hal_type)
 # Ability to dump the hal debug info
 #
-#line 896
+#line 866
 
 
 #####################################
@@ -3886,7 +3877,7 @@
 #
 # TODO(b/131162102): deprecate BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW
 #
-#line 918
+#line 888
 
 
 #####################################
@@ -3901,14 +3892,14 @@
 #
 # CTS uses these ules only for devices launching with S or later.
 #
-#line 937
+#line 907
 
 
 ###########################################
 # define_prop(name, owner, scope)
 # Define a property with given owner and scope
 #
-#line 945
+#line 915
 
 
 ###########################################
@@ -3917,7 +3908,7 @@
 # For devices launching with Q or eariler, this restriction can be relaxed with
 # BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
 #
-#line 958
+#line 928
 
 
 ###########################################
@@ -3926,7 +3917,7 @@
 # For devices launching with Q or eariler, this restriction can be relaxed with
 # BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
 #
-#line 971
+#line 941
 
 
 ###########################################
@@ -3941,7 +3932,7 @@
 # This is a macro for vendor-specific configuration properties which is meant
 # to be set once from vendor_init.
 #
-#line 989
+#line 959
 
 
 ###########################################
@@ -3950,7 +3941,7 @@
 # For devices launching with Q or eariler, this restriction can be relaxed with
 # BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
 #
-#line 1002
+#line 972
 
 
 ###########################################
@@ -3959,7 +3950,7 @@
 # For devices launching with Q or eariler, this restriction can be relaxed with
 # BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
 #
-#line 1015
+#line 985
 
 
 ###########################################
@@ -3974,7 +3965,7 @@
 # For devices launching with Q or eariler, this restriction can be relaxed with
 # BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
 #
-#line 1035
+#line 1005
 
 
 ###########################################
@@ -3983,7 +3974,7 @@
 # For devices launching with Q or eariler, this restriction can be relaxed with
 # BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
 #
-#line 1049
+#line 1019
 
 
 ###########################################
@@ -3996,25 +3987,25 @@
 # read_fstab(domain)
 # Ability to call ReadDefaultFstab() and ReadFstabFromFile().
 #
-#line 1065
+#line 1035
 
 
 ######################################
 # use_bootstrap_libs(domain)
 # Allow domain to use bootstrap bionic libraries in system/lib[64]/bootstrap
-#line 1073
+#line 1043
 
 
 ######################################
 # use_apex_info(domain)
 # Allow access to apex information
-#line 1082
+#line 1052
 
 
 ####################################
 # io_uring_use(domain)
 # Allow domain to create/use io_uring.
-#line 1100
+#line 1070
 
 #line 1 "system/sepolicy/public/ioctl_defines"
 
@@ -18058,14 +18049,6 @@
 #line 101
 allow servicemanager adbd:binder { call transfer };
 #line 101
-# servicemanager performs getpidcon on clients.
-#line 101
-allow servicemanager adbd:dir search;
-#line 101
-allow servicemanager adbd:file { read open };
-#line 101
-allow servicemanager adbd:process getattr;
-#line 101
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 101
 # all domains in domain.te.
@@ -18515,14 +18498,6 @@
 #line 5
 allow servicemanager apexd:binder { call transfer };
 #line 5
-# servicemanager performs getpidcon on clients.
-#line 5
-allow servicemanager apexd:dir search;
-#line 5
-allow servicemanager apexd:file { read open };
-#line 5
-allow servicemanager apexd:process getattr;
-#line 5
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 5
 # all domains in domain.te.
@@ -19351,12 +19326,6 @@
 
 
 #line 168
-  allow keystore { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:dir search;
-#line 168
-  allow keystore { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:file { read open };
-#line 168
-  allow keystore { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:process getattr;
-#line 168
   allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } apc_service:service_manager find;
 #line 168
   allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } keystore_service:service_manager find;
@@ -19399,12 +19368,6 @@
 
 
 #line 170
-  allow credstore { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:dir search;
-#line 170
-  allow credstore { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:file { read open };
-#line 170
-  allow credstore { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }:process getattr;
-#line 170
   allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all } credstore_service:service_manager find;
 #line 170
   
@@ -19700,30 +19663,21 @@
 allow { appdomain -isolated_app_all -mlstrustedsubject -sdk_sandbox_all } {
   app_data_file
   privapp_data_file
-  storage_area_content_file
+  
 }:dir { create reparent rename rmdir setattr { { open getattr read search ioctl lock watch watch_reads } { open search write add_name remove_name lock } } };
 allow { appdomain -isolated_app_all -mlstrustedsubject -sdk_sandbox_all } {
   app_data_file
   privapp_data_file
-  storage_area_content_file
+  
 }:file { create rename setattr unlink { { getattr open read ioctl lock map watch watch_reads } { open append write lock map } } };
 
-
-#line 260
-  # an app can read but cannot write to its own directory of storage areas
-#line 260
-  allow { appdomain -isolated_app_all -mlstrustedsubject -sdk_sandbox_all } storage_area_app_dir:dir { open getattr read search ioctl lock watch watch_reads };
-#line 260
-  # an app can write to its storage areas
-#line 260
-  allow { appdomain -isolated_app_all -mlstrustedsubject -sdk_sandbox_all } storage_area_dir:dir { { open getattr read search ioctl lock watch watch_reads } { open search write add_name remove_name lock } };
 #line 265
 
 
 allowxperm { appdomain -isolated_app_all -mlstrustedsubject -sdk_sandbox_all } {
   app_data_file
   privapp_data_file
-  storage_area_content_file
+  
 }:file ioctl 0x6686;
 
 # Access via already open fds is ok even for mlstrustedsubject.
@@ -19731,7 +19685,7 @@
   app_data_file
   privapp_data_file
   system_app_data_file
-  storage_area_content_file
+  
 }:file { getattr map read write };
 
 # Access open fds from SDK sandbox
@@ -19933,14 +19887,6 @@
 #line 399
 allow servicemanager appdomain:binder { call transfer };
 #line 399
-# servicemanager performs getpidcon on clients.
-#line 399
-allow servicemanager appdomain:dir search;
-#line 399
-allow servicemanager appdomain:file { read open };
-#line 399
-allow servicemanager appdomain:process getattr;
-#line 399
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 399
 # all domains in domain.te.
@@ -20485,23 +20431,6 @@
 neverallow appdomain system_font_fallback_file:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
 
 neverallow { appdomain -shell } tombstone_data_file:file ~{ getattr read };
-
-#line 805
-  # Files and directories that apps write to their storage areas
-#line 805
-  # should have type storage_area_content_file
-#line 805
-  type_transition {
-#line 805
-    appdomain
-#line 805
-    -isolated_app_all
-#line 805
-    -ephemeral_app
-#line 805
-    -sdk_sandbox_all
-#line 805
-  } storage_area_dir:{ { file lnk_file sock_file fifo_file } dir } storage_area_content_file;
 #line 814
 
 #line 1 "system/sepolicy/private/app_neverallows.te"
@@ -21009,29 +20938,9 @@
   -runas_app
 } { app_data_file privapp_data_file }:file execute_no_trans;
 
-
-#line 75
-  # block apps from executing files in their storage areas
-#line 75
-  # this is a stronger and more desirable guarantee than blocking execute_no_trans, but
-#line 75
-  # execute cannot be blocked on all of app_data_file without causing
-#line 75
-  # backwards compatibility issues (see b/237289679)
-#line 75
-  neverallow appdomain storage_area_content_file:file execute;
 #line 81
 
 
-
-#line 83
-     # dont allow apps to modify their own directories of storage areas
-#line 83
-    neverallow appdomain storage_area_app_dir:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } {
-#line 83
-        create write setattr relabelfrom relabelto append unlink link rename
-#line 83
-    };
 #line 88
 
 
@@ -21567,7 +21476,7 @@
   file_type
   -app_data_file            # The apps sandbox itself
   -privapp_data_file
-  -storage_area_content_file
+  
   -app_exec_data_file       # stored within the app sandbox directory
   -media_rw_data_file       # Internal storage. Known that apps can
                             # leave artfacts here after uninstall.
@@ -22857,14 +22766,6 @@
 #line 11
 allow servicemanager artd:binder { call transfer };
 #line 11
-# servicemanager performs getpidcon on clients.
-#line 11
-allow servicemanager artd:dir search;
-#line 11
-allow servicemanager artd:file { read open };
-#line 11
-allow servicemanager artd:process getattr;
-#line 11
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 11
 # all domains in domain.te.
@@ -23431,14 +23332,6 @@
 #line 46
 allow servicemanager atrace:binder { call transfer };
 #line 46
-# servicemanager performs getpidcon on clients.
-#line 46
-allow servicemanager atrace:dir search;
-#line 46
-allow servicemanager atrace:file { read open };
-#line 46
-allow servicemanager atrace:process getattr;
-#line 46
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 46
 # all domains in domain.te.
@@ -23576,14 +23469,6 @@
 #line 11
 allow servicemanager audioserver:binder { call transfer };
 #line 11
-# servicemanager performs getpidcon on clients.
-#line 11
-allow servicemanager audioserver:dir search;
-#line 11
-allow servicemanager audioserver:file { read open };
-#line 11
-allow servicemanager audioserver:process getattr;
-#line 11
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 11
 # all domains in domain.te.
@@ -23907,14 +23792,6 @@
 #line 90
 allow hwservicemanager audioserver:binder { call transfer };
 #line 90
-# hwservicemanager performs getpidcon on clients.
-#line 90
-allow hwservicemanager audioserver:dir search;
-#line 90
-allow hwservicemanager audioserver:file { read open map };
-#line 90
-allow hwservicemanager audioserver:process getattr;
-#line 90
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 90
 # all domains in domain.te.
@@ -23943,14 +23820,6 @@
 #line 90
 allow servicemanager audioserver:binder { call transfer };
 #line 90
-# servicemanager performs getpidcon on clients.
-#line 90
-allow servicemanager audioserver:dir search;
-#line 90
-allow servicemanager audioserver:file { read open };
-#line 90
-allow servicemanager audioserver:process getattr;
-#line 90
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 90
 # all domains in domain.te.
@@ -24118,14 +23987,6 @@
 #line 14
 allow servicemanager automotive_display_service:binder { call transfer };
 #line 14
-# servicemanager performs getpidcon on clients.
-#line 14
-allow servicemanager automotive_display_service:dir search;
-#line 14
-allow servicemanager automotive_display_service:file { read open };
-#line 14
-allow servicemanager automotive_display_service:process getattr;
-#line 14
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 14
 # all domains in domain.te.
@@ -24143,14 +24004,6 @@
 #line 17
 allow hwservicemanager automotive_display_service:binder { call transfer };
 #line 17
-# hwservicemanager performs getpidcon on clients.
-#line 17
-allow hwservicemanager automotive_display_service:dir search;
-#line 17
-allow hwservicemanager automotive_display_service:file { read open map };
-#line 17
-allow hwservicemanager automotive_display_service:process getattr;
-#line 17
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 17
 # all domains in domain.te.
@@ -24347,14 +24200,6 @@
 #line 8
 allow servicemanager bert_collector:binder { call transfer };
 #line 8
-# servicemanager performs getpidcon on clients.
-#line 8
-allow servicemanager bert_collector:dir search;
-#line 8
-allow servicemanager bert_collector:file { read open };
-#line 8
-allow servicemanager bert_collector:process getattr;
-#line 8
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 8
 # all domains in domain.te.
@@ -24403,12 +24248,6 @@
 
 
 #line 23
-  allow keystore binderservicedomain:dir search;
-#line 23
-  allow keystore binderservicedomain:file { read open };
-#line 23
-  allow keystore binderservicedomain:process getattr;
-#line 23
   allow binderservicedomain apc_service:service_manager find;
 #line 23
   allow binderservicedomain keystore_service:service_manager find;
@@ -24771,14 +24610,6 @@
 #line 14
 allow hwservicemanager bluetooth:binder { call transfer };
 #line 14
-# hwservicemanager performs getpidcon on clients.
-#line 14
-allow hwservicemanager bluetooth:dir search;
-#line 14
-allow hwservicemanager bluetooth:file { read open map };
-#line 14
-allow hwservicemanager bluetooth:process getattr;
-#line 14
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 14
 # all domains in domain.te.
@@ -24807,14 +24638,6 @@
 #line 14
 allow servicemanager bluetooth:binder { call transfer };
 #line 14
-# servicemanager performs getpidcon on clients.
-#line 14
-allow servicemanager bluetooth:dir search;
-#line 14
-allow servicemanager bluetooth:file { read open };
-#line 14
-allow servicemanager bluetooth:process getattr;
-#line 14
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 14
 # all domains in domain.te.
@@ -25306,14 +25129,6 @@
 #line 29
 allow servicemanager bootanim:binder { call transfer };
 #line 29
-# servicemanager performs getpidcon on clients.
-#line 29
-allow servicemanager bootanim:dir search;
-#line 29
-allow servicemanager bootanim:file { read open };
-#line 29
-allow servicemanager bootanim:process getattr;
-#line 29
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 29
 # all domains in domain.te.
@@ -25360,14 +25175,6 @@
 #line 33
 allow hwservicemanager bootanim:binder { call transfer };
 #line 33
-# hwservicemanager performs getpidcon on clients.
-#line 33
-allow hwservicemanager bootanim:dir search;
-#line 33
-allow hwservicemanager bootanim:file { read open map };
-#line 33
-allow hwservicemanager bootanim:process getattr;
-#line 33
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 33
 # all domains in domain.te.
@@ -26102,14 +25909,6 @@
 #line 11
 allow servicemanager cameraserver:binder { call transfer };
 #line 11
-# servicemanager performs getpidcon on clients.
-#line 11
-allow servicemanager cameraserver:dir search;
-#line 11
-allow servicemanager cameraserver:file { read open };
-#line 11
-allow servicemanager cameraserver:process getattr;
-#line 11
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 11
 # all domains in domain.te.
@@ -26486,14 +26285,6 @@
 #line 9
 allow servicemanager canhalconfigurator:binder { call transfer };
 #line 9
-# servicemanager performs getpidcon on clients.
-#line 9
-allow servicemanager canhalconfigurator:dir search;
-#line 9
-allow servicemanager canhalconfigurator:file { read open };
-#line 9
-allow servicemanager canhalconfigurator:process getattr;
-#line 9
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 9
 # all domains in domain.te.
@@ -26752,14 +26543,6 @@
 #line 25
 allow hwservicemanager charger_type:binder { call transfer };
 #line 25
-# hwservicemanager performs getpidcon on clients.
-#line 25
-allow hwservicemanager charger_type:dir search;
-#line 25
-allow hwservicemanager charger_type:file { read open map };
-#line 25
-allow hwservicemanager charger_type:process getattr;
-#line 25
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 25
 # all domains in domain.te.
@@ -26788,14 +26571,6 @@
 #line 25
 allow servicemanager charger_type:binder { call transfer };
 #line 25
-# servicemanager performs getpidcon on clients.
-#line 25
-allow servicemanager charger_type:dir search;
-#line 25
-allow servicemanager charger_type:file { read open };
-#line 25
-allow servicemanager charger_type:process getattr;
-#line 25
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 25
 # all domains in domain.te.
@@ -26932,14 +26707,6 @@
 #line 6
 allow servicemanager compos_verify:binder { call transfer };
 #line 6
-# servicemanager performs getpidcon on clients.
-#line 6
-allow servicemanager compos_verify:dir search;
-#line 6
-allow servicemanager compos_verify:file { read open };
-#line 6
-allow servicemanager compos_verify:process getattr;
-#line 6
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 6
 # all domains in domain.te.
@@ -27101,14 +26868,6 @@
 #line 6
 allow servicemanager composd:binder { call transfer };
 #line 6
-# servicemanager performs getpidcon on clients.
-#line 6
-allow servicemanager composd:dir search;
-#line 6
-allow servicemanager composd:file { read open };
-#line 6
-allow servicemanager composd:process getattr;
-#line 6
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 6
 # all domains in domain.te.
@@ -28362,14 +28121,6 @@
 #line 15
 allow servicemanager credstore:binder { call transfer };
 #line 15
-# servicemanager performs getpidcon on clients.
-#line 15
-allow servicemanager credstore:dir search;
-#line 15
-allow servicemanager credstore:file { read open };
-#line 15
-allow servicemanager credstore:process getattr;
-#line 15
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 15
 # all domains in domain.te.
@@ -28698,7 +28449,7 @@
   apk_data_file
   app_data_file
   privapp_data_file
-  storage_area_content_file
+  
   vm_data_file
   
 }:file open;
@@ -29176,14 +28927,6 @@
 #line 7
 allow servicemanager dexopt_chroot_setup:binder { call transfer };
 #line 7
-# servicemanager performs getpidcon on clients.
-#line 7
-allow servicemanager dexopt_chroot_setup:dir search;
-#line 7
-allow servicemanager dexopt_chroot_setup:file { read open };
-#line 7
-allow servicemanager dexopt_chroot_setup:process getattr;
-#line 7
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 7
 # all domains in domain.te.
@@ -29702,14 +29445,6 @@
 #line 12
 allow servicemanager dmesgd:binder { call transfer };
 #line 12
-# servicemanager performs getpidcon on clients.
-#line 12
-allow servicemanager dmesgd:dir search;
-#line 12
-allow servicemanager dmesgd:file { read open };
-#line 12
-allow servicemanager dmesgd:process getattr;
-#line 12
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 12
 # all domains in domain.te.
@@ -33122,22 +32857,9 @@
 } {
   privapp_data_file
   app_data_file
-  storage_area_content_file
+  
 }:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } { create unlink };
 
-
-#line 1665
-  neverallow {
-#line 1665
-    domain
-#line 1665
-    -artd # compile secondary dex files
-#line 1665
-    -installd # creation of sandbox
-#line 1665
-    -vold_prepare_subdirs # creation of storage area directories
-#line 1665
-  } {storage_area_app_dir storage_area_dir }:dir { create unlink };
 #line 1672
 
 
@@ -33158,56 +32880,12 @@
 } {
   privapp_data_file
   app_data_file
-  storage_area_content_file
+  
 }:dir *;
 
-
-#line 1694
-  neverallow {
-#line 1694
-    domain
-#line 1694
-    -appdomain
-#line 1694
-    -app_zygote
-#line 1694
-    -artd # compile secondary dex files
-#line 1694
-    -installd
-#line 1694
-    -rs # spawned by appdomain, so carryover the exception above
-#line 1694
-    -system_server
-#line 1694
-    -vold # encryption of storage area directories
-#line 1694
-    -vold_prepare_subdirs # creation of storage area directories
-#line 1694
-    -zygote
-#line 1694
-  } { storage_area_dir storage_area_app_dir }:dir *;
 #line 1707
 
 
-
-#line 1709
-  # only vold and installd can access the storage area key files
-#line 1709
-  # (and init, in case of a recursive restorecon)
-#line 1709
-  neverallow {
-#line 1709
-    domain
-#line 1709
-    -init
-#line 1709
-    -vold
-#line 1709
-    -vold_prepare_subdirs
-#line 1709
-    -installd
-#line 1709
-  } { storage_area_key_file }:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } *;
 #line 1719
 
 
@@ -33222,26 +32900,9 @@
 } {
   privapp_data_file
   app_data_file
-  storage_area_content_file
+  
 }:dir ~{ open getattr read search ioctl lock watch watch_reads };
 
-
-#line 1735
-  neverallow {
-#line 1735
-    domain
-#line 1735
-    -appdomain
-#line 1735
-    -artd # compile secondary dex files
-#line 1735
-    -installd
-#line 1735
-    -rs # spawned by appdomain, so carryover the exception above
-#line 1735
-    -vold_prepare_subdirs # creation of storage area directories
-#line 1735
-  } { storage_area_dir storage_area_app_dir }:dir ~{ open getattr read search ioctl lock watch watch_reads };
 #line 1744
 
 
@@ -33255,7 +32916,7 @@
 } {
   privapp_data_file
   app_data_file
-  storage_area_content_file
+  
 }:{ { chr_file blk_file } { file lnk_file sock_file fifo_file } } open;
 
 neverallow {
@@ -33266,7 +32927,7 @@
 } {
   privapp_data_file
   app_data_file
-  storage_area_content_file
+  
 }:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } { create unlink };
 
 neverallow {
@@ -33276,22 +32937,9 @@
 } {
   privapp_data_file
   app_data_file
-  storage_area_content_file
+  
 }:{ dir { { chr_file blk_file } { file lnk_file sock_file fifo_file } } } { relabelfrom relabelto };
 
-
-#line 1780
-  neverallow {
-#line 1780
-    domain
-#line 1780
-    -artd # compile secondary dex files
-#line 1780
-    -installd
-#line 1780
-    -vold_prepare_subdirs
-#line 1780
-  } { storage_area_dir storage_area_app_dir }:dir { relabelfrom relabelto };
 #line 1787
 
 
@@ -34157,14 +33805,6 @@
 #line 16
 allow servicemanager drmserver:binder { call transfer };
 #line 16
-# servicemanager performs getpidcon on clients.
-#line 16
-allow servicemanager drmserver:dir search;
-#line 16
-allow servicemanager drmserver:file { read open };
-#line 16
-allow servicemanager drmserver:process getattr;
-#line 16
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 16
 # all domains in domain.te.
@@ -34947,14 +34587,6 @@
 #line 165
 allow servicemanager dumpstate:binder { call transfer };
 #line 165
-# servicemanager performs getpidcon on clients.
-#line 165
-allow servicemanager dumpstate:dir search;
-#line 165
-allow servicemanager dumpstate:file { read open };
-#line 165
-allow servicemanager dumpstate:process getattr;
-#line 165
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 165
 # all domains in domain.te.
@@ -35006,14 +34638,6 @@
 #line 166
 allow hwservicemanager dumpstate:binder { call transfer };
 #line 166
-# hwservicemanager performs getpidcon on clients.
-#line 166
-allow hwservicemanager dumpstate:dir search;
-#line 166
-allow hwservicemanager dumpstate:file { read open map };
-#line 166
-allow hwservicemanager dumpstate:process getattr;
-#line 166
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 166
 # all domains in domain.te.
@@ -35042,14 +34666,6 @@
 #line 166
 allow servicemanager dumpstate:binder { call transfer };
 #line 166
-# servicemanager performs getpidcon on clients.
-#line 166
-allow servicemanager dumpstate:dir search;
-#line 166
-allow servicemanager dumpstate:file { read open };
-#line 166
-allow servicemanager dumpstate:process getattr;
-#line 166
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 166
 # all domains in domain.te.
@@ -37061,14 +36677,6 @@
 #line 1
 allow servicemanager early_virtmgr:binder { call transfer };
 #line 1
-# servicemanager performs getpidcon on clients.
-#line 1
-allow servicemanager early_virtmgr:dir search;
-#line 1
-allow servicemanager early_virtmgr:file { read open };
-#line 1
-allow servicemanager early_virtmgr:process getattr;
-#line 1
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 1
 # all domains in domain.te.
@@ -37538,14 +37146,6 @@
 #line 16
 allow servicemanager evsmanagerd:binder { call transfer };
 #line 16
-# servicemanager performs getpidcon on clients.
-#line 16
-allow servicemanager evsmanagerd:dir search;
-#line 16
-allow servicemanager evsmanagerd:file { read open };
-#line 16
-allow servicemanager evsmanagerd:process getattr;
-#line 16
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 16
 # all domains in domain.te.
@@ -38067,14 +37667,6 @@
 #line 5
 allow servicemanager fingerprintd:binder { call transfer };
 #line 5
-# servicemanager performs getpidcon on clients.
-#line 5
-allow servicemanager fingerprintd:dir search;
-#line 5
-allow servicemanager fingerprintd:file { read open };
-#line 5
-allow servicemanager fingerprintd:process getattr;
-#line 5
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 5
 # all domains in domain.te.
@@ -38110,12 +37702,6 @@
 # Need to add auth tokens to KeyStore
 
 #line 20
-  allow keystore fingerprintd:dir search;
-#line 20
-  allow keystore fingerprintd:file { read open };
-#line 20
-  allow keystore fingerprintd:process getattr;
-#line 20
   allow fingerprintd apc_service:service_manager find;
 #line 20
   allow fingerprintd keystore_service:service_manager find;
@@ -39378,14 +38964,6 @@
 #line 10
 allow servicemanager gatekeeperd:binder { call transfer };
 #line 10
-# servicemanager performs getpidcon on clients.
-#line 10
-allow servicemanager gatekeeperd:dir search;
-#line 10
-allow servicemanager gatekeeperd:file { read open };
-#line 10
-allow servicemanager gatekeeperd:process getattr;
-#line 10
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 10
 # all domains in domain.te.
@@ -39452,12 +39030,6 @@
 # Need to add auth tokens to KeyStore
 
 #line 28
-  allow keystore gatekeeperd:dir search;
-#line 28
-  allow keystore gatekeeperd:file { read open };
-#line 28
-  allow keystore gatekeeperd:process getattr;
-#line 28
   allow gatekeeperd apc_service:service_manager find;
 #line 28
   allow gatekeeperd keystore_service:service_manager find;
@@ -39554,14 +39126,6 @@
 #line 18
 allow servicemanager gki_apex_prepostinstall:binder { call transfer };
 #line 18
-# servicemanager performs getpidcon on clients.
-#line 18
-allow servicemanager gki_apex_prepostinstall:dir search;
-#line 18
-allow servicemanager gki_apex_prepostinstall:file { read open };
-#line 18
-allow servicemanager gki_apex_prepostinstall:process getattr;
-#line 18
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 18
 # all domains in domain.te.
@@ -40084,14 +39648,6 @@
 #line 12
 allow servicemanager gpuservice:binder { call transfer };
 #line 12
-# servicemanager performs getpidcon on clients.
-#line 12
-allow servicemanager gpuservice:dir search;
-#line 12
-allow servicemanager gpuservice:file { read open };
-#line 12
-allow servicemanager gpuservice:process getattr;
-#line 12
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 12
 # all domains in domain.te.
@@ -40120,14 +39676,6 @@
 #line 22
 allow hwservicemanager gpuservice:binder { call transfer };
 #line 22
-# hwservicemanager performs getpidcon on clients.
-#line 22
-allow hwservicemanager gpuservice:dir search;
-#line 22
-allow hwservicemanager gpuservice:file { read open map };
-#line 22
-allow hwservicemanager gpuservice:process getattr;
-#line 22
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 22
 # all domains in domain.te.
@@ -40310,14 +39858,6 @@
 #line 9
 allow servicemanager gsid:binder { call transfer };
 #line 9
-# servicemanager performs getpidcon on clients.
-#line 9
-allow servicemanager gsid:dir search;
-#line 9
-allow servicemanager gsid:file { read open };
-#line 9
-allow servicemanager gsid:process getattr;
-#line 9
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 9
 # all domains in domain.te.
@@ -40870,14 +40410,6 @@
 #line 32
 allow hal_audio vndservicemanager:binder { call transfer };
 #line 32
-# vndservicemanager performs getpidcon on clients.
-#line 32
-allow vndservicemanager hal_audio:dir search;
-#line 32
-allow vndservicemanager hal_audio:file { read open map };
-#line 32
-allow vndservicemanager hal_audio:process getattr;
-#line 32
 
 
 ###
@@ -41275,14 +40807,6 @@
 #line 9
 allow hwservicemanager hal_bluetooth:binder { call transfer };
 #line 9
-# hwservicemanager performs getpidcon on clients.
-#line 9
-allow hwservicemanager hal_bluetooth:dir search;
-#line 9
-allow hwservicemanager hal_bluetooth:file { read open map };
-#line 9
-allow hwservicemanager hal_bluetooth:process getattr;
-#line 9
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 9
 # all domains in domain.te.
@@ -41311,14 +40835,6 @@
 #line 9
 allow servicemanager hal_bluetooth:binder { call transfer };
 #line 9
-# servicemanager performs getpidcon on clients.
-#line 9
-allow servicemanager hal_bluetooth:dir search;
-#line 9
-allow servicemanager hal_bluetooth:file { read open };
-#line 9
-allow servicemanager hal_bluetooth:process getattr;
-#line 9
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 9
 # all domains in domain.te.
@@ -41496,14 +41012,6 @@
 #line 4
 allow servicemanager hal_bootctl_server:binder { call transfer };
 #line 4
-# servicemanager performs getpidcon on clients.
-#line 4
-allow servicemanager hal_bootctl_server:dir search;
-#line 4
-allow servicemanager hal_bootctl_server:file { read open };
-#line 4
-allow servicemanager hal_bootctl_server:process getattr;
-#line 4
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 4
 # all domains in domain.te.
@@ -41693,14 +41201,6 @@
 #line 6
 allow servicemanager hal_camera_server:binder { call transfer };
 #line 6
-# servicemanager performs getpidcon on clients.
-#line 6
-allow servicemanager hal_camera_server:dir search;
-#line 6
-allow servicemanager hal_camera_server:file { read open };
-#line 6
-allow servicemanager hal_camera_server:process getattr;
-#line 6
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 6
 # all domains in domain.te.
@@ -41923,14 +41423,6 @@
 #line 13
 allow servicemanager hal_can_controller:binder { call transfer };
 #line 13
-# servicemanager performs getpidcon on clients.
-#line 13
-allow servicemanager hal_can_controller:dir search;
-#line 13
-allow servicemanager hal_can_controller:file { read open };
-#line 13
-allow servicemanager hal_can_controller:process getattr;
-#line 13
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 13
 # all domains in domain.te.
@@ -42569,14 +42061,6 @@
 #line 2
 allow servicemanager hal_drm_server:binder { call transfer };
 #line 2
-# servicemanager performs getpidcon on clients.
-#line 2
-allow servicemanager hal_drm_server:dir search;
-#line 2
-allow servicemanager hal_drm_server:file { read open };
-#line 2
-allow servicemanager hal_drm_server:process getattr;
-#line 2
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 2
 # all domains in domain.te.
@@ -42938,14 +42422,6 @@
 #line 12
 allow servicemanager hal_dumpstate_server:binder { call transfer };
 #line 12
-# servicemanager performs getpidcon on clients.
-#line 12
-allow servicemanager hal_dumpstate_server:dir search;
-#line 12
-allow servicemanager hal_dumpstate_server:file { read open };
-#line 12
-allow servicemanager hal_dumpstate_server:process getattr;
-#line 12
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 12
 # all domains in domain.te.
@@ -42976,14 +42452,6 @@
 #line 1
 allow hwservicemanager hal_evs_client:binder { call transfer };
 #line 1
-# hwservicemanager performs getpidcon on clients.
-#line 1
-allow hwservicemanager hal_evs_client:dir search;
-#line 1
-allow hwservicemanager hal_evs_client:file { read open map };
-#line 1
-allow hwservicemanager hal_evs_client:process getattr;
-#line 1
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 1
 # all domains in domain.te.
@@ -42999,14 +42467,6 @@
 #line 2
 allow hwservicemanager hal_evs_server:binder { call transfer };
 #line 2
-# hwservicemanager performs getpidcon on clients.
-#line 2
-allow hwservicemanager hal_evs_server:dir search;
-#line 2
-allow hwservicemanager hal_evs_server:file { read open map };
-#line 2
-allow hwservicemanager hal_evs_server:process getattr;
-#line 2
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 2
 # all domains in domain.te.
@@ -43165,14 +42625,6 @@
 #line 8
 allow servicemanager hal_face_server:binder { call transfer };
 #line 8
-# servicemanager performs getpidcon on clients.
-#line 8
-allow servicemanager hal_face_server:dir search;
-#line 8
-allow servicemanager hal_face_server:file { read open };
-#line 8
-allow servicemanager hal_face_server:process getattr;
-#line 8
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 8
 # all domains in domain.te.
@@ -43333,14 +42785,6 @@
 #line 8
 allow servicemanager hal_fingerprint_server:binder { call transfer };
 #line 8
-# servicemanager performs getpidcon on clients.
-#line 8
-allow servicemanager hal_fingerprint_server:dir search;
-#line 8
-allow servicemanager hal_fingerprint_server:file { read open };
-#line 8
-allow servicemanager hal_fingerprint_server:process getattr;
-#line 8
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 8
 # all domains in domain.te.
@@ -43543,14 +42987,6 @@
 #line 7
 allow servicemanager hal_gnss_server:binder { call transfer };
 #line 7
-# servicemanager performs getpidcon on clients.
-#line 7
-allow servicemanager hal_gnss_server:dir search;
-#line 7
-allow servicemanager hal_gnss_server:file { read open };
-#line 7
-allow servicemanager hal_gnss_server:process getattr;
-#line 7
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 7
 # all domains in domain.te.
@@ -43566,14 +43002,6 @@
 #line 8
 allow servicemanager hal_gnss_client:binder { call transfer };
 #line 8
-# servicemanager performs getpidcon on clients.
-#line 8
-allow servicemanager hal_gnss_client:dir search;
-#line 8
-allow servicemanager hal_gnss_client:file { read open };
-#line 8
-allow servicemanager hal_gnss_client:process getattr;
-#line 8
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 8
 # all domains in domain.te.
@@ -43970,14 +43398,6 @@
 #line 22
 allow hwservicemanager hal_health_server:binder { call transfer };
 #line 22
-# hwservicemanager performs getpidcon on clients.
-#line 22
-allow hwservicemanager hal_health_server:dir search;
-#line 22
-allow hwservicemanager hal_health_server:file { read open map };
-#line 22
-allow hwservicemanager hal_health_server:process getattr;
-#line 22
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 22
 # all domains in domain.te.
@@ -44006,14 +43426,6 @@
 #line 22
 allow servicemanager hal_health_server:binder { call transfer };
 #line 22
-# servicemanager performs getpidcon on clients.
-#line 22
-allow servicemanager hal_health_server:dir search;
-#line 22
-allow servicemanager hal_health_server:file { read open };
-#line 22
-allow servicemanager hal_health_server:process getattr;
-#line 22
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 22
 # all domains in domain.te.
@@ -44075,14 +43487,6 @@
 #line 5
 allow servicemanager hal_health_storage_server:binder { call transfer };
 #line 5
-# servicemanager performs getpidcon on clients.
-#line 5
-allow servicemanager hal_health_storage_server:dir search;
-#line 5
-allow servicemanager hal_health_storage_server:file { read open };
-#line 5
-allow servicemanager hal_health_storage_server:process getattr;
-#line 5
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 5
 # all domains in domain.te.
@@ -44721,14 +44125,6 @@
 #line 9
 allow servicemanager hal_light_client:binder { call transfer };
 #line 9
-# servicemanager performs getpidcon on clients.
-#line 9
-allow servicemanager hal_light_client:dir search;
-#line 9
-allow servicemanager hal_light_client:file { read open };
-#line 9
-allow servicemanager hal_light_client:process getattr;
-#line 9
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 9
 # all domains in domain.te.
@@ -44894,14 +44290,6 @@
 #line 7
 allow servicemanager hal_macsec_server:binder { call transfer };
 #line 7
-# servicemanager performs getpidcon on clients.
-#line 7
-allow servicemanager hal_macsec_server:dir search;
-#line 7
-allow servicemanager hal_macsec_server:file { read open };
-#line 7
-allow servicemanager hal_macsec_server:process getattr;
-#line 7
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 7
 # all domains in domain.te.
@@ -45230,14 +44618,6 @@
 #line 45
 allow servicemanager hal_neuralnetworks_server:binder { call transfer };
 #line 45
-# servicemanager performs getpidcon on clients.
-#line 45
-allow servicemanager hal_neuralnetworks_server:dir search;
-#line 45
-allow servicemanager hal_neuralnetworks_server:file { read open };
-#line 45
-allow servicemanager hal_neuralnetworks_server:process getattr;
-#line 45
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 45
 # all domains in domain.te.
@@ -46054,14 +45434,6 @@
 #line 6
 allow servicemanager hal_rebootescrow_server:binder { call transfer };
 #line 6
-# servicemanager performs getpidcon on clients.
-#line 6
-allow servicemanager hal_rebootescrow_server:dir search;
-#line 6
-allow servicemanager hal_rebootescrow_server:file { read open };
-#line 6
-allow servicemanager hal_rebootescrow_server:process getattr;
-#line 6
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 6
 # all domains in domain.te.
@@ -46182,14 +45554,6 @@
 #line 8
 allow servicemanager hal_remotelyprovisionedcomponent_avf_server:binder { call transfer };
 #line 8
-# servicemanager performs getpidcon on clients.
-#line 8
-allow servicemanager hal_remotelyprovisionedcomponent_avf_server:dir search;
-#line 8
-allow servicemanager hal_remotelyprovisionedcomponent_avf_server:file { read open };
-#line 8
-allow servicemanager hal_remotelyprovisionedcomponent_avf_server:process getattr;
-#line 8
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 8
 # all domains in domain.te.
@@ -46250,14 +45614,6 @@
 #line 7
 allow servicemanager hal_secretkeeper_server:binder { call transfer };
 #line 7
-# servicemanager performs getpidcon on clients.
-#line 7
-allow servicemanager hal_secretkeeper_server:dir search;
-#line 7
-allow servicemanager hal_secretkeeper_server:file { read open };
-#line 7
-allow servicemanager hal_secretkeeper_server:process getattr;
-#line 7
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 7
 # all domains in domain.te.
@@ -46273,14 +45629,6 @@
 #line 8
 allow servicemanager hal_secretkeeper_client:binder { call transfer };
 #line 8
-# servicemanager performs getpidcon on clients.
-#line 8
-allow servicemanager hal_secretkeeper_client:dir search;
-#line 8
-allow servicemanager hal_secretkeeper_client:file { read open };
-#line 8
-allow servicemanager hal_secretkeeper_client:process getattr;
-#line 8
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 8
 # all domains in domain.te.
@@ -46378,14 +45726,6 @@
 #line 8
 allow servicemanager hal_secure_element_server:binder { call transfer };
 #line 8
-# servicemanager performs getpidcon on clients.
-#line 8
-allow servicemanager hal_secure_element_server:dir search;
-#line 8
-allow servicemanager hal_secure_element_server:file { read open };
-#line 8
-allow servicemanager hal_secure_element_server:process getattr;
-#line 8
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 8
 # all domains in domain.te.
@@ -46739,14 +46079,6 @@
 #line 38
 allow hwservicemanager hal_telephony_server:binder { call transfer };
 #line 38
-# hwservicemanager performs getpidcon on clients.
-#line 38
-allow hwservicemanager hal_telephony_server:dir search;
-#line 38
-allow hwservicemanager hal_telephony_server:file { read open map };
-#line 38
-allow hwservicemanager hal_telephony_server:process getattr;
-#line 38
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 38
 # all domains in domain.te.
@@ -46775,14 +46107,6 @@
 #line 38
 allow servicemanager hal_telephony_server:binder { call transfer };
 #line 38
-# servicemanager performs getpidcon on clients.
-#line 38
-allow servicemanager hal_telephony_server:dir search;
-#line 38
-allow servicemanager hal_telephony_server:file { read open };
-#line 38
-allow servicemanager hal_telephony_server:process getattr;
-#line 38
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 38
 # all domains in domain.te.
@@ -46913,14 +46237,6 @@
 #line 8
 allow servicemanager hal_tetheroffload_server:binder { call transfer };
 #line 8
-# servicemanager performs getpidcon on clients.
-#line 8
-allow servicemanager hal_tetheroffload_server:dir search;
-#line 8
-allow servicemanager hal_tetheroffload_server:file { read open };
-#line 8
-allow servicemanager hal_tetheroffload_server:process getattr;
-#line 8
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 8
 # all domains in domain.te.
@@ -47234,14 +46550,6 @@
 #line 4
 allow servicemanager hal_tv_hdmi_cec_client:binder { call transfer };
 #line 4
-# servicemanager performs getpidcon on clients.
-#line 4
-allow servicemanager hal_tv_hdmi_cec_client:dir search;
-#line 4
-allow servicemanager hal_tv_hdmi_cec_client:file { read open };
-#line 4
-allow servicemanager hal_tv_hdmi_cec_client:process getattr;
-#line 4
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 4
 # all domains in domain.te.
@@ -47257,14 +46565,6 @@
 #line 5
 allow servicemanager hal_tv_hdmi_cec_server:binder { call transfer };
 #line 5
-# servicemanager performs getpidcon on clients.
-#line 5
-allow servicemanager hal_tv_hdmi_cec_server:dir search;
-#line 5
-allow servicemanager hal_tv_hdmi_cec_server:file { read open };
-#line 5
-allow servicemanager hal_tv_hdmi_cec_server:process getattr;
-#line 5
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 5
 # all domains in domain.te.
@@ -47338,14 +46638,6 @@
 #line 4
 allow servicemanager hal_tv_hdmi_connection_client:binder { call transfer };
 #line 4
-# servicemanager performs getpidcon on clients.
-#line 4
-allow servicemanager hal_tv_hdmi_connection_client:dir search;
-#line 4
-allow servicemanager hal_tv_hdmi_connection_client:file { read open };
-#line 4
-allow servicemanager hal_tv_hdmi_connection_client:process getattr;
-#line 4
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 4
 # all domains in domain.te.
@@ -47361,14 +46653,6 @@
 #line 5
 allow servicemanager hal_tv_hdmi_connection_server:binder { call transfer };
 #line 5
-# servicemanager performs getpidcon on clients.
-#line 5
-allow servicemanager hal_tv_hdmi_connection_server:dir search;
-#line 5
-allow servicemanager hal_tv_hdmi_connection_server:file { read open };
-#line 5
-allow servicemanager hal_tv_hdmi_connection_server:process getattr;
-#line 5
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 5
 # all domains in domain.te.
@@ -47442,14 +46726,6 @@
 #line 4
 allow servicemanager hal_tv_hdmi_earc_client:binder { call transfer };
 #line 4
-# servicemanager performs getpidcon on clients.
-#line 4
-allow servicemanager hal_tv_hdmi_earc_client:dir search;
-#line 4
-allow servicemanager hal_tv_hdmi_earc_client:file { read open };
-#line 4
-allow servicemanager hal_tv_hdmi_earc_client:process getattr;
-#line 4
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 4
 # all domains in domain.te.
@@ -47465,14 +46741,6 @@
 #line 5
 allow servicemanager hal_tv_hdmi_earc_server:binder { call transfer };
 #line 5
-# servicemanager performs getpidcon on clients.
-#line 5
-allow servicemanager hal_tv_hdmi_earc_server:dir search;
-#line 5
-allow servicemanager hal_tv_hdmi_earc_server:file { read open };
-#line 5
-allow servicemanager hal_tv_hdmi_earc_server:process getattr;
-#line 5
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 5
 # all domains in domain.te.
@@ -48258,14 +47526,6 @@
 #line 8
 allow servicemanager hal_vm_capabilities_client:binder { call transfer };
 #line 8
-# servicemanager performs getpidcon on clients.
-#line 8
-allow servicemanager hal_vm_capabilities_client:dir search;
-#line 8
-allow servicemanager hal_vm_capabilities_client:file { read open };
-#line 8
-allow servicemanager hal_vm_capabilities_client:process getattr;
-#line 8
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 8
 # all domains in domain.te.
@@ -48281,14 +47541,6 @@
 #line 9
 allow servicemanager hal_vm_capabilities_server:binder { call transfer };
 #line 9
-# servicemanager performs getpidcon on clients.
-#line 9
-allow servicemanager hal_vm_capabilities_server:dir search;
-#line 9
-allow servicemanager hal_vm_capabilities_server:file { read open };
-#line 9
-allow servicemanager hal_vm_capabilities_server:process getattr;
-#line 9
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 9
 # all domains in domain.te.
@@ -48512,14 +47764,6 @@
 #line 8
 allow servicemanager hal_wifi_server:binder { call transfer };
 #line 8
-# servicemanager performs getpidcon on clients.
-#line 8
-allow servicemanager hal_wifi_server:dir search;
-#line 8
-allow servicemanager hal_wifi_server:file { read open };
-#line 8
-allow servicemanager hal_wifi_server:process getattr;
-#line 8
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 8
 # all domains in domain.te.
@@ -48688,14 +47932,6 @@
 #line 8
 allow servicemanager hal_wifi_hostapd_server:binder { call transfer };
 #line 8
-# servicemanager performs getpidcon on clients.
-#line 8
-allow servicemanager hal_wifi_hostapd_server:dir search;
-#line 8
-allow servicemanager hal_wifi_hostapd_server:file { read open };
-#line 8
-allow servicemanager hal_wifi_hostapd_server:process getattr;
-#line 8
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 8
 # all domains in domain.te.
@@ -49020,12 +48256,6 @@
 
 
 #line 23
-  allow keystore hal_wifi_supplicant:dir search;
-#line 23
-  allow keystore hal_wifi_supplicant:file { read open };
-#line 23
-  allow keystore hal_wifi_supplicant:process getattr;
-#line 23
   allow hal_wifi_supplicant apc_service:service_manager find;
 #line 23
   allow hal_wifi_supplicant keystore_service:service_manager find;
@@ -49075,14 +48305,6 @@
 #line 24
 allow servicemanager hal_wifi_supplicant_server:binder { call transfer };
 #line 24
-# servicemanager performs getpidcon on clients.
-#line 24
-allow servicemanager hal_wifi_supplicant_server:dir search;
-#line 24
-allow servicemanager hal_wifi_supplicant_server:file { read open };
-#line 24
-allow servicemanager hal_wifi_supplicant_server:process getattr;
-#line 24
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 24
 # all domains in domain.te.
@@ -49119,14 +48341,6 @@
 #line 7
 allow hwservicemanager halclientdomain:binder { call transfer };
 #line 7
-# hwservicemanager performs getpidcon on clients.
-#line 7
-allow hwservicemanager halclientdomain:dir search;
-#line 7
-allow hwservicemanager halclientdomain:file { read open map };
-#line 7
-allow hwservicemanager halclientdomain:process getattr;
-#line 7
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 7
 # all domains in domain.te.
@@ -49158,14 +48372,6 @@
 #line 6
 allow hwservicemanager halserverdomain:binder { call transfer };
 #line 6
-# hwservicemanager performs getpidcon on clients.
-#line 6
-allow hwservicemanager halserverdomain:dir search;
-#line 6
-allow hwservicemanager halserverdomain:file { read open map };
-#line 6
-allow hwservicemanager halserverdomain:process getattr;
-#line 6
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 6
 # all domains in domain.te.
@@ -49719,14 +48925,6 @@
 #line 24
 allow servicemanager idmap:binder { call transfer };
 #line 24
-# servicemanager performs getpidcon on clients.
-#line 24
-allow servicemanager idmap:dir search;
-#line 24
-allow servicemanager idmap:file { read open };
-#line 24
-allow servicemanager idmap:process getattr;
-#line 24
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 24
 # all domains in domain.te.
@@ -49861,14 +49059,6 @@
 #line 31
 allow servicemanager incident:binder { call transfer };
 #line 31
-# servicemanager performs getpidcon on clients.
-#line 31
-allow servicemanager incident:dir search;
-#line 31
-allow servicemanager incident:file { read open };
-#line 31
-allow servicemanager incident:process getattr;
-#line 31
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 31
 # all domains in domain.te.
@@ -50016,14 +49206,6 @@
 #line 6
 allow servicemanager incidentd:binder { call transfer };
 #line 6
-# servicemanager performs getpidcon on clients.
-#line 6
-allow servicemanager incidentd:dir search;
-#line 6
-allow servicemanager incidentd:file { read open };
-#line 6
-allow servicemanager incidentd:process getattr;
-#line 6
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 6
 # all domains in domain.te.
@@ -50075,14 +49257,6 @@
 #line 7
 allow hwservicemanager incidentd:binder { call transfer };
 #line 7
-# hwservicemanager performs getpidcon on clients.
-#line 7
-allow hwservicemanager incidentd:dir search;
-#line 7
-allow hwservicemanager incidentd:file { read open map };
-#line 7
-allow hwservicemanager incidentd:process getattr;
-#line 7
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 7
 # all domains in domain.te.
@@ -50111,14 +49285,6 @@
 #line 7
 allow servicemanager incidentd:binder { call transfer };
 #line 7
-# servicemanager performs getpidcon on clients.
-#line 7
-allow servicemanager incidentd:dir search;
-#line 7
-allow servicemanager incidentd:file { read open };
-#line 7
-allow servicemanager incidentd:process getattr;
-#line 7
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 7
 # all domains in domain.te.
@@ -50244,14 +49410,6 @@
 #line 70
 allow servicemanager incidentd:binder { call transfer };
 #line 70
-# servicemanager performs getpidcon on clients.
-#line 70
-allow servicemanager incidentd:dir search;
-#line 70
-allow servicemanager incidentd:file { read open };
-#line 70
-allow servicemanager incidentd:process getattr;
-#line 70
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 70
 # all domains in domain.te.
@@ -50267,14 +49425,6 @@
 #line 71
 allow hwservicemanager incidentd:binder { call transfer };
 #line 71
-# hwservicemanager performs getpidcon on clients.
-#line 71
-allow hwservicemanager incidentd:dir search;
-#line 71
-allow hwservicemanager incidentd:file { read open map };
-#line 71
-allow hwservicemanager incidentd:process getattr;
-#line 71
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 71
 # all domains in domain.te.
@@ -51186,14 +50336,6 @@
   file_type
   -app_data_file
   
-#line 318
-    -storage_area_dir
-#line 318
-    -storage_area_app_dir
-#line 318
-    -storage_area_content_file
-#line 318
-  
 #line 323
   -vm_data_file
   -bpffs_type
@@ -51211,14 +50353,6 @@
   file_type
   -app_data_file
   
-#line 338
-    -storage_area_dir
-#line 338
-    -storage_area_app_dir
-#line 338
-    -storage_area_content_file
-#line 338
-  
 #line 343
   -vm_data_file
   -bpffs_type
@@ -51244,14 +50378,6 @@
   -apex_info_file
   -app_data_file
   
-#line 366
-    -storage_area_dir
-#line 366
-    -storage_area_app_dir
-#line 366
-    -storage_area_content_file
-#line 366
-  
 #line 371
   -vm_data_file
   -bpffs_type
@@ -51288,14 +50414,6 @@
   file_type
   -app_data_file
   
-#line 399
-    -storage_area_dir
-#line 399
-    -storage_area_app_dir
-#line 399
-    -storage_area_content_file
-#line 399
-  
 #line 404
   -vm_data_file
   -bpffs_type
@@ -51319,14 +50437,6 @@
   -apex_mnt_dir
   -app_data_file
   
-#line 425
-    -storage_area_dir
-#line 425
-    -storage_area_app_dir
-#line 425
-    -storage_area_content_file
-#line 425
-  
 #line 430
   -vm_data_file
   -bpffs_type
@@ -51356,14 +50466,6 @@
   -exec_type
   -app_data_file
   
-#line 457
-    -storage_area_dir
-#line 457
-    -storage_area_app_dir
-#line 457
-    -storage_area_content_file
-#line 457
-  
 #line 462
   -vm_data_file
   -privapp_data_file
@@ -51888,14 +50990,6 @@
 #line 5
 allow servicemanager inputflinger:binder { call transfer };
 #line 5
-# servicemanager performs getpidcon on clients.
-#line 5
-allow servicemanager inputflinger:dir search;
-#line 5
-allow servicemanager inputflinger:file { read open };
-#line 5
-allow servicemanager inputflinger:process getattr;
-#line 5
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 5
 # all domains in domain.te.
@@ -51969,14 +51063,6 @@
 #line 10
 allow hwservicemanager inputflinger:binder { call transfer };
 #line 10
-# hwservicemanager performs getpidcon on clients.
-#line 10
-allow hwservicemanager inputflinger:dir search;
-#line 10
-allow hwservicemanager inputflinger:file { read open map };
-#line 10
-allow hwservicemanager inputflinger:process getattr;
-#line 10
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 10
 # all domains in domain.te.
@@ -52005,14 +51091,6 @@
 #line 10
 allow servicemanager inputflinger:binder { call transfer };
 #line 10
-# servicemanager performs getpidcon on clients.
-#line 10
-allow servicemanager inputflinger:dir search;
-#line 10
-allow servicemanager inputflinger:file { read open };
-#line 10
-allow servicemanager inputflinger:process getattr;
-#line 10
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 10
 # all domains in domain.te.
@@ -52473,14 +51551,6 @@
 #line 191
 allow servicemanager installd:binder { call transfer };
 #line 191
-# servicemanager performs getpidcon on clients.
-#line 191
-allow servicemanager installd:dir search;
-#line 191
-allow servicemanager installd:file { read open };
-#line 191
-allow servicemanager installd:process getattr;
-#line 191
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 191
 # all domains in domain.te.
@@ -52547,17 +51617,6 @@
 allow installd vold:fd use;
 
 # on app uninstall, installd deletes the storage area keys for the app
-
-#line 221
-  allow installd storage_area_key_file:dir {
-#line 221
-    open search write remove_name
-#line 221
-    lock read getattr rmdir
-#line 221
-  };
-#line 221
-  allow installd storage_area_key_file:file unlink;
 #line 227
 
 
@@ -52920,14 +51979,6 @@
 #line 22
 allow hwservicemanager isolated_compute_app:binder { call transfer };
 #line 22
-# hwservicemanager performs getpidcon on clients.
-#line 22
-allow hwservicemanager isolated_compute_app:dir search;
-#line 22
-allow hwservicemanager isolated_compute_app:file { read open map };
-#line 22
-allow hwservicemanager isolated_compute_app:process getattr;
-#line 22
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 22
 # all domains in domain.te.
@@ -53637,14 +52688,6 @@
 #line 51
 allow servicemanager keystore:binder { call transfer };
 #line 51
-# servicemanager performs getpidcon on clients.
-#line 51
-allow servicemanager keystore:dir search;
-#line 51
-allow servicemanager keystore:file { read open };
-#line 51
-allow servicemanager keystore:process getattr;
-#line 51
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 51
 # all domains in domain.te.
@@ -54429,14 +53472,6 @@
 #line 46
 allow servicemanager logd:binder { call transfer };
 #line 46
-# servicemanager performs getpidcon on clients.
-#line 46
-allow servicemanager logd:dir search;
-#line 46
-allow servicemanager logd:file { read open };
-#line 46
-allow servicemanager logd:process getattr;
-#line 46
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 46
 # all domains in domain.te.
@@ -54722,14 +53757,6 @@
 #line 7
 allow servicemanager lpdumpd:binder { call transfer };
 #line 7
-# servicemanager performs getpidcon on clients.
-#line 7
-allow servicemanager lpdumpd:dir search;
-#line 7
-allow servicemanager lpdumpd:file { read open };
-#line 7
-allow servicemanager lpdumpd:process getattr;
-#line 7
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 7
 # all domains in domain.te.
@@ -54960,14 +53987,6 @@
 #line 12
 allow servicemanager mediadrmserver:binder { call transfer };
 #line 12
-# servicemanager performs getpidcon on clients.
-#line 12
-allow servicemanager mediadrmserver:dir search;
-#line 12
-allow servicemanager mediadrmserver:file { read open };
-#line 12
-allow servicemanager mediadrmserver:process getattr;
-#line 12
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 12
 # all domains in domain.te.
@@ -55216,14 +54235,6 @@
 #line 14
 allow servicemanager mediaextractor:binder { call transfer };
 #line 14
-# servicemanager performs getpidcon on clients.
-#line 14
-allow servicemanager mediaextractor:dir search;
-#line 14
-allow servicemanager mediaextractor:file { read open };
-#line 14
-allow servicemanager mediaextractor:process getattr;
-#line 14
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 14
 # all domains in domain.te.
@@ -55505,14 +54516,6 @@
 #line 10
 allow servicemanager mediametrics:binder { call transfer };
 #line 10
-# servicemanager performs getpidcon on clients.
-#line 10
-allow servicemanager mediametrics:dir search;
-#line 10
-allow servicemanager mediametrics:file { read open };
-#line 10
-allow servicemanager mediametrics:process getattr;
-#line 10
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 10
 # all domains in domain.te.
@@ -56270,14 +55273,6 @@
 #line 57
 allow servicemanager mediaserver:binder { call transfer };
 #line 57
-# servicemanager performs getpidcon on clients.
-#line 57
-allow servicemanager mediaserver:dir search;
-#line 57
-allow servicemanager mediaserver:file { read open };
-#line 57
-allow servicemanager mediaserver:process getattr;
-#line 57
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 57
 # all domains in domain.te.
@@ -56433,15 +55428,6 @@
 # /vendor apk access
 allow mediaserver vendor_app_file:file { read map getattr };
 
-
-#line 138
-  allow drmserver mediaserver:dir search;
-#line 138
-  allow drmserver mediaserver:file { read open };
-#line 138
-  allow drmserver mediaserver:process getattr;
-#line 138
-
 allow mediaserver drmserver:drmservice {
     consumeRights
     setPlaybackStatus
@@ -56456,31 +55442,31 @@
 # only allow unprivileged socket ioctl commands
 allowxperm mediaserver self:{ rawip_socket tcp_socket udp_socket }
   ioctl { 
-#line 152
+#line 151
 {
-#line 152
+#line 151
 # Socket ioctls for gathering information about the interface
-#line 152
+#line 151
 0x00008906 0x00008907
-#line 152
+#line 151
 0x00008910 0x00008912 0x00008913 0x00008915 0x00008917 0x00008919
-#line 152
+#line 151
 0x0000891b 0x00008921 0x00008933 0x00008938 0x00008942
-#line 152
+#line 151
 # Wireless extension ioctls. Primarily get functions.
-#line 152
+#line 151
 0x00008b01 0x00008b05 0x00008b07 0x00008b09 0x00008b0b 0x00008b0d
-#line 152
+#line 151
 0x00008b0f 0x00008b11 0x00008b12 0x00008b13 0x00008b21 0x00008b23
-#line 152
+#line 151
 0x00008b25 0x00008b27 0x00008b29 0x00008b2d
-#line 152
+#line 151
 } {
-#line 152
+#line 151
   0x00005411 0x00005451 0x00005450 0x00005401 0x00005402 0x00005403 0x00005404 0x00005413 0x00005414
-#line 152
+#line 151
   0x0000540e 0x0000540b 0x00005410 0x0000540f
-#line 152
+#line 151
 } };
 
 # Access to /data/media.
@@ -56508,33 +55494,33 @@
 allow mediaserver vendor_overlay_file:file { read getattr map };
 
 
-#line 178
+#line 177
 typeattribute mediaserver halclientdomain;
-#line 178
+#line 177
 typeattribute mediaserver hal_allocator_client;
-#line 178
+#line 177
 
-#line 178
+#line 177
 # TODO(b/34170079): Make the inclusion of the rules below conditional also on
-#line 178
+#line 177
 # non-Treble devices. For now, on non-Treble device, always grant clients of a
-#line 178
+#line 177
 # HAL sufficient access to run the HAL in passthrough mode (i.e., in-process).
-#line 178
+#line 177
 
-#line 178
+#line 177
 typeattribute mediaserver hal_allocator;
-#line 178
+#line 177
 # Find passthrough HAL implementations
-#line 178
+#line 177
 allow hal_allocator system_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 178
+#line 177
 allow hal_allocator vendor_file:dir { open getattr read search ioctl lock watch watch_reads };
-#line 178
+#line 177
 allow hal_allocator vendor_file:file { read open getattr execute map };
-#line 178
+#line 177
 
-#line 178
+#line 177
 
 
 ###
@@ -56547,59 +55533,59 @@
 
 # do not allow privileged socket ioctl commands
 neverallowxperm mediaserver domain:{ rawip_socket tcp_socket udp_socket } ioctl 
-#line 189
+#line 188
 {
-#line 189
+#line 188
 # qualcomm rmnet ioctls
-#line 189
+#line 188
 0x00006900 0x00006902
-#line 189
+#line 188
 # socket ioctls
-#line 189
+#line 188
 0x0000890b 0x0000890c 0x0000890d 0x00008911 0x00008914 0x00008916
-#line 189
+#line 188
 0x00008918 0x0000891a 0x0000891c 0x0000891d 0x0000891e 0x0000891f
-#line 189
+#line 188
 0x00008920 0x00008922 0x00008923 0x00008924 0x00008925 0x00008926
-#line 189
+#line 188
 0x00008927 0x00008929 0x00008930 0x00008931 0x00008932
-#line 189
+#line 188
 0x00008934 0x00008935 0x00008936 0x00008937 0x00008939 0x00008940 0x00008941
-#line 189
+#line 188
 0x00008943 0x00008946 0x00008947 0x00008948 0x00008949 0x0000894a
-#line 189
+#line 188
 0x0000894b 0x00008953 0x00008954 0x00008955 0x00008960 0x00008961 0x00008962 0x00008970
-#line 189
+#line 188
 0x00008971 0x00008980 0x00008981 0x00008982 0x00008983 0x00008990
-#line 189
+#line 188
 0x00008991 0x00008992 0x00008993 0x00008994
-#line 189
+#line 188
 0x00008995 0x000089a0 0x000089a1 0x000089a2 0x000089a3 0x000089b0
-#line 189
+#line 188
 # device and protocol specific ioctls
-#line 189
+#line 188
 0x000089f0-0x000089ff
-#line 189
+#line 188
 0x000089e0-0x000089ef
-#line 189
+#line 188
 # Wireless extension ioctls
-#line 189
+#line 188
 0x00008b00 0x00008b02 0x00008b04 0x00008b06 0x00008b08 0x00008b0a
-#line 189
+#line 188
 0x00008b0c 0x00008b0e 0x00008b10 0x00008b14 0x00008b15 0x00008b16 0x00008b17
-#line 189
+#line 188
 0x00008b18 0x00008b19 0x00008b1a 0x00008b1b 0x00008b1c 0x00008b1d
-#line 189
+#line 188
 0x00008b20 0x00008b22 0x00008b24 0x00008b26 0x00008b28 0x00008b2a
-#line 189
+#line 188
 0x00008b2b 0x00008b2c 0x00008b30 0x00008b31 0x00008b32 0x00008b33
-#line 189
+#line 188
 0x00008b34 0x00008b35 0x00008b36
-#line 189
+#line 188
 # Dev private ioctl i.e. hardware specific ioctls
-#line 189
+#line 188
 0x00008be0-0x00008bff
-#line 189
+#line 188
 };
 #line 1 "system/sepolicy/private/mediaswcodec.te"
 typeattribute mediaswcodec coredomain;
@@ -56903,14 +55889,6 @@
 #line 10
 allow servicemanager mediatranscoding:binder { call transfer };
 #line 10
-# servicemanager performs getpidcon on clients.
-#line 10
-allow servicemanager mediatranscoding:dir search;
-#line 10
-allow servicemanager mediatranscoding:file { read open };
-#line 10
-allow servicemanager mediatranscoding:process getattr;
-#line 10
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 10
 # all domains in domain.te.
@@ -57254,14 +56232,6 @@
 #line 10
 allow servicemanager mediatuner:binder { call transfer };
 #line 10
-# servicemanager performs getpidcon on clients.
-#line 10
-allow servicemanager mediatuner:dir search;
-#line 10
-allow servicemanager mediatuner:file { read open };
-#line 10
-allow servicemanager mediatuner:process getattr;
-#line 10
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 10
 # all domains in domain.te.
@@ -57484,213 +56454,7 @@
 
 #line 26
 
-#line 1 "system/sepolicy/private/microfuchsiad.te"
-
-#line 1
-    type microfuchsiad, domain, coredomain;
-#line 1
-    type microfuchsiad_exec, system_file_type, exec_type, file_type;
-#line 1
-
-#line 1
-    # Host dynamic AIDL services
-#line 1
-    
-#line 1
-
-#line 1
-# Allow the necessary permissions.
-#line 1
-
-#line 1
-# Old domain may exec the file and transition to the new domain.
-#line 1
-allow init microfuchsiad_exec:file { getattr open read execute map };
-#line 1
-allow init microfuchsiad:process transition;
-#line 1
-# New domain is entered by executing the file.
-#line 1
-allow microfuchsiad microfuchsiad_exec:file { entrypoint open read execute getattr map };
-#line 1
-# New domain can send SIGCHLD to its caller.
-#line 1
-
-#line 1
-# Enable AT_SECURE, i.e. libc secure mode.
-#line 1
-dontaudit init microfuchsiad:process noatsecure;
-#line 1
-# XXX dontaudit candidate but requires further study.
-#line 1
-allow init microfuchsiad:process { siginh rlimitinh };
-#line 1
-
-#line 1
-# Make the transition occur by default.
-#line 1
-type_transition init microfuchsiad_exec:process microfuchsiad;
-#line 1
-
-#line 1
-
-#line 1
-    
-#line 1
-# Call the servicemanager and transfer references to it.
-#line 1
-allow microfuchsiad servicemanager:binder { call transfer };
-#line 1
-# Allow servicemanager to send out callbacks
-#line 1
-allow servicemanager microfuchsiad:binder { call transfer };
-#line 1
-# servicemanager performs getpidcon on clients.
-#line 1
-allow servicemanager microfuchsiad:dir search;
-#line 1
-allow servicemanager microfuchsiad:file { read open };
-#line 1
-allow servicemanager microfuchsiad:process getattr;
-#line 1
-# rw access to /dev/binder and /dev/ashmem is presently granted to
-#line 1
-# all domains in domain.te.
-#line 1
-
-#line 1
-    
-#line 1
-  allow microfuchsiad microfuchsia_service:service_manager { add find };
-#line 1
-  neverallow { domain -microfuchsiad } microfuchsia_service:service_manager add;
-#line 1
-
-#line 1
-  # On debug builds with root, allow binder services to use binder over TCP.
-#line 1
-  # Not using rw_socket_perms_no_ioctl to avoid granting too many permissions.
-#line 1
-  
-#line 1
-
-#line 1
-
-#line 1
-    # Call back into system server
-#line 1
-    
-#line 1
-# Call the server domain and optionally transfer references to it.
-#line 1
-allow microfuchsiad system_server:binder { call transfer };
-#line 1
-# Allow the serverdomain to transfer references to the client on the reply.
-#line 1
-allow system_server microfuchsiad:binder transfer;
-#line 1
-# Receive and use open files from the server.
-#line 1
-allow microfuchsiad system_server:fd use;
-#line 1
-
-#line 1
-
-#line 1
-    # Start a VM
-#line 1
-    
-#line 1
-# Transition to virtualizationmanager when the client executes it.
-#line 1
-
-#line 1
-# Allow the necessary permissions.
-#line 1
-
-#line 1
-# Old domain may exec the file and transition to the new domain.
-#line 1
-allow microfuchsiad virtualizationmanager_exec:file { getattr open read execute map };
-#line 1
-allow microfuchsiad virtualizationmanager:process transition;
-#line 1
-# New domain is entered by executing the file.
-#line 1
-allow virtualizationmanager virtualizationmanager_exec:file { entrypoint open read execute getattr map };
-#line 1
-# New domain can send SIGCHLD to its caller.
-#line 1
-allow virtualizationmanager microfuchsiad:process sigchld;
-#line 1
-# Enable AT_SECURE, i.e. libc secure mode.
-#line 1
-dontaudit microfuchsiad virtualizationmanager:process noatsecure;
-#line 1
-# XXX dontaudit candidate but requires further study.
-#line 1
-allow microfuchsiad virtualizationmanager:process { siginh rlimitinh };
-#line 1
-
-#line 1
-# Make the transition occur by default.
-#line 1
-type_transition microfuchsiad virtualizationmanager_exec:process virtualizationmanager;
-#line 1
-
-#line 1
-# Allow virtualizationmanager to communicate over UDS with the client.
-#line 1
-allow { virtualizationmanager crosvm } microfuchsiad:unix_stream_socket { ioctl getattr read write };
-#line 1
-# Let the client pass file descriptors to virtualizationmanager and on to crosvm.
-#line 1
-allow { virtualizationmanager crosvm } microfuchsiad:fd use;
-#line 1
-# Let the client use file descriptors created by virtualizationmanager.
-#line 1
-allow microfuchsiad virtualizationmanager:fd use;
-#line 1
-# Allow piping console log to the client
-#line 1
-allow { virtualizationmanager crosvm } microfuchsiad:fifo_file { ioctl getattr read write };
-#line 1
-# Allow client to read/write vsock created by virtualizationmanager to communicate with the VM
-#line 1
-# that it created. Notice that we do not grant permission to create a vsock;
-#line 1
-# the client can only connect to VMs that it owns.
-#line 1
-allow microfuchsiad virtualizationmanager:vsock_socket { getattr getopt read write };
-#line 1
-# Allow client to inspect hypervisor capabilities
-#line 1
-
-#line 1
-allow microfuchsiad hypervisor_prop:file { getattr open read map };
-#line 1
-
-#line 1
-# Allow client to read (but not open) the crashdump provided by virtualizationmanager
-#line 1
-allow microfuchsiad virtualizationservice_data_file:file { getattr read };
-#line 1
-# Allow virtualizationmanager to read the path of the client using /proc/{PID}/exe
-#line 1
-allow virtualizationmanager microfuchsiad:dir search;
-#line 1
-allow virtualizationmanager microfuchsiad:file read;
-#line 1
-allow virtualizationmanager microfuchsiad:lnk_file read;
-#line 1
-
-#line 1
-
-#line 1
-    # Create pty devices
-#line 1
-    allow microfuchsiad devpts:chr_file { read write open getattr ioctl };
-#line 18
+#line 18 "system/sepolicy/private/microfuchsiad.te"
 
 #line 1 "system/sepolicy/private/migrate_legacy_obb_data.te"
 type migrate_legacy_obb_data, domain, coredomain;
@@ -57817,7 +56581,7 @@
 } {
   app_data_file
   privapp_data_file
-  storage_area_content_file
+  
 }:file ~{ read write map getattr ioctl lock append };
 
 neverallow {
@@ -57827,24 +56591,9 @@
 } {
   app_data_file
   privapp_data_file
-  storage_area_content_file
+  
 }:dir ~{ read getattr search };
 
-
-#line 27
-  neverallow {
-#line 27
-    mlstrustedsubject
-#line 27
-    -artd # compile secondary dex files
-#line 27
-    -installd
-#line 27
-    -vold # encryption of storage areas
-#line 27
-    -vold_prepare_subdirs # creation of storage area directories
-#line 27
-  } { storage_area_dir storage_area_app_dir }:dir ~{ read getattr search };
 #line 35
 
 
@@ -57859,32 +56608,9 @@
 } {
   app_data_file
   privapp_data_file
-  storage_area_content_file
+  
 }:dir { read getattr search };
 
-
-#line 51
-  neverallow {
-#line 51
-    mlstrustedsubject
-#line 51
-    -artd # compile secondary dex files
-#line 51
-    -installd
-#line 51
-    -system_server
-#line 51
-    -adbd
-#line 51
-    -runas
-#line 51
-    -vold # encryption of storage area directories
-#line 51
-    -vold_prepare_subdirs # creation of storage area directories
-#line 51
-    -zygote
-#line 51
-  } { storage_area_dir storage_area_app_dir }:dir { read getattr search };
 #line 63
 
 #line 1 "system/sepolicy/private/mm_events.te"
@@ -58096,14 +56822,6 @@
 #line 16
 allow servicemanager mmd:binder { call transfer };
 #line 16
-# servicemanager performs getpidcon on clients.
-#line 16
-allow servicemanager mmd:dir search;
-#line 16
-allow servicemanager mmd:file { read open };
-#line 16
-allow servicemanager mmd:process getattr;
-#line 16
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 16
 # all domains in domain.te.
@@ -58654,14 +57372,6 @@
 #line 115
 allow servicemanager netd:binder { call transfer };
 #line 115
-# servicemanager performs getpidcon on clients.
-#line 115
-allow servicemanager netd:dir search;
-#line 115
-allow servicemanager netd:file { read open };
-#line 115
-allow servicemanager netd:process getattr;
-#line 115
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 115
 # all domains in domain.te.
@@ -58754,14 +57464,6 @@
 #line 143
 allow hwservicemanager netd:binder { call transfer };
 #line 143
-# hwservicemanager performs getpidcon on clients.
-#line 143
-allow hwservicemanager netd:dir search;
-#line 143
-allow hwservicemanager netd:file { read open map };
-#line 143
-allow hwservicemanager netd:process getattr;
-#line 143
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 143
 # all domains in domain.te.
@@ -58915,14 +57617,6 @@
 #line 22
 allow servicemanager netutils_wrapper:binder { call transfer };
 #line 22
-# servicemanager performs getpidcon on clients.
-#line 22
-allow servicemanager netutils_wrapper:dir search;
-#line 22
-allow servicemanager netutils_wrapper:file { read open };
-#line 22
-allow servicemanager netutils_wrapper:process getattr;
-#line 22
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 22
 # all domains in domain.te.
@@ -59781,14 +58475,6 @@
 #line 29
 allow servicemanager odsign:binder { call transfer };
 #line 29
-# servicemanager performs getpidcon on clients.
-#line 29
-allow servicemanager odsign:dir search;
-#line 29
-allow servicemanager odsign:file { read open };
-#line 29
-allow servicemanager odsign:process getattr;
-#line 29
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 29
 # all domains in domain.te.
@@ -59798,12 +58484,6 @@
 # talk to keystore specifically
 
 #line 32
-  allow keystore odsign:dir search;
-#line 32
-  allow keystore odsign:file { read open };
-#line 32
-  allow keystore odsign:process getattr;
-#line 32
   allow odsign apc_service:service_manager find;
 #line 32
   allow odsign keystore_service:service_manager find;
@@ -60135,14 +58815,6 @@
 #line 35
 allow servicemanager ot_daemon:binder { call transfer };
 #line 35
-# servicemanager performs getpidcon on clients.
-#line 35
-allow servicemanager ot_daemon:dir search;
-#line 35
-allow servicemanager ot_daemon:file { read open };
-#line 35
-allow servicemanager ot_daemon:process getattr;
-#line 35
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 35
 # all domains in domain.te.
@@ -60609,14 +59281,6 @@
 #line 35
 allow servicemanager perfetto:binder { call transfer };
 #line 35
-# servicemanager performs getpidcon on clients.
-#line 35
-allow servicemanager perfetto:dir search;
-#line 35
-allow servicemanager perfetto:file { read open };
-#line 35
-allow servicemanager perfetto:process getattr;
-#line 35
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 35
 # all domains in domain.te.
@@ -60845,14 +59509,6 @@
 #line 6
 allow servicemanager performanced:binder { call transfer };
 #line 6
-# servicemanager performs getpidcon on clients.
-#line 6
-allow servicemanager performanced:dir search;
-#line 6
-allow servicemanager performanced:file { read open };
-#line 6
-allow servicemanager performanced:process getattr;
-#line 6
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 6
 # all domains in domain.te.
@@ -61501,14 +60157,6 @@
 #line 36
 allow servicemanager postinstall:binder { call transfer };
 #line 36
-# servicemanager performs getpidcon on clients.
-#line 36
-allow servicemanager postinstall:dir search;
-#line 36
-allow servicemanager postinstall:file { read open };
-#line 36
-allow servicemanager postinstall:process getattr;
-#line 36
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 36
 # all domains in domain.te.
@@ -64660,130 +63308,130 @@
   neverallow { domain -init -vendor_init } avf_virtualizationservice_prop:property_service set;
 #line 115
 
+#line 118
 
-#line 116
+
+#line 119
   
-#line 116
+#line 119
   type high_barometer_quality_prop, property_type, system_property_type, system_public_property_type;
-#line 116
+#line 119
 
-#line 116
+#line 119
   
-#line 116
+#line 119
 
-#line 116
+#line 119
 allow vendor_init property_socket:sock_file write;
-#line 116
+#line 119
 allow vendor_init init:unix_stream_socket connectto;
-#line 116
+#line 119
 
-#line 116
+#line 119
 allow vendor_init high_barometer_quality_prop:property_service set;
-#line 116
+#line 119
 
-#line 116
+#line 119
 allow vendor_init high_barometer_quality_prop:file { getattr open read map };
-#line 116
+#line 119
 
-#line 116
+#line 119
 
-#line 116
+#line 119
   neverallow { domain -init -vendor_init } high_barometer_quality_prop:property_service set;
-#line 116
+#line 119
 
 
-#line 117
+#line 120
   
-#line 117
+#line 120
   type mmd_prop, property_type, system_property_type, system_public_property_type;
-#line 117
+#line 120
 
-#line 117
+#line 120
   
-#line 117
+#line 120
 
-#line 117
+#line 120
 allow vendor_init property_socket:sock_file write;
-#line 117
+#line 120
 allow vendor_init init:unix_stream_socket connectto;
-#line 117
+#line 120
 
-#line 117
+#line 120
 allow vendor_init mmd_prop:property_service set;
-#line 117
+#line 120
 
-#line 117
+#line 120
 allow vendor_init mmd_prop:file { getattr open read map };
-#line 117
+#line 120
 
-#line 117
+#line 120
 
-#line 117
+#line 120
   neverallow { domain -init -vendor_init } mmd_prop:property_service set;
-#line 117
+#line 120
 
 
-#line 118
+#line 121
   
-#line 118
+#line 121
   type mmd_shared_prop, property_type, system_property_type, system_public_property_type;
-#line 118
+#line 121
 
-#line 118
+#line 121
   
-#line 118
+#line 121
 
-#line 118
+#line 121
 allow vendor_init property_socket:sock_file write;
-#line 118
+#line 121
 allow vendor_init init:unix_stream_socket connectto;
-#line 118
+#line 121
 
-#line 118
+#line 121
 allow vendor_init mmd_shared_prop:property_service set;
-#line 118
+#line 121
 
-#line 118
+#line 121
 allow vendor_init mmd_shared_prop:file { getattr open read map };
-#line 118
+#line 121
 
-#line 118
+#line 121
 
-#line 118
+#line 121
   neverallow { domain -init -vendor_init } mmd_shared_prop:property_service set;
-#line 118
+#line 121
 
 
-#line 119
+#line 122
   
-#line 119
+#line 122
   type prefetch_boot_prop, property_type, system_property_type, system_public_property_type;
-#line 119
+#line 122
 
-#line 119
+#line 122
   
-#line 119
+#line 122
 
-#line 119
+#line 122
 allow vendor_init property_socket:sock_file write;
-#line 119
+#line 122
 allow vendor_init init:unix_stream_socket connectto;
-#line 119
+#line 122
 
-#line 119
+#line 122
 allow vendor_init prefetch_boot_prop:property_service set;
-#line 119
+#line 122
 
-#line 119
+#line 122
 allow vendor_init prefetch_boot_prop:file { getattr open read map };
-#line 119
+#line 122
 
-#line 119
+#line 122
 
-#line 119
+#line 122
   neverallow { domain -init -vendor_init } prefetch_boot_prop:property_service set;
-#line 119
-
 #line 122
 
 
@@ -66132,14 +64780,6 @@
 #line 63
 allow hwservicemanager radio:binder { call transfer };
 #line 63
-# hwservicemanager performs getpidcon on clients.
-#line 63
-allow hwservicemanager radio:dir search;
-#line 63
-allow hwservicemanager radio:file { read open map };
-#line 63
-allow hwservicemanager radio:process getattr;
-#line 63
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 63
 # all domains in domain.te.
@@ -66395,14 +65035,6 @@
 #line 5
 allow servicemanager remote_provisioning_service_server:binder { call transfer };
 #line 5
-# servicemanager performs getpidcon on clients.
-#line 5
-allow servicemanager remote_provisioning_service_server:dir search;
-#line 5
-allow servicemanager remote_provisioning_service_server:file { read open };
-#line 5
-allow servicemanager remote_provisioning_service_server:process getattr;
-#line 5
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 5
 # all domains in domain.te.
@@ -66474,14 +65106,6 @@
 #line 8
 allow servicemanager rkp_cert_processor:binder { call transfer };
 #line 8
-# servicemanager performs getpidcon on clients.
-#line 8
-allow servicemanager rkp_cert_processor:dir search;
-#line 8
-allow servicemanager rkp_cert_processor:file { read open };
-#line 8
-allow servicemanager rkp_cert_processor:process getattr;
-#line 8
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 8
 # all domains in domain.te.
@@ -66545,14 +65169,6 @@
 #line 7
 allow servicemanager rkpd:binder { call transfer };
 #line 7
-# servicemanager performs getpidcon on clients.
-#line 7
-allow servicemanager rkpd:dir search;
-#line 7
-allow servicemanager rkpd:file { read open };
-#line 7
-allow servicemanager rkpd:process getattr;
-#line 7
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 7
 # all domains in domain.te.
@@ -67907,6 +66523,9 @@
 
 #line 42
 
+
+#line 43
+    type supervision_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 #line 45
 
 type tracingproxy_service,          system_server_service, service_manager_type;
@@ -67930,9 +66549,6 @@
     type vmnic_service,        service_manager_type;
 #line 59
 
-
-#line 60
-    type microfuchsia_service,          service_manager_type;
 #line 62
 
 
@@ -69733,14 +68349,6 @@
 #line 385
 allow hwservicemanager shell:binder { call transfer };
 #line 385
-# hwservicemanager performs getpidcon on clients.
-#line 385
-allow hwservicemanager shell:dir search;
-#line 385
-allow hwservicemanager shell:file { read open map };
-#line 385
-allow hwservicemanager shell:process getattr;
-#line 385
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 385
 # all domains in domain.te.
@@ -70434,14 +69042,6 @@
 #line 4
 allow hwservicemanager slideshow:binder { call transfer };
 #line 4
-# hwservicemanager performs getpidcon on clients.
-#line 4
-allow hwservicemanager slideshow:dir search;
-#line 4
-allow hwservicemanager slideshow:file { read open map };
-#line 4
-allow hwservicemanager slideshow:process getattr;
-#line 4
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 4
 # all domains in domain.te.
@@ -70470,14 +69070,6 @@
 #line 4
 allow servicemanager slideshow:binder { call transfer };
 #line 4
-# servicemanager performs getpidcon on clients.
-#line 4
-allow servicemanager slideshow:dir search;
-#line 4
-allow servicemanager slideshow:file { read open };
-#line 4
-allow servicemanager slideshow:process getattr;
-#line 4
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 4
 # all domains in domain.te.
@@ -70569,14 +69161,6 @@
 #line 11
 allow servicemanager snapshotctl:binder { call transfer };
 #line 11
-# servicemanager performs getpidcon on clients.
-#line 11
-allow servicemanager snapshotctl:dir search;
-#line 11
-allow servicemanager snapshotctl:file { read open };
-#line 11
-allow servicemanager snapshotctl:process getattr;
-#line 11
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 11
 # all domains in domain.te.
@@ -70635,14 +69219,6 @@
 #line 35
 allow hwservicemanager snapshotctl:binder { call transfer };
 #line 35
-# hwservicemanager performs getpidcon on clients.
-#line 35
-allow hwservicemanager snapshotctl:dir search;
-#line 35
-allow hwservicemanager snapshotctl:file { read open map };
-#line 35
-allow hwservicemanager snapshotctl:process getattr;
-#line 35
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 35
 # all domains in domain.te.
@@ -70967,14 +69543,6 @@
 #line 21
 allow servicemanager stats:binder { call transfer };
 #line 21
-# servicemanager performs getpidcon on clients.
-#line 21
-allow servicemanager stats:dir search;
-#line 21
-allow servicemanager stats:file { read open };
-#line 21
-allow servicemanager stats:process getattr;
-#line 21
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 21
 # all domains in domain.te.
@@ -71072,14 +69640,6 @@
 #line 4
 allow servicemanager stats_service_server:binder { call transfer };
 #line 4
-# servicemanager performs getpidcon on clients.
-#line 4
-allow servicemanager stats_service_server:dir search;
-#line 4
-allow servicemanager stats_service_server:file { read open };
-#line 4
-allow servicemanager stats_service_server:process getattr;
-#line 4
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 4
 # all domains in domain.te.
@@ -71305,14 +69865,6 @@
 #line 50
 allow servicemanager statsd:binder { call transfer };
 #line 50
-# servicemanager performs getpidcon on clients.
-#line 50
-allow servicemanager statsd:dir search;
-#line 50
-allow servicemanager statsd:file { read open };
-#line 50
-allow servicemanager statsd:process getattr;
-#line 50
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 50
 # all domains in domain.te.
@@ -71805,14 +70357,6 @@
 #line 47
 allow servicemanager storaged:binder { call transfer };
 #line 47
-# servicemanager performs getpidcon on clients.
-#line 47
-allow servicemanager storaged:dir search;
-#line 47
-allow servicemanager storaged:file { read open };
-#line 47
-allow servicemanager storaged:process getattr;
-#line 47
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 47
 # all domains in domain.te.
@@ -72135,14 +70679,6 @@
 #line 25
 allow servicemanager surfaceflinger:binder { call transfer };
 #line 25
-# servicemanager performs getpidcon on clients.
-#line 25
-allow servicemanager surfaceflinger:dir search;
-#line 25
-allow servicemanager surfaceflinger:file { read open };
-#line 25
-allow servicemanager surfaceflinger:process getattr;
-#line 25
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 25
 # all domains in domain.te.
@@ -73414,14 +71950,6 @@
 #line 91
 allow servicemanager system_app:binder { call transfer };
 #line 91
-# servicemanager performs getpidcon on clients.
-#line 91
-allow servicemanager system_app:dir search;
-#line 91
-allow servicemanager system_app:file { read open };
-#line 91
-allow servicemanager system_app:process getattr;
-#line 91
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 91
 # all domains in domain.te.
@@ -74040,14 +72568,6 @@
 #line 288
 allow servicemanager system_server:binder { call transfer };
 #line 288
-# servicemanager performs getpidcon on clients.
-#line 288
-allow servicemanager system_server:dir search;
-#line 288
-allow servicemanager system_server:file { read open };
-#line 288
-allow servicemanager system_server:process getattr;
-#line 288
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 288
 # all domains in domain.te.
@@ -78953,14 +77473,6 @@
 #line 1497
 allow hwservicemanager system_server:binder { call transfer };
 #line 1497
-# hwservicemanager performs getpidcon on clients.
-#line 1497
-allow hwservicemanager system_server:dir search;
-#line 1497
-allow hwservicemanager system_server:file { read open map };
-#line 1497
-allow hwservicemanager system_server:process getattr;
-#line 1497
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 1497
 # all domains in domain.te.
@@ -78989,14 +77501,6 @@
 #line 1497
 allow servicemanager system_server:binder { call transfer };
 #line 1497
-# servicemanager performs getpidcon on clients.
-#line 1497
-allow servicemanager system_server:dir search;
-#line 1497
-allow servicemanager system_server:file { read open };
-#line 1497
-allow servicemanager system_server:process getattr;
-#line 1497
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 1497
 # all domains in domain.te.
@@ -79437,14 +77941,6 @@
 #line 7
 allow servicemanager system_suspend:binder { call transfer };
 #line 7
-# servicemanager performs getpidcon on clients.
-#line 7
-allow servicemanager system_suspend:dir search;
-#line 7
-allow servicemanager system_suspend:file { read open };
-#line 7
-allow servicemanager system_suspend:process getattr;
-#line 7
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 7
 # all domains in domain.te.
@@ -79587,14 +78083,6 @@
 #line 2
 allow hwservicemanager system_suspend_server:binder { call transfer };
 #line 2
-# hwservicemanager performs getpidcon on clients.
-#line 2
-allow hwservicemanager system_suspend_server:dir search;
-#line 2
-allow hwservicemanager system_suspend_server:file { read open map };
-#line 2
-allow hwservicemanager system_suspend_server:process getattr;
-#line 2
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 2
 # all domains in domain.te.
@@ -79887,14 +78375,6 @@
 #line 36
 allow servicemanager traced:binder { call transfer };
 #line 36
-# servicemanager performs getpidcon on clients.
-#line 36
-allow servicemanager traced:dir search;
-#line 36
-allow servicemanager traced:file { read open };
-#line 36
-allow servicemanager traced:process getattr;
-#line 36
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 36
 # all domains in domain.te.
@@ -82497,14 +80977,6 @@
 #line 40
 allow servicemanager update_engine:binder { call transfer };
 #line 40
-# servicemanager performs getpidcon on clients.
-#line 40
-allow servicemanager update_engine:dir search;
-#line 40
-allow servicemanager update_engine:file { read open };
-#line 40
-allow servicemanager update_engine:process getattr;
-#line 40
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 40
 # all domains in domain.te.
@@ -82603,14 +81075,6 @@
 #line 56
 allow hwservicemanager update_engine:binder { call transfer };
 #line 56
-# hwservicemanager performs getpidcon on clients.
-#line 56
-allow hwservicemanager update_engine:dir search;
-#line 56
-allow hwservicemanager update_engine:file { read open map };
-#line 56
-allow hwservicemanager update_engine:process getattr;
-#line 56
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 56
 # all domains in domain.te.
@@ -82639,14 +81103,6 @@
 #line 56
 allow servicemanager update_engine:binder { call transfer };
 #line 56
-# servicemanager performs getpidcon on clients.
-#line 56
-allow servicemanager update_engine:dir search;
-#line 56
-allow servicemanager update_engine:file { read open };
-#line 56
-allow servicemanager update_engine:process getattr;
-#line 56
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 56
 # all domains in domain.te.
@@ -82678,14 +81134,6 @@
 #line 71
 allow servicemanager update_engine:binder { call transfer };
 #line 71
-# servicemanager performs getpidcon on clients.
-#line 71
-allow servicemanager update_engine:dir search;
-#line 71
-allow servicemanager update_engine:file { read open };
-#line 71
-allow servicemanager update_engine:process getattr;
-#line 71
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 71
 # all domains in domain.te.
@@ -83317,14 +81765,6 @@
 #line 25
 allow servicemanager uprobestats:binder { call transfer };
 #line 25
-# servicemanager performs getpidcon on clients.
-#line 25
-allow servicemanager uprobestats:dir search;
-#line 25
-allow servicemanager uprobestats:file { read open };
-#line 25
-allow servicemanager uprobestats:process getattr;
-#line 25
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 25
 # all domains in domain.te.
@@ -83566,14 +82006,6 @@
 #line 15
 allow servicemanager vdc:binder { call transfer };
 #line 15
-# servicemanager performs getpidcon on clients.
-#line 15
-allow servicemanager vdc:dir search;
-#line 15
-allow servicemanager vdc:file { read open };
-#line 15
-allow servicemanager vdc:process getattr;
-#line 15
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 15
 # all domains in domain.te.
@@ -83655,14 +82087,6 @@
 #line 12
 allow hwservicemanager vehicle_binding_util:binder { call transfer };
 #line 12
-# hwservicemanager performs getpidcon on clients.
-#line 12
-allow hwservicemanager vehicle_binding_util:dir search;
-#line 12
-allow hwservicemanager vehicle_binding_util:file { read open map };
-#line 12
-allow hwservicemanager vehicle_binding_util:process getattr;
-#line 12
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 12
 # all domains in domain.te.
@@ -83679,14 +82103,6 @@
 #line 14
 allow servicemanager vehicle_binding_util:binder { call transfer };
 #line 14
-# servicemanager performs getpidcon on clients.
-#line 14
-allow servicemanager vehicle_binding_util:dir search;
-#line 14
-allow servicemanager vehicle_binding_util:file { read open };
-#line 14
-allow servicemanager vehicle_binding_util:process getattr;
-#line 14
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 14
 # all domains in domain.te.
@@ -85241,14 +83657,6 @@
 #line 1
 allow servicemanager vfio_handler:binder { call transfer };
 #line 1
-# servicemanager performs getpidcon on clients.
-#line 1
-allow servicemanager vfio_handler:dir search;
-#line 1
-allow servicemanager vfio_handler:file { read open };
-#line 1
-allow servicemanager vfio_handler:process getattr;
-#line 1
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 1
 # all domains in domain.te.
@@ -85354,14 +83762,6 @@
 #line 14
 allow servicemanager virtual_camera:binder { call transfer };
 #line 14
-# servicemanager performs getpidcon on clients.
-#line 14
-allow servicemanager virtual_camera:dir search;
-#line 14
-allow servicemanager virtual_camera:file { read open };
-#line 14
-allow servicemanager virtual_camera:process getattr;
-#line 14
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 14
 # all domains in domain.te.
@@ -85791,14 +84191,6 @@
 #line 5
 allow servicemanager virtual_touchpad:binder { call transfer };
 #line 5
-# servicemanager performs getpidcon on clients.
-#line 5
-allow servicemanager virtual_touchpad:dir search;
-#line 5
-allow servicemanager virtual_touchpad:file { read open };
-#line 5
-allow servicemanager virtual_touchpad:process getattr;
-#line 5
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 5
 # all domains in domain.te.
@@ -85869,14 +84261,6 @@
 #line 14
 allow servicemanager virtualizationmanager:binder { call transfer };
 #line 14
-# servicemanager performs getpidcon on clients.
-#line 14
-allow servicemanager virtualizationmanager:dir search;
-#line 14
-allow servicemanager virtualizationmanager:file { read open };
-#line 14
-allow servicemanager virtualizationmanager:process getattr;
-#line 14
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 14
 # all domains in domain.te.
@@ -86244,14 +84628,6 @@
 #line 13
 allow servicemanager virtualizationservice:binder { call transfer };
 #line 13
-# servicemanager performs getpidcon on clients.
-#line 13
-allow servicemanager virtualizationservice:dir search;
-#line 13
-allow servicemanager virtualizationservice:file { read open };
-#line 13
-allow servicemanager virtualizationservice:process getattr;
-#line 13
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 13
 # all domains in domain.te.
@@ -86949,14 +85325,6 @@
 #line 1
 allow servicemanager vmnic:binder { call transfer };
 #line 1
-# servicemanager performs getpidcon on clients.
-#line 1
-allow servicemanager vmnic:dir search;
-#line 1
-allow servicemanager vmnic:file { read open };
-#line 1
-allow servicemanager vmnic:process getattr;
-#line 1
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 1
 # all domains in domain.te.
@@ -87481,35 +85849,11 @@
 allow vold keystore:keystore2 early_boot_ended;
 allow vold keystore:keystore2 delete_all_keys;
 
-
-#line 65
-    allow vold storage_area_app_dir:dir search;
-#line 65
-    # Allow vold to get the encryption policy and
-#line 65
-    # verify the ownership of storage areas
-#line 65
-    allow vold storage_area_dir:dir {
-#line 65
-        read
-#line 65
-        open
-#line 65
-        getattr
-#line 65
-        ioctl
-#line 65
-    };
 #line 75
 
 
 # when a storage area is created (with `openStorageArea`), vold creates the key
 # and when a storage area is deleted (with `deleteStorageArea`), vold deletes the key
-
-#line 79
-  allow vold storage_area_key_file:file { create rename setattr unlink { { getattr open read ioctl lock map watch watch_reads } { open append write lock map } } };
-#line 79
-  allow vold storage_area_key_file:dir { create reparent rename rmdir setattr { { open getattr read search ioctl lock watch watch_reads } { open search write add_name remove_name lock } } };
 #line 82
 
 
@@ -87601,7 +85945,7 @@
 allowxperm vold {
   vold_data_file
   vold_metadata_file
-  storage_area_key_file
+  
 }:file ioctl {
   0xf514
   0xc020660b
@@ -87785,14 +86129,6 @@
 #line 292
 allow hwservicemanager vold:binder { call transfer };
 #line 292
-# hwservicemanager performs getpidcon on clients.
-#line 292
-allow hwservicemanager vold:dir search;
-#line 292
-allow hwservicemanager vold:file { read open map };
-#line 292
-allow hwservicemanager vold:process getattr;
-#line 292
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 292
 # all domains in domain.te.
@@ -87821,14 +86157,6 @@
 #line 292
 allow servicemanager vold:binder { call transfer };
 #line 292
-# servicemanager performs getpidcon on clients.
-#line 292
-allow servicemanager vold:dir search;
-#line 292
-allow servicemanager vold:file { read open };
-#line 292
-allow servicemanager vold:process getattr;
-#line 292
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 292
 # all domains in domain.te.
@@ -87848,14 +86176,6 @@
 #line 295
 allow servicemanager vold:binder { call transfer };
 #line 295
-# servicemanager performs getpidcon on clients.
-#line 295
-allow servicemanager vold:dir search;
-#line 295
-allow servicemanager vold:file { read open };
-#line 295
-allow servicemanager vold:process getattr;
-#line 295
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 295
 # all domains in domain.te.
@@ -88090,7 +86410,7 @@
   -vold
   -init
   -vendor_init
-   -vold_prepare_subdirs 
+  
 } data_file_type:dir ioctl { 0x800c6613 };
 
 # Only vold should ever add/remove file-based encryption keys.
@@ -88224,7 +86544,7 @@
     fingerprint_vendor_data_file
     iris_vendor_data_file
     rollback_data_file
-    storage_area_key_file
+    
     storaged_data_file
     sdk_sandbox_data_file
     sdk_sandbox_system_data_file
@@ -88253,71 +86573,9 @@
 allow vold_prepare_subdirs user_profile_root_file:dir { search getattr relabelfrom relabelto };
 
 # Allow vold_prepare_subdirs to create storage area directories on behalf of apps.
-
-#line 60
-  allow vold_prepare_subdirs {
-#line 60
-      storage_area_dir
-#line 60
-      storage_area_app_dir
-#line 60
-  }:dir {
-#line 60
-      { { open getattr read search ioctl lock watch watch_reads } { open search write add_name remove_name lock } }
-#line 60
-      create
-#line 60
-      setattr # for chown() and chmod()
-#line 60
-      rmdir
-#line 60
-      unlink
-#line 60
-      relabelfrom # setfilecon
-#line 60
-      relabelto # setfilecon
-#line 60
-  };
-#line 60
-
-#line 60
-  # The storage area directories should have type storage_area_dir
-#line 60
-  type_transition vold_prepare_subdirs storage_area_app_dir:dir storage_area_dir;
-#line 60
-
-#line 60
-  
-#line 60
-
-#line 60
-allow vold_prepare_subdirs selinuxfs:dir { open getattr read search ioctl lock watch watch_reads };
-#line 60
-allow vold_prepare_subdirs selinuxfs:{ file lnk_file } { getattr open read ioctl lock map watch watch_reads };
-#line 60
-
-#line 60
-allow vold_prepare_subdirs selinuxfs:file { open append write lock map };
-#line 60
-allow vold_prepare_subdirs kernel:security check_context;
-#line 60
-
-#line 60
-
-#line 60
-  allowxperm vold_prepare_subdirs storage_area_dir:dir ioctl 0x800c6613;
 #line 80
 
 
-
-#line 82
-  neverallowxperm vold_prepare_subdirs {
-#line 82
-    data_file_type
-#line 82
-    -storage_area_dir
-#line 82
-  }:dir ioctl 0x800c6613;
 #line 87
 
 
@@ -88703,14 +86961,6 @@
 #line 4
 allow servicemanager wifi_mainline_supplicant:binder { call transfer };
 #line 4
-# servicemanager performs getpidcon on clients.
-#line 4
-allow servicemanager wifi_mainline_supplicant:dir search;
-#line 4
-allow servicemanager wifi_mainline_supplicant:file { read open };
-#line 4
-allow servicemanager wifi_mainline_supplicant:process getattr;
-#line 4
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 4
 # all domains in domain.te.
@@ -89048,14 +87298,6 @@
 #line 13
 allow servicemanager wificond:binder { call transfer };
 #line 13
-# servicemanager performs getpidcon on clients.
-#line 13
-allow servicemanager wificond:dir search;
-#line 13
-allow servicemanager wificond:file { read open };
-#line 13
-allow servicemanager wificond:process getattr;
-#line 13
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 #line 13
 # all domains in domain.te.
@@ -89173,14 +87415,6 @@
 #line 40
 allow hwservicemanager wificond:binder { call transfer };
 #line 40
-# hwservicemanager performs getpidcon on clients.
-#line 40
-allow hwservicemanager wificond:dir search;
-#line 40
-allow hwservicemanager wificond:file { read open map };
-#line 40
-allow hwservicemanager wificond:process getattr;
-#line 40
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 #line 40
 # all domains in domain.te.
diff --git a/prebuilts/api/202504/202504_plat_sepolicy.cil b/prebuilts/api/202504/202504_plat_sepolicy.cil
index 79f9a23..e2da1c8 100644
--- a/prebuilts/api/202504/202504_plat_sepolicy.cil
+++ b/prebuilts/api/202504/202504_plat_sepolicy.cil
@@ -696,7 +696,7 @@
 (typeattribute bpffs_type)
 (typeattributeset bpffs_type (fs_bpf fs_bpf_tethering fs_bpf_vendor fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_loader fs_bpf_uprobestats fs_bpf_memevents ))
 (typeattribute domain)
-(typeattributeset domain (adbd aidl_lazy_test_server apexd app_zygote artd atrace audioserver blkid blkid_untrusted bluetooth bootanim bootstat bpfloader bufferhubd cameraserver charger charger_vendor crash_dump credstore crosvm dhcp dnsmasq drmserver dumpstate e2fs early_virtmgr ephemeral_app evsmanagerd extra_free_kbytes fastbootd fingerprintd flags_health_check fsck fsck_untrusted gatekeeperd gmscore_app gpuservice healthd heapprofd hwservicemanager idmap incident incident_helper incidentd init inputflinger installd isolated_app isolated_compute_app kernel keystore llkd lmkd logd logpersist mdnsd mediadrmserver mediaextractor mediametrics mediaprovider mediaserver mediaswcodec mediatranscoding modprobe mtp netd netutils_wrapper network_stack nfc perfetto performanced platform_app postinstall ppp priv_app prng_seeder profman radio recovery recovery_persist recovery_refresh rkpdapp rs rss_hwm_reset runas runas_app sdcardd secure_element servicemanager sgdisk shared_relro shell simpleperf simpleperf_app_runner slideshow statsd su surfaceflinger system_app system_server tee tombstoned toolbox traced traced_perf traced_probes traceur_app ueventd uncrypt untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 update_engine update_verifier usbd vdc vendor_init vendor_misc_writer vendor_modprobe vendor_shell virtual_camera virtual_touchpad virtualizationmanager vndservicemanager vold vold_prepare_subdirs watchdogd webview_zygote wificond zygote aconfigd aconfigd_mainline adbd_tradeinmode apex_test_prepostinstall apexd_derive_classpath art_boot art_exec auditctl automotive_display_service bert_collector blank_screen boringssl_self_test vendor_boringssl_self_test canhalconfigurator clatd compos_fd_server compos_verify composd cppreopts derive_classpath derive_sdk device_as_webcam dex2oat dexopt_chroot_setup dmesgd fuseblkd fuseblkd_untrusted fwk_bufferhub gki_apex_prepostinstall gsid hal_allocator_default hal_keymint_system hidl_lazy_test_server iw kcmdlinectrl linkerconfig linux_vm_setup lpdumpd mediaprovider_app mediatuner memcgv2_activation_depth microfuchsiad migrate_legacy_obb_data misctrl mm_events mmd mtectrl odrefresh odsign ot_ctl ot_daemon otapreopt_chroot otapreopt_slot overlay_remounter permissioncontroller_app postinstall_dexopt prefetch preloads_copy preopt2cachename profcollectd remount rkp_cert_processor rkpd sdk_sandbox_34 sdk_sandbox_audit sdk_sandbox_next simpleperf_boot snapshotctl snapuserd stats storaged system_server_startup system_suspend trace_redactor tradeinmode uprobestats vehicle_binding_util vfio_handler virtual_face virtual_fingerprint virtualizationservice vmlauncher_app vmnic vzwomatrigger_app wait_for_keymaster wifi_mainline_supplicant ))
+(typeattributeset domain (adbd aidl_lazy_test_server apexd app_zygote artd atrace audioserver blkid blkid_untrusted bluetooth bootanim bootstat bpfloader bufferhubd cameraserver charger charger_vendor crash_dump credstore crosvm dhcp dnsmasq drmserver dumpstate e2fs early_virtmgr ephemeral_app evsmanagerd extra_free_kbytes fastbootd fingerprintd flags_health_check fsck fsck_untrusted gatekeeperd gmscore_app gpuservice healthd heapprofd hwservicemanager idmap incident incident_helper incidentd init inputflinger installd isolated_app isolated_compute_app kernel keystore llkd lmkd logd logpersist mdnsd mediadrmserver mediaextractor mediametrics mediaprovider mediaserver mediaswcodec mediatranscoding modprobe mtp netd netutils_wrapper network_stack nfc perfetto performanced platform_app postinstall ppp priv_app prng_seeder profman radio recovery recovery_persist recovery_refresh rkpdapp rs rss_hwm_reset runas runas_app sdcardd secure_element servicemanager sgdisk shared_relro shell simpleperf simpleperf_app_runner slideshow statsd su surfaceflinger system_app system_server tee tombstoned toolbox traced traced_perf traced_probes traceur_app ueventd uncrypt untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 update_engine update_verifier usbd vdc vendor_init vendor_misc_writer vendor_modprobe vendor_shell virtual_camera virtual_touchpad virtualizationmanager vndservicemanager vold vold_prepare_subdirs watchdogd webview_zygote wificond zygote aconfigd aconfigd_mainline adbd_tradeinmode apex_test_prepostinstall apexd_derive_classpath art_boot art_exec auditctl automotive_display_service bert_collector blank_screen boringssl_self_test vendor_boringssl_self_test canhalconfigurator clatd compos_fd_server compos_verify composd cppreopts derive_classpath derive_sdk device_as_webcam dex2oat dexopt_chroot_setup dmesgd fuseblkd fuseblkd_untrusted fwk_bufferhub gki_apex_prepostinstall gsid hal_allocator_default hal_keymint_system hidl_lazy_test_server iw kcmdlinectrl linkerconfig linux_vm_setup lpdumpd mediaprovider_app mediatuner memcgv2_activation_depth migrate_legacy_obb_data misctrl mm_events mmd mtectrl odrefresh odsign ot_ctl ot_daemon otapreopt_chroot otapreopt_slot overlay_remounter permissioncontroller_app postinstall_dexopt prefetch preloads_copy preopt2cachename profcollectd remount rkp_cert_processor rkpd sdk_sandbox_34 sdk_sandbox_audit sdk_sandbox_next simpleperf_boot snapshotctl snapuserd stats storaged system_server_startup system_suspend trace_redactor tradeinmode uprobestats vehicle_binding_util vfio_handler virtual_face virtual_fingerprint virtualizationservice vmlauncher_app vmnic vzwomatrigger_app wait_for_keymaster wifi_mainline_supplicant ))
 (typeattribute fs_type)
 (typeattributeset fs_type (device labeledfs pipefs sockfs rootfs proc binderfs binderfs_logs binderfs_logs_proc binderfs_logs_stats binderfs_logs_transactions binderfs_logs_transaction_history binderfs_features proc_security proc_drop_caches proc_overcommit_memory proc_min_free_order_shift proc_kpageflags proc_watermark_boost_factor proc_percpu_pagelist_high_fraction usermodehelper sysfs_usermodehelper proc_qtaguid_ctrl proc_qtaguid_stat proc_bluetooth_writable proc_abi proc_asound proc_bootconfig proc_bpf proc_buddyinfo proc_cgroups proc_cmdline proc_cpu_alignment proc_cpuinfo proc_dirty proc_diskstats proc_extra_free_kbytes proc_filesystems proc_fs_verity proc_hostname proc_hung_task proc_interrupts proc_iomem proc_kallsyms proc_keys proc_kmsg proc_loadavg proc_locks proc_lowmemorykiller proc_max_map_count proc_meminfo proc_misc proc_modules proc_mounts proc_net proc_net_tcp_udp proc_page_cluster proc_pagetypeinfo proc_panic proc_perf proc_pid_max proc_pipe_conf proc_pressure_cpu proc_pressure_io proc_pressure_mem proc_random proc_sched proc_slabinfo proc_stat proc_swaps proc_sysrq proc_timer proc_tty_drivers proc_uid_cputime_showstat proc_uid_cputime_removeuid proc_uid_io_stats proc_uid_procstat_set proc_uid_time_in_state proc_uid_concurrent_active_time proc_uid_concurrent_policy_time proc_uid_cpupower proc_uptime proc_version proc_vmallocinfo proc_vmstat proc_watermark_scale_factor proc_zoneinfo proc_vendor_sched selinuxfs fusectlfs cgroup cgroup_v2 sysfs sysfs_android_usb sysfs_uio sysfs_batteryinfo sysfs_bluetooth_writable sysfs_cma sysfs_devfreq_cur sysfs_devfreq_dir sysfs_devices_block sysfs_dm sysfs_dm_verity sysfs_dma_heap sysfs_dmabuf_stats sysfs_dt_firmware_android sysfs_extcon sysfs_ion sysfs_ipv4 sysfs_kernel_notes sysfs_leds sysfs_loop sysfs_gpu sysfs_hwrandom sysfs_nfc_power_writable sysfs_wake_lock sysfs_net sysfs_power sysfs_rtc sysfs_mem_sleep sysfs_suspend_stats sysfs_switch sysfs_sync_on_suspend sysfs_transparent_hugepage sysfs_lru_gen_enabled sysfs_usb sysfs_wakeup sysfs_wakeup_reasons sysfs_fs_ext4_features sysfs_fs_f2fs sysfs_fs_fuse_bpf sysfs_fs_fuse_features sysfs_fs_incfs_features sysfs_fs_incfs_metrics sysfs_vendor_sched fs_bpf fs_bpf_tethering fs_bpf_vendor configfs sysfs_devices_cs_etm sysfs_devices_system_cpu sysfs_lowmemorykiller sysfs_wlan_fwpath sysfs_vibrator sysfs_uhid sysfs_thermal sysfs_zram sysfs_zram_uevent inotify devpts tmpfs shm mqueue fuse fuseblk sdcardfs vfat exfat debugfs debugfs_kprobes debugfs_mmc debugfs_mm_events_tracing debugfs_trace_marker debugfs_tracing debugfs_tracing_debug debugfs_tracing_instances debugfs_tracing_printk_formats debugfs_wakeup_sources debugfs_wifi_tracing securityfs pstorefs functionfs oemfs usbfs binfmt_miscfs app_fusefs debugfs_bootreceiver_tracing sysfs_udc apexd_devpts proc_allocinfo config_gz fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_loader fs_bpf_uprobestats fs_bpf_memevents debugfs_kcov sysfs_dt_avf proc_dt_avf sysfs_uprobe sysfs_pgsize_migration sysfs_firmware_acpi_tables odsign_devpts priv_app_devpts untrusted_app_all_devpts ))
 (typeattribute contextmount_type)
@@ -704,9 +704,9 @@
 (typeattribute fusefs_type)
 (typeattributeset fusefs_type (fuse fuseblk app_fusefs ))
 (typeattribute file_type)
-(typeattributeset file_type (adbd_exec aidl_lazy_test_server_exec apexd_exec appdomain_tmpfs app_zygote_tmpfs audioserver_tmpfs bootanim_exec bootstat_exec bufferhubd_exec cameraserver_exec cameraserver_tmpfs charger_exec crash_dump_exec credstore_exec dhcp_exec dnsmasq_exec drmserver_exec drmserver_socket dumpstate_exec e2fs_exec early_virtmgr_exec extra_free_kbytes_exec unlabeled system_file system_asan_options_file system_event_log_tags_file system_lib_file system_bootstrap_lib_file system_group_file system_linker_exec system_linker_config_file system_passwd_file system_seccomp_policy_file system_security_cacerts_file tcpdump_exec system_zoneinfo_file cgroup_desc_file vendor_cgroup_desc_file task_profiles_file vendor_task_profiles_file art_apex_dir linkerconfig_file incremental_control_file bootanim_oem_file vendor_hal_file vendor_file vendor_app_file vendor_configs_file same_process_hal_file vndk_sp_file vendor_framework_file vendor_overlay_file vendor_public_lib_file vendor_public_framework_file vendor_microdroid_file vendor_boot_ota_file vendor_keylayout_file vendor_keychars_file vendor_idc_file vendor_uuid_mapping_config_file vendor_vm_file vendor_vm_data_file metadata_file vold_metadata_file gsi_metadata_file gsi_public_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file metadata_bootstat_file userspace_reboot_metadata_file staged_install_file watchdog_metadata_file repair_mode_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file dev_cpu_variant runtime_event_log_tags_file logcat_exec cgroup_rc_file coredump_file system_data_root_file system_data_file system_userdir_file packages_list_file game_mode_intervention_list_file vendor_data_file vendor_userdir_file unencrypted_data_file install_data_file drm_data_file adb_data_file anr_data_file tombstone_data_file tombstone_wifi_data_file apex_data_file apk_data_file apk_tmp_file apk_private_data_file apk_private_tmp_file dalvikcache_data_file ota_data_file ota_package_file user_profile_root_file user_profile_data_file profman_dump_data_file prereboot_data_file resourcecache_data_file shell_data_file property_data_file bootchart_data_file dropbox_data_file heapdump_data_file nativetest_data_file shell_test_data_file ringtone_file preloads_data_file preloads_media_file dhcp_data_file server_configurable_flags_data_file staging_data_file vendor_apex_file vendor_apex_metadata_file shutdown_checkpoints_system_data_file mnt_media_rw_file mnt_user_file mnt_pass_through_file mnt_expand_file mnt_sdcard_file storage_file mnt_media_rw_stub_file storage_stub_file mnt_vendor_file mnt_product_file apex_mnt_dir apex_info_file postinstall_mnt_dir postinstall_file postinstall_apex_mnt_dir mirror_data_file adb_keys_file apex_system_server_data_file apex_module_data_file apex_ota_reserved_file apex_rollback_data_file appcompat_data_file audio_data_file audioserver_data_file bluetooth_data_file bluetooth_logs_data_file bootstat_data_file boottrace_data_file camera_data_file credstore_data_file gatekeeper_data_file incident_data_file keychain_data_file keystore_data_file media_data_file media_rw_data_file media_userdir_file misc_user_data_file net_data_file network_watchlist_data_file nfc_data_file nfc_logs_data_file radio_data_file recovery_data_file shared_relro_file snapshotctl_log_data_file stats_config_data_file stats_data_file systemkeys_data_file textclassifier_data_file trace_data_file vpn_data_file wifi_data_file vold_data_file tee_data_file update_engine_data_file update_engine_log_data_file snapuserd_log_data_file method_trace_data_file gsi_data_file radio_core_data_file app_data_file privapp_data_file system_app_data_file cache_file overlayfs_file cache_backup_file cache_private_backup_file cache_recovery_file efs_file wallpaper_file shortcut_manager_icons icon_file asec_apk_file asec_public_file asec_image_file backup_data_file bluetooth_efs_file fingerprintd_data_file fingerprint_vendor_data_file app_fuse_file face_vendor_data_file iris_vendor_data_file adbd_socket bluetooth_socket dnsproxyd_socket dumpstate_socket fwmarkd_socket lmkd_socket logd_socket logdr_socket logdw_socket mdns_socket mdnsd_socket misc_logd_file mtpd_socket ot_daemon_socket property_socket racoon_socket recovery_socket rild_socket rild_debug_socket snapuserd_socket snapuserd_proxy_socket statsdw_socket system_wpa_socket system_ndebug_socket system_unsolzygote_socket tombstoned_crash_socket tombstoned_java_trace_socket tombstoned_intercept_socket traced_consumer_socket traced_perf_socket traced_producer_socket uncrypt_socket wpa_socket zygote_socket heapprofd_socket gps_control pdx_display_dir pdx_performance_dir pdx_bufferhub_dir pdx_display_client_endpoint_socket pdx_display_manager_endpoint_socket pdx_display_screenshot_endpoint_socket pdx_display_vsync_endpoint_socket pdx_performance_client_endpoint_socket pdx_bufferhub_client_endpoint_socket file_contexts_file mac_perms_file property_contexts_file seapp_contexts_file sepolicy_file service_contexts_file keystore2_key_contexts_file vendor_service_contexts_file hwservice_contexts_file vndservice_contexts_file vendor_kernel_modules system_dlkm_file audiohal_data_file tee_service_contexts_file fingerprintd_exec flags_health_check_exec fsck_exec gatekeeperd_exec hal_graphics_composer_server_tmpfs hwservicemanager_exec idmap_exec init_exec init_tmpfs inputflinger_exec installd_exec keystore_exec llkd_exec lmkd_exec logd_exec mediadrmserver_exec mediaextractor_exec mediaextractor_tmpfs mediametrics_exec mediaserver_exec mediaserver_tmpfs mediaswcodec_exec netd_exec netutils_wrapper_exec performanced_exec profman_exec recovery_persist_exec recovery_refresh_exec rs_exec runas_exec sdcardd_exec servicemanager_exec sgdisk_exec shell_exec simpleperf_app_runner_exec statsd_exec su_exec surfaceflinger_tmpfs system_server_tmpfs tombstoned_exec toolbox_exec traced_tmpfs ueventd_tmpfs uncrypt_exec update_engine_exec update_verifier_exec usbd_exec vdc_exec vendor_misc_writer_exec vendor_shell_exec vendor_toolbox_exec virtual_camera_exec virtual_touchpad_exec virtualizationmanager_exec vold_exec vold_prepare_subdirs_exec watchdogd_exec webview_zygote_exec webview_zygote_tmpfs wificond_exec zygote_tmpfs zygote_exec aconfigd_exec aconfigd_mainline_exec apex_test_prepostinstall_exec art_boot_exec art_exec_exec artd_exec artd_tmpfs atrace_exec audioserver_exec auditctl_exec automotive_display_service_exec bert_collector_exec blank_screen_exec blkid_exec boringssl_self_test_exec vendor_boringssl_self_test_exec boringssl_self_test_marker bpfloader_exec canhalconfigurator_exec clatd_exec compos_verify_exec composd_exec cppreopts_exec crosvm_exec crosvm_tmpfs derive_classpath_exec derive_sdk_exec dex2oat_exec dexopt_chroot_setup_exec dexopt_chroot_setup_tmpfs dexoptanalyzer_exec dmesgd_exec dumpstate_tmpfs evsmanagerd_exec storaged_data_file wm_trace_data_file accessibility_trace_data_file perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file system_perfetto_config_file uprobestats_configs_data_file oatdump_exec sdk_sandbox_system_data_file sdk_sandbox_data_file app_exec_data_file rollback_data_file checkin_data_file ota_image_data_file gsi_persistent_data_file emergency_data_file profcollectd_data_file apex_art_data_file apex_art_staging_data_file apex_compos_data_file apex_virt_data_file apex_tethering_data_file apex_uwb_data_file apex_appsearch_data_file apex_permission_data_file apex_scheduling_data_file apex_wifi_data_file font_data_file dmesgd_data_file odrefresh_data_file odsign_data_file odsign_metrics_file virtualizationservice_data_file vm_data_file environ_system_data_file bootanim_data_file fd_server_exec compos_exec compos_key_helper_exec prng_seeder_socket system_font_fallback_file aconfigd_socket aconfigd_mainline_socket system_aconfig_storage_file vendor_aconfig_storage_file connectivityblob_data_file mainline_supplicant_data_file pre_reboot_dexopt_file pre_reboot_dexopt_artd_file apk_metadata_file pbtombstone_exec storage_area_app_dir storage_area_dir storage_area_content_file storage_area_key_file tradeinmode_metadata_file prefetch_metadata_file libprocessgroup_metadata_file fuseblkd_exec fuseblkd_untrusted_exec fwk_bufferhub_exec gki_apex_prepostinstall_exec gpuservice_exec gsid_exec hal_allocator_default_exec hal_keymint_system_exec heapprofd_exec heapprofd_tmpfs hidl_lazy_test_server_exec incident_exec incident_helper_exec incidentd_exec iw_exec kcmdlinectrl_exec linkerconfig_exec linux_vm_setup_exec lpdumpd_exec mdnsd_exec mediatranscoding_exec mediatranscoding_tmpfs mediatuner_exec memcgv2_activation_depth_exec microfuchsiad_exec migrate_legacy_obb_data_exec misctrl_exec mm_events_exec mmd_exec mtectrl_exec odrefresh_exec odsign_exec ot_ctl_exec ot_daemon_exec otapreopt_chroot_exec otapreopt_slot_exec overlay_remounter_exec perfetto_exec perfetto_tmpfs postinstall_exec postinstall_dexopt_exec postinstall_dexopt_tmpfs prefetch_exec preloads_copy_exec preopt2cachename_exec prng_seeder_exec profcollectd_exec remount_exec rkp_cert_processor_exec rkpd_exec rss_hwm_reset_exec simpleperf_exec simpleperf_boot_data_file snapshotctl_exec snapuserd_exec stats_exec storaged_exec surfaceflinger_exec system_server_startup_tmpfs system_suspend_exec trace_redactor_exec traced_exec traced_perf_exec traced_probes_exec traced_probes_tmpfs tradeinmode_exec uprobestats_exec vehicle_binding_util_exec vfio_handler_exec virtual_face_exec virtual_fingerprint_exec virtualizationservice_exec vmnic_exec wait_for_keymaster_exec wifi_mainline_supplicant_exec ))
+(typeattributeset file_type (adbd_exec aidl_lazy_test_server_exec apexd_exec appdomain_tmpfs app_zygote_tmpfs audioserver_tmpfs bootanim_exec bootstat_exec bufferhubd_exec cameraserver_exec cameraserver_tmpfs charger_exec crash_dump_exec credstore_exec dhcp_exec dnsmasq_exec drmserver_exec drmserver_socket dumpstate_exec e2fs_exec early_virtmgr_exec extra_free_kbytes_exec unlabeled system_file system_asan_options_file system_event_log_tags_file system_lib_file system_bootstrap_lib_file system_group_file system_linker_exec system_linker_config_file system_passwd_file system_seccomp_policy_file system_security_cacerts_file tcpdump_exec system_zoneinfo_file cgroup_desc_file vendor_cgroup_desc_file task_profiles_file vendor_task_profiles_file art_apex_dir linkerconfig_file incremental_control_file bootanim_oem_file vendor_hal_file vendor_file vendor_app_file vendor_configs_file same_process_hal_file vndk_sp_file vendor_framework_file vendor_overlay_file vendor_public_lib_file vendor_public_framework_file vendor_microdroid_file vendor_boot_ota_file vendor_keylayout_file vendor_keychars_file vendor_idc_file vendor_uuid_mapping_config_file vendor_vm_file vendor_vm_data_file metadata_file vold_metadata_file gsi_metadata_file gsi_public_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file metadata_bootstat_file userspace_reboot_metadata_file staged_install_file watchdog_metadata_file repair_mode_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file dev_cpu_variant runtime_event_log_tags_file logcat_exec cgroup_rc_file coredump_file system_data_root_file system_data_file system_userdir_file packages_list_file game_mode_intervention_list_file vendor_data_file vendor_userdir_file unencrypted_data_file install_data_file drm_data_file adb_data_file anr_data_file tombstone_data_file tombstone_wifi_data_file apex_data_file apk_data_file apk_tmp_file apk_private_data_file apk_private_tmp_file dalvikcache_data_file ota_data_file ota_package_file user_profile_root_file user_profile_data_file profman_dump_data_file prereboot_data_file resourcecache_data_file shell_data_file property_data_file bootchart_data_file dropbox_data_file heapdump_data_file nativetest_data_file shell_test_data_file ringtone_file preloads_data_file preloads_media_file dhcp_data_file server_configurable_flags_data_file staging_data_file vendor_apex_file vendor_apex_metadata_file shutdown_checkpoints_system_data_file mnt_media_rw_file mnt_user_file mnt_pass_through_file mnt_expand_file mnt_sdcard_file storage_file mnt_media_rw_stub_file storage_stub_file mnt_vendor_file mnt_product_file apex_mnt_dir apex_info_file postinstall_mnt_dir postinstall_file postinstall_apex_mnt_dir mirror_data_file adb_keys_file apex_system_server_data_file apex_module_data_file apex_ota_reserved_file apex_rollback_data_file appcompat_data_file audio_data_file audioserver_data_file bluetooth_data_file bluetooth_logs_data_file bootstat_data_file boottrace_data_file camera_data_file credstore_data_file gatekeeper_data_file incident_data_file keychain_data_file keystore_data_file media_data_file media_rw_data_file media_userdir_file misc_user_data_file net_data_file network_watchlist_data_file nfc_data_file nfc_logs_data_file radio_data_file recovery_data_file shared_relro_file snapshotctl_log_data_file stats_config_data_file stats_data_file systemkeys_data_file textclassifier_data_file trace_data_file vpn_data_file wifi_data_file vold_data_file tee_data_file update_engine_data_file update_engine_log_data_file snapuserd_log_data_file method_trace_data_file gsi_data_file radio_core_data_file app_data_file privapp_data_file system_app_data_file cache_file overlayfs_file cache_backup_file cache_private_backup_file cache_recovery_file efs_file wallpaper_file shortcut_manager_icons icon_file asec_apk_file asec_public_file asec_image_file backup_data_file bluetooth_efs_file fingerprintd_data_file fingerprint_vendor_data_file app_fuse_file face_vendor_data_file iris_vendor_data_file adbd_socket bluetooth_socket dnsproxyd_socket dumpstate_socket fwmarkd_socket lmkd_socket logd_socket logdr_socket logdw_socket mdns_socket mdnsd_socket misc_logd_file mtpd_socket ot_daemon_socket property_socket racoon_socket recovery_socket rild_socket rild_debug_socket snapuserd_socket snapuserd_proxy_socket statsdw_socket system_wpa_socket system_ndebug_socket system_unsolzygote_socket tombstoned_crash_socket tombstoned_java_trace_socket tombstoned_intercept_socket traced_consumer_socket traced_perf_socket traced_producer_socket uncrypt_socket wpa_socket zygote_socket heapprofd_socket gps_control pdx_display_dir pdx_performance_dir pdx_bufferhub_dir pdx_display_client_endpoint_socket pdx_display_manager_endpoint_socket pdx_display_screenshot_endpoint_socket pdx_display_vsync_endpoint_socket pdx_performance_client_endpoint_socket pdx_bufferhub_client_endpoint_socket file_contexts_file mac_perms_file property_contexts_file seapp_contexts_file sepolicy_file service_contexts_file keystore2_key_contexts_file vendor_service_contexts_file hwservice_contexts_file vndservice_contexts_file vendor_kernel_modules system_dlkm_file audiohal_data_file tee_service_contexts_file fingerprintd_exec flags_health_check_exec fsck_exec gatekeeperd_exec hal_graphics_composer_server_tmpfs hwservicemanager_exec idmap_exec init_exec init_tmpfs inputflinger_exec installd_exec keystore_exec llkd_exec lmkd_exec logd_exec mediadrmserver_exec mediaextractor_exec mediaextractor_tmpfs mediametrics_exec mediaserver_exec mediaserver_tmpfs mediaswcodec_exec netd_exec netutils_wrapper_exec performanced_exec profman_exec recovery_persist_exec recovery_refresh_exec rs_exec runas_exec sdcardd_exec servicemanager_exec sgdisk_exec shell_exec simpleperf_app_runner_exec statsd_exec su_exec surfaceflinger_tmpfs system_server_tmpfs tombstoned_exec toolbox_exec traced_tmpfs ueventd_tmpfs uncrypt_exec update_engine_exec update_verifier_exec usbd_exec vdc_exec vendor_misc_writer_exec vendor_shell_exec vendor_toolbox_exec virtual_camera_exec virtual_touchpad_exec virtualizationmanager_exec vold_exec vold_prepare_subdirs_exec watchdogd_exec webview_zygote_exec webview_zygote_tmpfs wificond_exec zygote_tmpfs zygote_exec aconfigd_exec aconfigd_mainline_exec apex_test_prepostinstall_exec art_boot_exec art_exec_exec artd_exec artd_tmpfs atrace_exec audioserver_exec auditctl_exec automotive_display_service_exec bert_collector_exec blank_screen_exec blkid_exec boringssl_self_test_exec vendor_boringssl_self_test_exec boringssl_self_test_marker bpfloader_exec canhalconfigurator_exec clatd_exec compos_verify_exec composd_exec cppreopts_exec crosvm_exec crosvm_tmpfs derive_classpath_exec derive_sdk_exec dex2oat_exec dexopt_chroot_setup_exec dexopt_chroot_setup_tmpfs dexoptanalyzer_exec dmesgd_exec dumpstate_tmpfs evsmanagerd_exec storaged_data_file wm_trace_data_file accessibility_trace_data_file perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file system_perfetto_config_file uprobestats_configs_data_file oatdump_exec sdk_sandbox_system_data_file sdk_sandbox_data_file app_exec_data_file rollback_data_file checkin_data_file ota_image_data_file gsi_persistent_data_file emergency_data_file profcollectd_data_file apex_art_data_file apex_art_staging_data_file apex_compos_data_file apex_virt_data_file apex_tethering_data_file apex_uwb_data_file apex_appsearch_data_file apex_permission_data_file apex_scheduling_data_file apex_wifi_data_file font_data_file dmesgd_data_file odrefresh_data_file odsign_data_file odsign_metrics_file virtualizationservice_data_file vm_data_file environ_system_data_file bootanim_data_file fd_server_exec compos_exec compos_key_helper_exec prng_seeder_socket system_font_fallback_file aconfigd_socket aconfigd_mainline_socket system_aconfig_storage_file vendor_aconfig_storage_file connectivityblob_data_file mainline_supplicant_data_file pre_reboot_dexopt_file pre_reboot_dexopt_artd_file apk_metadata_file pbtombstone_exec storage_area_app_dir storage_area_dir storage_area_content_file storage_area_key_file tradeinmode_metadata_file prefetch_metadata_file libprocessgroup_metadata_file fuseblkd_exec fuseblkd_untrusted_exec fwk_bufferhub_exec gki_apex_prepostinstall_exec gpuservice_exec gsid_exec hal_allocator_default_exec hal_keymint_system_exec heapprofd_exec heapprofd_tmpfs hidl_lazy_test_server_exec incident_exec incident_helper_exec incidentd_exec iw_exec kcmdlinectrl_exec linkerconfig_exec linux_vm_setup_exec lpdumpd_exec mdnsd_exec mediatranscoding_exec mediatranscoding_tmpfs mediatuner_exec memcgv2_activation_depth_exec migrate_legacy_obb_data_exec misctrl_exec mm_events_exec mmd_exec mtectrl_exec odrefresh_exec odsign_exec ot_ctl_exec ot_daemon_exec otapreopt_chroot_exec otapreopt_slot_exec overlay_remounter_exec perfetto_exec perfetto_tmpfs postinstall_exec postinstall_dexopt_exec postinstall_dexopt_tmpfs prefetch_exec preloads_copy_exec preopt2cachename_exec prng_seeder_exec profcollectd_exec remount_exec rkp_cert_processor_exec rkpd_exec rss_hwm_reset_exec simpleperf_exec simpleperf_boot_data_file snapshotctl_exec snapuserd_exec stats_exec storaged_exec surfaceflinger_exec system_server_startup_tmpfs system_suspend_exec trace_redactor_exec traced_exec traced_perf_exec traced_probes_exec traced_probes_tmpfs tradeinmode_exec uprobestats_exec vehicle_binding_util_exec vfio_handler_exec virtual_face_exec virtual_fingerprint_exec virtualizationservice_exec vmnic_exec wait_for_keymaster_exec wifi_mainline_supplicant_exec ))
 (typeattribute exec_type)
-(typeattributeset exec_type (adbd_exec aidl_lazy_test_server_exec apexd_exec bootanim_exec bootstat_exec bufferhubd_exec cameraserver_exec charger_exec crash_dump_exec credstore_exec dhcp_exec dnsmasq_exec drmserver_exec dumpstate_exec e2fs_exec early_virtmgr_exec extra_free_kbytes_exec tcpdump_exec logcat_exec fingerprintd_exec flags_health_check_exec fsck_exec gatekeeperd_exec hwservicemanager_exec idmap_exec init_exec inputflinger_exec installd_exec keystore_exec llkd_exec lmkd_exec logd_exec mediadrmserver_exec mediaextractor_exec mediametrics_exec mediaserver_exec mediaswcodec_exec netd_exec netutils_wrapper_exec performanced_exec profman_exec recovery_persist_exec recovery_refresh_exec rs_exec runas_exec sdcardd_exec servicemanager_exec sgdisk_exec shell_exec simpleperf_app_runner_exec statsd_exec su_exec tombstoned_exec toolbox_exec uncrypt_exec update_engine_exec update_verifier_exec usbd_exec vdc_exec vendor_misc_writer_exec vendor_shell_exec vendor_toolbox_exec virtual_camera_exec virtual_touchpad_exec virtualizationmanager_exec vold_exec vold_prepare_subdirs_exec watchdogd_exec webview_zygote_exec wificond_exec zygote_exec aconfigd_exec aconfigd_mainline_exec apex_test_prepostinstall_exec art_boot_exec art_exec_exec artd_exec atrace_exec audioserver_exec auditctl_exec automotive_display_service_exec bert_collector_exec blank_screen_exec blkid_exec boringssl_self_test_exec vendor_boringssl_self_test_exec bpfloader_exec canhalconfigurator_exec clatd_exec compos_verify_exec composd_exec cppreopts_exec crosvm_exec derive_classpath_exec derive_sdk_exec dex2oat_exec dexopt_chroot_setup_exec dexoptanalyzer_exec dmesgd_exec evsmanagerd_exec oatdump_exec fd_server_exec compos_exec compos_key_helper_exec pbtombstone_exec fuseblkd_exec fuseblkd_untrusted_exec fwk_bufferhub_exec gki_apex_prepostinstall_exec gpuservice_exec gsid_exec hal_allocator_default_exec hal_keymint_system_exec heapprofd_exec hidl_lazy_test_server_exec incident_exec incident_helper_exec incidentd_exec iw_exec kcmdlinectrl_exec linkerconfig_exec linux_vm_setup_exec lpdumpd_exec mdnsd_exec mediatranscoding_exec mediatuner_exec memcgv2_activation_depth_exec microfuchsiad_exec migrate_legacy_obb_data_exec misctrl_exec mm_events_exec mmd_exec mtectrl_exec odrefresh_exec odsign_exec ot_ctl_exec ot_daemon_exec otapreopt_chroot_exec otapreopt_slot_exec overlay_remounter_exec perfetto_exec postinstall_exec postinstall_dexopt_exec prefetch_exec preloads_copy_exec preopt2cachename_exec prng_seeder_exec profcollectd_exec remount_exec rkp_cert_processor_exec rkpd_exec rss_hwm_reset_exec simpleperf_exec snapshotctl_exec snapuserd_exec stats_exec storaged_exec surfaceflinger_exec system_suspend_exec trace_redactor_exec traced_exec traced_perf_exec traced_probes_exec tradeinmode_exec uprobestats_exec vehicle_binding_util_exec vfio_handler_exec virtual_face_exec virtual_fingerprint_exec virtualizationservice_exec vmnic_exec wait_for_keymaster_exec wifi_mainline_supplicant_exec ))
+(typeattributeset exec_type (adbd_exec aidl_lazy_test_server_exec apexd_exec bootanim_exec bootstat_exec bufferhubd_exec cameraserver_exec charger_exec crash_dump_exec credstore_exec dhcp_exec dnsmasq_exec drmserver_exec dumpstate_exec e2fs_exec early_virtmgr_exec extra_free_kbytes_exec tcpdump_exec logcat_exec fingerprintd_exec flags_health_check_exec fsck_exec gatekeeperd_exec hwservicemanager_exec idmap_exec init_exec inputflinger_exec installd_exec keystore_exec llkd_exec lmkd_exec logd_exec mediadrmserver_exec mediaextractor_exec mediametrics_exec mediaserver_exec mediaswcodec_exec netd_exec netutils_wrapper_exec performanced_exec profman_exec recovery_persist_exec recovery_refresh_exec rs_exec runas_exec sdcardd_exec servicemanager_exec sgdisk_exec shell_exec simpleperf_app_runner_exec statsd_exec su_exec tombstoned_exec toolbox_exec uncrypt_exec update_engine_exec update_verifier_exec usbd_exec vdc_exec vendor_misc_writer_exec vendor_shell_exec vendor_toolbox_exec virtual_camera_exec virtual_touchpad_exec virtualizationmanager_exec vold_exec vold_prepare_subdirs_exec watchdogd_exec webview_zygote_exec wificond_exec zygote_exec aconfigd_exec aconfigd_mainline_exec apex_test_prepostinstall_exec art_boot_exec art_exec_exec artd_exec atrace_exec audioserver_exec auditctl_exec automotive_display_service_exec bert_collector_exec blank_screen_exec blkid_exec boringssl_self_test_exec vendor_boringssl_self_test_exec bpfloader_exec canhalconfigurator_exec clatd_exec compos_verify_exec composd_exec cppreopts_exec crosvm_exec derive_classpath_exec derive_sdk_exec dex2oat_exec dexopt_chroot_setup_exec dexoptanalyzer_exec dmesgd_exec evsmanagerd_exec oatdump_exec fd_server_exec compos_exec compos_key_helper_exec pbtombstone_exec fuseblkd_exec fuseblkd_untrusted_exec fwk_bufferhub_exec gki_apex_prepostinstall_exec gpuservice_exec gsid_exec hal_allocator_default_exec hal_keymint_system_exec heapprofd_exec hidl_lazy_test_server_exec incident_exec incident_helper_exec incidentd_exec iw_exec kcmdlinectrl_exec linkerconfig_exec linux_vm_setup_exec lpdumpd_exec mdnsd_exec mediatranscoding_exec mediatuner_exec memcgv2_activation_depth_exec migrate_legacy_obb_data_exec misctrl_exec mm_events_exec mmd_exec mtectrl_exec odrefresh_exec odsign_exec ot_ctl_exec ot_daemon_exec otapreopt_chroot_exec otapreopt_slot_exec overlay_remounter_exec perfetto_exec postinstall_exec postinstall_dexopt_exec prefetch_exec preloads_copy_exec preopt2cachename_exec prng_seeder_exec profcollectd_exec remount_exec rkp_cert_processor_exec rkpd_exec rss_hwm_reset_exec simpleperf_exec snapshotctl_exec snapuserd_exec stats_exec storaged_exec surfaceflinger_exec system_suspend_exec trace_redactor_exec traced_exec traced_perf_exec traced_probes_exec tradeinmode_exec uprobestats_exec vehicle_binding_util_exec vfio_handler_exec virtual_face_exec virtual_fingerprint_exec virtualizationservice_exec vmnic_exec wait_for_keymaster_exec wifi_mainline_supplicant_exec ))
 (typeattribute data_file_type)
 (expandtypeattribute (data_file_type) false)
 (typeattributeset data_file_type (incremental_control_file system_data_root_file system_data_file system_userdir_file packages_list_file game_mode_intervention_list_file vendor_data_file vendor_userdir_file unencrypted_data_file install_data_file drm_data_file adb_data_file anr_data_file tombstone_data_file tombstone_wifi_data_file apex_data_file apk_data_file apk_tmp_file apk_private_data_file apk_private_tmp_file dalvikcache_data_file ota_data_file ota_package_file user_profile_root_file user_profile_data_file profman_dump_data_file prereboot_data_file resourcecache_data_file shell_data_file property_data_file bootchart_data_file dropbox_data_file heapdump_data_file nativetest_data_file shell_test_data_file ringtone_file preloads_data_file preloads_media_file dhcp_data_file server_configurable_flags_data_file staging_data_file shutdown_checkpoints_system_data_file adb_keys_file apex_system_server_data_file apex_module_data_file apex_ota_reserved_file apex_rollback_data_file appcompat_data_file audio_data_file audioserver_data_file bluetooth_data_file bluetooth_logs_data_file bootstat_data_file boottrace_data_file camera_data_file credstore_data_file gatekeeper_data_file incident_data_file keychain_data_file keystore_data_file media_data_file media_rw_data_file media_userdir_file misc_user_data_file net_data_file network_watchlist_data_file nfc_data_file nfc_logs_data_file radio_data_file recovery_data_file shared_relro_file snapshotctl_log_data_file stats_config_data_file stats_data_file systemkeys_data_file textclassifier_data_file trace_data_file vpn_data_file wifi_data_file vold_data_file tee_data_file update_engine_data_file update_engine_log_data_file snapuserd_log_data_file method_trace_data_file gsi_data_file radio_core_data_file app_data_file privapp_data_file system_app_data_file cache_file overlayfs_file cache_backup_file cache_private_backup_file cache_recovery_file wallpaper_file shortcut_manager_icons icon_file asec_apk_file asec_public_file asec_image_file backup_data_file fingerprintd_data_file fingerprint_vendor_data_file app_fuse_file face_vendor_data_file iris_vendor_data_file bluetooth_socket misc_logd_file system_wpa_socket system_ndebug_socket system_unsolzygote_socket wpa_socket audiohal_data_file storaged_data_file wm_trace_data_file accessibility_trace_data_file perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file uprobestats_configs_data_file sdk_sandbox_system_data_file sdk_sandbox_data_file app_exec_data_file rollback_data_file checkin_data_file ota_image_data_file gsi_persistent_data_file emergency_data_file profcollectd_data_file apex_art_data_file apex_art_staging_data_file apex_compos_data_file apex_virt_data_file apex_tethering_data_file apex_uwb_data_file apex_appsearch_data_file apex_permission_data_file apex_scheduling_data_file apex_wifi_data_file font_data_file dmesgd_data_file odrefresh_data_file odsign_data_file odsign_metrics_file virtualizationservice_data_file environ_system_data_file bootanim_data_file connectivityblob_data_file mainline_supplicant_data_file apk_metadata_file storage_area_app_dir storage_area_dir storage_area_content_file storage_area_key_file ))
@@ -717,7 +717,7 @@
 (expandtypeattribute (app_data_file_type) false)
 (typeattributeset app_data_file_type (shell_data_file bluetooth_data_file nfc_data_file radio_data_file app_data_file privapp_data_file system_app_data_file sdk_sandbox_data_file storage_area_app_dir storage_area_dir storage_area_content_file ))
 (typeattribute system_file_type)
-(typeattributeset system_file_type (adbd_exec aidl_lazy_test_server_exec apexd_exec bootanim_exec bootstat_exec bufferhubd_exec cameraserver_exec charger_exec crash_dump_exec credstore_exec dhcp_exec dnsmasq_exec drmserver_exec dumpstate_exec e2fs_exec early_virtmgr_exec extra_free_kbytes_exec system_file system_asan_options_file system_event_log_tags_file system_lib_file system_bootstrap_lib_file system_group_file system_linker_exec system_linker_config_file system_passwd_file system_seccomp_policy_file system_security_cacerts_file tcpdump_exec system_zoneinfo_file cgroup_desc_file task_profiles_file art_apex_dir bootanim_oem_file logcat_exec file_contexts_file mac_perms_file property_contexts_file seapp_contexts_file sepolicy_file service_contexts_file keystore2_key_contexts_file hwservice_contexts_file tee_service_contexts_file fingerprintd_exec flags_health_check_exec fsck_exec gatekeeperd_exec hwservicemanager_exec idmap_exec init_exec inputflinger_exec installd_exec keystore_exec llkd_exec lmkd_exec logd_exec mediadrmserver_exec mediaextractor_exec mediametrics_exec mediaserver_exec mediaswcodec_exec netd_exec netutils_wrapper_exec performanced_exec profman_exec recovery_persist_exec recovery_refresh_exec rs_exec runas_exec sdcardd_exec servicemanager_exec sgdisk_exec shell_exec simpleperf_app_runner_exec statsd_exec su_exec tombstoned_exec toolbox_exec uncrypt_exec update_engine_exec update_verifier_exec usbd_exec vdc_exec virtual_camera_exec virtual_touchpad_exec virtualizationmanager_exec vold_exec vold_prepare_subdirs_exec watchdogd_exec wificond_exec zygote_exec aconfigd_exec aconfigd_mainline_exec apex_test_prepostinstall_exec art_boot_exec art_exec_exec artd_exec atrace_exec audioserver_exec auditctl_exec automotive_display_service_exec bert_collector_exec blank_screen_exec blkid_exec boringssl_self_test_exec bpfloader_exec canhalconfigurator_exec clatd_exec compos_verify_exec composd_exec cppreopts_exec crosvm_exec derive_classpath_exec derive_sdk_exec dex2oat_exec dexopt_chroot_setup_exec dexoptanalyzer_exec dmesgd_exec evsmanagerd_exec system_perfetto_config_file oatdump_exec fd_server_exec compos_exec compos_key_helper_exec system_font_fallback_file system_aconfig_storage_file pbtombstone_exec fuseblkd_exec fuseblkd_untrusted_exec fwk_bufferhub_exec gki_apex_prepostinstall_exec gpuservice_exec gsid_exec hal_allocator_default_exec hal_keymint_system_exec heapprofd_exec hidl_lazy_test_server_exec incident_exec incident_helper_exec incidentd_exec iw_exec kcmdlinectrl_exec linkerconfig_exec linux_vm_setup_exec lpdumpd_exec mdnsd_exec mediatranscoding_exec mediatuner_exec memcgv2_activation_depth_exec microfuchsiad_exec migrate_legacy_obb_data_exec misctrl_exec mm_events_exec mmd_exec mtectrl_exec odrefresh_exec odsign_exec ot_ctl_exec ot_daemon_exec otapreopt_chroot_exec otapreopt_slot_exec overlay_remounter_exec perfetto_exec postinstall_exec postinstall_dexopt_exec prefetch_exec preloads_copy_exec preopt2cachename_exec prng_seeder_exec profcollectd_exec remount_exec rkp_cert_processor_exec rkpd_exec rss_hwm_reset_exec simpleperf_exec snapshotctl_exec snapuserd_exec stats_exec storaged_exec surfaceflinger_exec system_suspend_exec trace_redactor_exec traced_exec traced_perf_exec traced_probes_exec tradeinmode_exec uprobestats_exec vehicle_binding_util_exec vfio_handler_exec virtual_face_exec virtual_fingerprint_exec virtualizationservice_exec vmnic_exec wait_for_keymaster_exec wifi_mainline_supplicant_exec ))
+(typeattributeset system_file_type (adbd_exec aidl_lazy_test_server_exec apexd_exec bootanim_exec bootstat_exec bufferhubd_exec cameraserver_exec charger_exec crash_dump_exec credstore_exec dhcp_exec dnsmasq_exec drmserver_exec dumpstate_exec e2fs_exec early_virtmgr_exec extra_free_kbytes_exec system_file system_asan_options_file system_event_log_tags_file system_lib_file system_bootstrap_lib_file system_group_file system_linker_exec system_linker_config_file system_passwd_file system_seccomp_policy_file system_security_cacerts_file tcpdump_exec system_zoneinfo_file cgroup_desc_file task_profiles_file art_apex_dir bootanim_oem_file logcat_exec file_contexts_file mac_perms_file property_contexts_file seapp_contexts_file sepolicy_file service_contexts_file keystore2_key_contexts_file hwservice_contexts_file tee_service_contexts_file fingerprintd_exec flags_health_check_exec fsck_exec gatekeeperd_exec hwservicemanager_exec idmap_exec init_exec inputflinger_exec installd_exec keystore_exec llkd_exec lmkd_exec logd_exec mediadrmserver_exec mediaextractor_exec mediametrics_exec mediaserver_exec mediaswcodec_exec netd_exec netutils_wrapper_exec performanced_exec profman_exec recovery_persist_exec recovery_refresh_exec rs_exec runas_exec sdcardd_exec servicemanager_exec sgdisk_exec shell_exec simpleperf_app_runner_exec statsd_exec su_exec tombstoned_exec toolbox_exec uncrypt_exec update_engine_exec update_verifier_exec usbd_exec vdc_exec virtual_camera_exec virtual_touchpad_exec virtualizationmanager_exec vold_exec vold_prepare_subdirs_exec watchdogd_exec wificond_exec zygote_exec aconfigd_exec aconfigd_mainline_exec apex_test_prepostinstall_exec art_boot_exec art_exec_exec artd_exec atrace_exec audioserver_exec auditctl_exec automotive_display_service_exec bert_collector_exec blank_screen_exec blkid_exec boringssl_self_test_exec bpfloader_exec canhalconfigurator_exec clatd_exec compos_verify_exec composd_exec cppreopts_exec crosvm_exec derive_classpath_exec derive_sdk_exec dex2oat_exec dexopt_chroot_setup_exec dexoptanalyzer_exec dmesgd_exec evsmanagerd_exec system_perfetto_config_file oatdump_exec fd_server_exec compos_exec compos_key_helper_exec system_font_fallback_file system_aconfig_storage_file pbtombstone_exec fuseblkd_exec fuseblkd_untrusted_exec fwk_bufferhub_exec gki_apex_prepostinstall_exec gpuservice_exec gsid_exec hal_allocator_default_exec hal_keymint_system_exec heapprofd_exec hidl_lazy_test_server_exec incident_exec incident_helper_exec incidentd_exec iw_exec kcmdlinectrl_exec linkerconfig_exec linux_vm_setup_exec lpdumpd_exec mdnsd_exec mediatranscoding_exec mediatuner_exec memcgv2_activation_depth_exec migrate_legacy_obb_data_exec misctrl_exec mm_events_exec mmd_exec mtectrl_exec odrefresh_exec odsign_exec ot_ctl_exec ot_daemon_exec otapreopt_chroot_exec otapreopt_slot_exec overlay_remounter_exec perfetto_exec postinstall_exec postinstall_dexopt_exec prefetch_exec preloads_copy_exec preopt2cachename_exec prng_seeder_exec profcollectd_exec remount_exec rkp_cert_processor_exec rkpd_exec rss_hwm_reset_exec simpleperf_exec snapshotctl_exec snapuserd_exec stats_exec storaged_exec surfaceflinger_exec system_suspend_exec trace_redactor_exec traced_exec traced_perf_exec traced_probes_exec tradeinmode_exec uprobestats_exec vehicle_binding_util_exec vfio_handler_exec virtual_face_exec virtual_fingerprint_exec virtualizationservice_exec vmnic_exec wait_for_keymaster_exec wifi_mainline_supplicant_exec ))
 (typeattribute system_dlkm_file_type)
 (typeattributeset system_dlkm_file_type (system_dlkm_file ))
 (typeattribute vendor_file_type)
@@ -775,17 +775,17 @@
 (expandtypeattribute (vendor_public_property_type) false)
 (typeattributeset vendor_public_property_type (persist_vendor_debug_wifi_prop ))
 (typeattribute system_server_service)
-(typeattributeset system_server_service (device_config_updatable_service ondevicepersonalization_system_service profiling_service accessibility_service account_service activity_service activity_task_service adb_service adservices_manager_service alarm_service app_binding_service app_function_service app_hibernation_service app_integrity_service app_prediction_service app_search_service appops_service appwidget_service archive_service assetatlas_service attestation_verification_service audio_service auth_service autofill_service backup_service batterystats_service battery_service binder_calls_stats_service blob_store_service bluetooth_manager_service broadcastradio_service cacheinfo_service cameraproxy_service clipboard_service cloudsearch_service contexthub_service contextual_search_service crossprofileapps_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service coverage_service cpuinfo_service cpu_monitor_service credential_service dataloader_manager_service dbinfo_service device_config_service device_policy_service device_state_service deviceidle_service device_identifiers_service devicestoragemonitor_service diskstats_service display_service domain_verification_service color_display_service ecm_enhanced_confirmation_service external_vibrator_service file_integrity_service font_service netd_listener_service network_watchlist_service devicelock_service DockObserver_service dreams_service dropbox_service ethernet_service biometric_service bugreport_service platform_compat_service face_service fingerprint_service fwk_altitude_service fwk_stats_service fwk_sensor_service fwk_vibrator_control_service game_service gfxinfo_service gnss_time_update_service grammatical_inflection_service graphicsstats_service hardware_service hardware_properties_service hdmi_control_service healthconnect_service hint_service imms_service incremental_service input_method_service input_service intrusion_detection_service ipsec_service iris_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service location_time_zone_manager_service lock_settings_service looper_stats_service media_communication_service media_metrics_service media_projection_service media_quality_service media_router_service media_session_service meminfo_service memtrackproxy_service midi_service mount_service music_recognition_service nearby_service netpolicy_service netstats_service network_management_service network_score_service network_stack_service network_time_update_service notification_service oem_lock_service otadexopt_service overlay_service pac_proxy_service package_service package_native_service people_service permission_service permissionmgr_service permission_checker_service persistent_data_block_service pinner_service powerstats_service power_service print_service processinfo_service procstats_service reboot_readiness_service recovery_service registry_service remote_auth_service remote_provisioning_service resources_manager_service restrictions_service role_service rollback_service runtime_service rttmanager_service samplingprofiler_service scheduling_policy_service search_service search_ui_service sec_key_att_app_id_provider_service security_state_service selection_toolbar_service sensitive_content_protection_service sensorservice_service sensor_privacy_service serial_service servicediscovery_service settings_service shortcut_service slice_service smartspace_service statusbar_service storagestats_service sdk_sandbox_service system_config_service system_server_dumper_service system_update_service soundtrigger_middleware_service speech_recognition_service tare_service task_service testharness_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service threadnetwork_service timedetector_service timezonedetector_service translation_service trust_service tv_ad_service tv_iapp_service tv_input_service tv_tuner_resource_mgr_service uimode_service updatelock_service uri_grants_service usagestats_service usb_service user_service uwb_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_service virtual_device_native_service voiceinteraction_service vpn_management_service vr_manager_service wallpaper_service wallpaper_effects_generation_service webviewupdate_service wifip2p_service wifiscanner_service wifi_service wifiaware_service wifi_usd_service window_service inputflinger_service tethering_service emergency_affordance_service ambient_context_service authentication_policy_service attention_service bg_install_control_service communal_service dynamic_system_service feature_flags_service fwk_devicestate_service incidentcompanion_service logcat_service on_device_intelligence_service protolog_configuration_service resolver_service safety_center_service statsbootstrap_service statscompanion_service statsmanager_service tracingproxy_service tradeinmode_service transparency_service vm_tethering_service wearable_sensing_service dynamic_instrumentation_service advanced_protection_service ranging_service ))
+(typeattributeset system_server_service (device_config_updatable_service ondevicepersonalization_system_service profiling_service accessibility_service account_service activity_service activity_task_service adb_service adservices_manager_service alarm_service app_binding_service app_function_service app_hibernation_service app_integrity_service app_prediction_service app_search_service appops_service appwidget_service archive_service assetatlas_service attestation_verification_service audio_service auth_service autofill_service backup_service batterystats_service battery_service binder_calls_stats_service blob_store_service bluetooth_manager_service broadcastradio_service cacheinfo_service cameraproxy_service clipboard_service cloudsearch_service contexthub_service contextual_search_service crossprofileapps_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service coverage_service cpuinfo_service cpu_monitor_service credential_service dataloader_manager_service dbinfo_service device_config_service device_policy_service device_state_service deviceidle_service device_identifiers_service devicestoragemonitor_service diskstats_service display_service domain_verification_service color_display_service ecm_enhanced_confirmation_service external_vibrator_service file_integrity_service font_service netd_listener_service network_watchlist_service devicelock_service DockObserver_service dreams_service dropbox_service ethernet_service biometric_service bugreport_service platform_compat_service face_service fingerprint_service fwk_altitude_service fwk_stats_service fwk_sensor_service fwk_vibrator_control_service game_service gfxinfo_service gnss_time_update_service grammatical_inflection_service graphicsstats_service hardware_service hardware_properties_service hdmi_control_service healthconnect_service hint_service imms_service incremental_service input_method_service input_service intrusion_detection_service ipsec_service iris_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service location_time_zone_manager_service lock_settings_service looper_stats_service media_communication_service media_metrics_service media_projection_service media_quality_service media_router_service media_session_service meminfo_service memtrackproxy_service midi_service mount_service music_recognition_service nearby_service netpolicy_service netstats_service network_management_service network_score_service network_stack_service network_time_update_service notification_service oem_lock_service otadexopt_service overlay_service pac_proxy_service package_service package_native_service people_service permission_service permissionmgr_service permission_checker_service persistent_data_block_service pinner_service powerstats_service power_service print_service processinfo_service procstats_service reboot_readiness_service recovery_service registry_service remote_auth_service remote_provisioning_service resources_manager_service restrictions_service role_service rollback_service runtime_service rttmanager_service samplingprofiler_service scheduling_policy_service search_service search_ui_service sec_key_att_app_id_provider_service security_state_service selection_toolbar_service sensitive_content_protection_service sensorservice_service sensor_privacy_service serial_service servicediscovery_service settings_service shortcut_service slice_service smartspace_service statusbar_service storagestats_service sdk_sandbox_service system_config_service system_server_dumper_service system_update_service soundtrigger_middleware_service speech_recognition_service tare_service task_service testharness_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service threadnetwork_service timedetector_service timezonedetector_service translation_service trust_service tv_ad_service tv_iapp_service tv_input_service tv_tuner_resource_mgr_service uimode_service updatelock_service uri_grants_service usagestats_service usb_service user_service uwb_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_service virtual_device_native_service voiceinteraction_service vpn_management_service vr_manager_service wallpaper_service wallpaper_effects_generation_service webviewupdate_service wifip2p_service wifiscanner_service wifi_service wifiaware_service wifi_usd_service window_service inputflinger_service tethering_service emergency_affordance_service ambient_context_service authentication_policy_service attention_service bg_install_control_service communal_service dynamic_system_service feature_flags_service fwk_devicestate_service incidentcompanion_service logcat_service on_device_intelligence_service protolog_configuration_service resolver_service safety_center_service statsbootstrap_service statscompanion_service statsmanager_service supervision_service tracingproxy_service tradeinmode_service transparency_service vm_tethering_service wearable_sensing_service dynamic_instrumentation_service advanced_protection_service ranging_service ))
 (typeattribute app_api_service)
-(typeattributeset app_api_service (batteryproperties_service gatekeeper_service gpu_service credstore_service mediatranscoding_service profiling_service surfaceflinger_service accessibility_service account_service activity_service activity_task_service alarm_service app_function_service app_hibernation_service app_prediction_service app_search_service appops_service appwidget_service archive_service assetatlas_service attestation_verification_service audio_service auth_service autofill_service backup_service batterystats_service blob_store_service bluetooth_manager_service broadcastradio_service clipboard_service cloudsearch_service contexthub_service contextual_search_service crossprofileapps_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service credential_service device_policy_service device_state_service deviceidle_service device_identifiers_service display_service domain_verification_service color_display_service ecm_enhanced_confirmation_service file_integrity_service font_service devicelock_service dreams_service dropbox_service ethernet_service biometric_service bugreport_service platform_compat_service face_service fingerprint_service fwk_stats_service game_service grammatical_inflection_service graphicsstats_service hardware_properties_service hdmi_control_service healthconnect_service hint_service imms_service input_method_service input_service intrusion_detection_service ipsec_service iris_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service lock_settings_service media_communication_service media_metrics_service media_projection_service media_quality_service media_router_service media_session_service memtrackproxy_service midi_service mount_service music_recognition_service nearby_service netpolicy_service netstats_service network_management_service notification_service pac_proxy_service package_service package_native_service people_service permission_service permissionmgr_service permission_checker_service persistent_data_block_service powerstats_service power_service print_service procstats_service reboot_readiness_service registry_service remote_auth_service restrictions_service role_service rollback_service rttmanager_service search_service search_ui_service sec_key_att_app_id_provider_service security_state_service selection_toolbar_service sensitive_content_protection_service sensorservice_service sensor_privacy_service servicediscovery_service settings_service shortcut_service slice_service smartspace_service statusbar_service storagestats_service sdk_sandbox_service speech_recognition_service tare_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service threadnetwork_service timedetector_service timezonedetector_service translation_service trust_service tv_ad_service tv_iapp_service tv_input_service tv_tuner_resource_mgr_service uimode_service uri_grants_service usagestats_service usb_service user_service uwb_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_service virtual_device_native_service voiceinteraction_service vpn_management_service wallpaper_service wallpaper_effects_generation_service webviewupdate_service wifip2p_service wifiscanner_service wifi_service wifiaware_service wifi_usd_service tethering_service ambient_context_service communal_service feature_flags_service incidentcompanion_service mediatuner_service on_device_intelligence_service protolog_configuration_service safety_center_service wearable_sensing_service dynamic_instrumentation_service advanced_protection_service ranging_service ))
+(typeattributeset app_api_service (batteryproperties_service gatekeeper_service gpu_service credstore_service mediatranscoding_service profiling_service surfaceflinger_service accessibility_service account_service activity_service activity_task_service alarm_service app_function_service app_hibernation_service app_prediction_service app_search_service appops_service appwidget_service archive_service assetatlas_service attestation_verification_service audio_service auth_service autofill_service backup_service batterystats_service blob_store_service bluetooth_manager_service broadcastradio_service clipboard_service cloudsearch_service contexthub_service contextual_search_service crossprofileapps_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service credential_service device_policy_service device_state_service deviceidle_service device_identifiers_service display_service domain_verification_service color_display_service ecm_enhanced_confirmation_service file_integrity_service font_service devicelock_service dreams_service dropbox_service ethernet_service biometric_service bugreport_service platform_compat_service face_service fingerprint_service fwk_stats_service game_service grammatical_inflection_service graphicsstats_service hardware_properties_service hdmi_control_service healthconnect_service hint_service imms_service input_method_service input_service intrusion_detection_service ipsec_service iris_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service lock_settings_service media_communication_service media_metrics_service media_projection_service media_quality_service media_router_service media_session_service memtrackproxy_service midi_service mount_service music_recognition_service nearby_service netpolicy_service netstats_service network_management_service notification_service pac_proxy_service package_service package_native_service people_service permission_service permissionmgr_service permission_checker_service persistent_data_block_service powerstats_service power_service print_service procstats_service reboot_readiness_service registry_service remote_auth_service restrictions_service role_service rollback_service rttmanager_service search_service search_ui_service sec_key_att_app_id_provider_service security_state_service selection_toolbar_service sensitive_content_protection_service sensorservice_service sensor_privacy_service servicediscovery_service settings_service shortcut_service slice_service smartspace_service statusbar_service storagestats_service sdk_sandbox_service speech_recognition_service tare_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service threadnetwork_service timedetector_service timezonedetector_service translation_service trust_service tv_ad_service tv_iapp_service tv_input_service tv_tuner_resource_mgr_service uimode_service uri_grants_service usagestats_service usb_service user_service uwb_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_service virtual_device_native_service voiceinteraction_service vpn_management_service wallpaper_service wallpaper_effects_generation_service webviewupdate_service wifip2p_service wifiscanner_service wifi_service wifiaware_service wifi_usd_service tethering_service ambient_context_service communal_service feature_flags_service incidentcompanion_service mediatuner_service on_device_intelligence_service protolog_configuration_service safety_center_service supervision_service wearable_sensing_service dynamic_instrumentation_service advanced_protection_service ranging_service ))
 (typeattribute ephemeral_app_api_service)
-(typeattributeset ephemeral_app_api_service (batteryproperties_service gpu_service surfaceflinger_service accessibility_service account_service activity_service activity_task_service alarm_service app_search_service appops_service appwidget_service assetatlas_service audio_service autofill_service backup_service batterystats_service bluetooth_manager_service clipboard_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service credential_service deviceidle_service device_identifiers_service display_service font_service devicelock_service dreams_service dropbox_service platform_compat_service game_service grammatical_inflection_service graphicsstats_service hardware_properties_service hint_service imms_service input_method_service input_service ipsec_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service media_communication_service media_metrics_service media_projection_service media_quality_service media_router_service media_session_service memtrackproxy_service midi_service mount_service music_recognition_service netpolicy_service netstats_service network_management_service notification_service package_service package_native_service permission_service permissionmgr_service permission_checker_service power_service print_service procstats_service registry_service restrictions_service rttmanager_service search_service security_state_service selection_toolbar_service sensorservice_service sensor_privacy_service servicediscovery_service settings_service statusbar_service storagestats_service speech_recognition_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service timedetector_service translation_service tv_ad_service tv_iapp_service tv_input_service uimode_service uri_grants_service usagestats_service user_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_native_service voiceinteraction_service webviewupdate_service tethering_service protolog_configuration_service ))
+(typeattributeset ephemeral_app_api_service (batteryproperties_service gpu_service surfaceflinger_service accessibility_service account_service activity_service activity_task_service alarm_service app_search_service appops_service appwidget_service assetatlas_service audio_service autofill_service backup_service batterystats_service bluetooth_manager_service clipboard_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service credential_service deviceidle_service device_identifiers_service display_service font_service devicelock_service dreams_service dropbox_service platform_compat_service game_service grammatical_inflection_service graphicsstats_service hardware_properties_service hint_service imms_service input_method_service input_service ipsec_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service media_communication_service media_metrics_service media_projection_service media_quality_service media_router_service media_session_service memtrackproxy_service midi_service mount_service music_recognition_service netpolicy_service netstats_service network_management_service notification_service package_service package_native_service permission_service permissionmgr_service permission_checker_service power_service print_service procstats_service registry_service restrictions_service rttmanager_service search_service security_state_service selection_toolbar_service sensorservice_service sensor_privacy_service servicediscovery_service settings_service statusbar_service storagestats_service speech_recognition_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service timedetector_service translation_service tv_ad_service tv_iapp_service tv_input_service uimode_service uri_grants_service usagestats_service user_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_native_service voiceinteraction_service webviewupdate_service tethering_service protolog_configuration_service supervision_service ))
 (typeattribute system_api_service)
 (typeattributeset system_api_service (device_config_updatable_service ondevicepersonalization_system_service adb_service adservices_manager_service app_hibernation_service app_integrity_service cacheinfo_service cpuinfo_service credential_service dbinfo_service device_state_service diskstats_service color_display_service gfxinfo_service intrusion_detection_service lock_settings_service meminfo_service network_score_service oem_lock_service overlay_service persistent_data_block_service resources_manager_service serial_service system_config_service system_server_dumper_service updatelock_service window_service inputflinger_service authentication_policy_service bg_install_control_service dynamic_system_service incidentcompanion_service protolog_configuration_service safety_center_service statsmanager_service ))
 (typeattribute protected_service)
 (typeattributeset protected_service (hal_audio_service hal_authgraph_service hal_authsecret_service hal_bluetooth_service hal_bootctl_service hal_broadcastradio_service hal_camera_service hal_can_controller_service hal_confirmationui_service hal_contexthub_service hal_dumpstate_service hal_evs_service hal_face_service hal_fastboot_service hal_fingerprint_service hal_gnss_service hal_graphics_composer_service hal_health_service hal_health_storage_service hal_hwcrypto_service hal_identity_service hal_input_processor_service hal_ir_service hal_ivn_service hal_keymint_service hal_light_service hal_macsec_service hal_mediaquality_service hal_memtrack_service hal_nfc_service hal_oemlock_service hal_power_service hal_power_stats_service hal_radio_service hal_rebootescrow_service hal_remoteaccess_service hal_remotelyprovisionedcomponent_avf_service hal_remotelyprovisionedcomponent_service hal_sensors_service hal_secretkeeper_service hal_secureclock_service hal_secure_element_service hal_sharedsecret_service hal_system_suspend_service hal_tetheroffload_service hal_thermal_service hal_tv_hdmi_cec_service hal_tv_hdmi_connection_service hal_tv_hdmi_earc_service hal_tv_input_service hal_threadnetwork_service hal_tv_tuner_service hal_usb_service hal_usb_gadget_service hal_uwb_service hal_vehicle_service hal_vibrator_service hal_weaver_service hal_nlinterceptor_service hal_wifi_service hal_wifi_hostapd_service hal_wifi_supplicant_service hal_gatekeeper_service hal_vm_capabilities_service ))
 (typeattribute service_manager_type)
-(typeattributeset service_manager_type (aidl_lazy_test_service apc_service apex_service artd_service artd_pre_reboot_service audioserver_service authorization_service batteryproperties_service bluetooth_service cameraserver_service fwk_camera_service default_android_service device_config_updatable_service dexopt_chroot_setup_service dnsresolver_service drmserver_service dumpstate_service evsmanagerd_service fingerprintd_service fwk_automotive_display_service fwk_vold_service gatekeeper_service gpu_service idmap_service incident_service installd_service credstore_service keystore_compat_hal_service keystore_maintenance_service keystore_metrics_service keystore_service legacykeystore_service lpdump_service mdns_service mediaserver_service mediametrics_service mediaextractor_service mediadrmserver_service mediatranscoding_service netd_service nfc_service ondevicepersonalization_system_service ot_daemon_service profiling_service radio_service secure_element_service service_manager_service storaged_service surfaceflinger_service system_app_service system_net_netd_service system_suspend_control_internal_service system_suspend_control_service update_engine_service update_engine_stable_service virtualization_service virtual_camera_service virtual_touchpad_service vold_service vr_hwc_service vrflinger_vsync_service accessibility_service account_service activity_service activity_task_service adb_service adservices_manager_service alarm_service app_binding_service app_function_service app_hibernation_service app_integrity_service app_prediction_service app_search_service appops_service appwidget_service archive_service assetatlas_service attestation_verification_service audio_service auth_service autofill_service backup_service batterystats_service battery_service binder_calls_stats_service blob_store_service bluetooth_manager_service broadcastradio_service cacheinfo_service cameraproxy_service clipboard_service cloudsearch_service contexthub_service contextual_search_service crossprofileapps_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service coverage_service cpuinfo_service cpu_monitor_service credential_service dataloader_manager_service dbinfo_service device_config_service device_policy_service device_state_service deviceidle_service device_identifiers_service devicestoragemonitor_service diskstats_service display_service domain_verification_service color_display_service ecm_enhanced_confirmation_service external_vibrator_service file_integrity_service font_service netd_listener_service network_watchlist_service devicelock_service DockObserver_service dreams_service dropbox_service ethernet_service biometric_service bugreport_service platform_compat_service face_service fingerprint_service fwk_altitude_service fwk_stats_service fwk_sensor_service fwk_vibrator_control_service game_service gfxinfo_service gnss_time_update_service grammatical_inflection_service graphicsstats_service hardware_service hardware_properties_service hdmi_control_service healthconnect_service hint_service imms_service incremental_service input_method_service input_service intrusion_detection_service ipsec_service iris_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service location_time_zone_manager_service lock_settings_service looper_stats_service media_communication_service media_metrics_service media_projection_service media_quality_service media_router_service media_session_service meminfo_service memtrackproxy_service midi_service mount_service music_recognition_service nearby_service netpolicy_service netstats_service network_management_service network_score_service network_stack_service network_time_update_service notification_service oem_lock_service otadexopt_service overlay_service pac_proxy_service package_service package_native_service people_service permission_service permissionmgr_service permission_checker_service persistent_data_block_service pinner_service powerstats_service power_service print_service processinfo_service procstats_service reboot_readiness_service recovery_service registry_service remote_auth_service remote_provisioning_service resources_manager_service restrictions_service role_service rollback_service runtime_service rttmanager_service samplingprofiler_service scheduling_policy_service search_service search_ui_service sec_key_att_app_id_provider_service security_state_service selection_toolbar_service sensitive_content_protection_service sensorservice_service sensor_privacy_service serial_service servicediscovery_service settings_service shortcut_service slice_service smartspace_service statusbar_service storagestats_service sdk_sandbox_service system_config_service system_server_dumper_service system_update_service soundtrigger_middleware_service speech_recognition_service tare_service task_service testharness_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service threadnetwork_service timedetector_service timezonedetector_service translation_service trust_service tv_ad_service tv_iapp_service tv_input_service tv_tuner_resource_mgr_service uimode_service updatelock_service uri_grants_service usagestats_service usb_service user_service uwb_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_service virtual_device_native_service voiceinteraction_service vpn_management_service vr_manager_service wallpaper_service wallpaper_effects_generation_service webviewupdate_service wifip2p_service wifiscanner_service wifi_service wifinl80211_service wifiaware_service wifi_usd_service window_service inputflinger_service tethering_service emergency_affordance_service hal_audio_service hal_audiocontrol_service hal_authgraph_service hal_authsecret_service hal_bluetooth_service hal_bootctl_service hal_broadcastradio_service hal_camera_service hal_can_controller_service hal_cas_service hal_codec2_service hal_confirmationui_service hal_contexthub_service hal_drm_service hal_dumpstate_service hal_evs_service hal_face_service hal_fastboot_service hal_fingerprint_service hal_gnss_service hal_graphics_allocator_service hal_graphics_composer_service hal_graphics_mapper_service hal_health_service hal_health_storage_service hal_hwcrypto_service hal_identity_service hal_input_processor_service hal_ir_service hal_ivn_service hal_keymint_service hal_light_service hal_macsec_service hal_mediaquality_service hal_memtrack_service hal_neuralnetworks_service hal_nfc_service hal_oemlock_service hal_power_service hal_power_stats_service hal_radio_service hal_rebootescrow_service hal_remoteaccess_service hal_remotelyprovisionedcomponent_avf_service hal_remotelyprovisionedcomponent_service hal_sensors_service hal_secretkeeper_service hal_secureclock_service hal_secure_element_service hal_sharedsecret_service hal_system_suspend_service hal_tetheroffload_service hal_thermal_service hal_tv_hdmi_cec_service hal_tv_hdmi_connection_service hal_tv_hdmi_earc_service hal_tv_input_service hal_threadnetwork_service hal_tv_tuner_service hal_usb_service hal_usb_gadget_service hal_uwb_service hal_vehicle_service hal_vibrator_service hal_weaver_service hal_nlinterceptor_service hal_wifi_service hal_wifi_hostapd_service hal_wifi_supplicant_service hal_gatekeeper_service hal_vm_capabilities_service ambient_context_service authentication_policy_service attention_service bg_install_control_service compos_service communal_service dynamic_system_service feature_flags_service fwk_devicestate_service gsi_service incidentcompanion_service logcat_service logd_service mediatuner_service mmd_service on_device_intelligence_service profcollectd_service protolog_configuration_service resolver_service rkpd_registrar_service rkpd_refresh_service rkp_cert_processor_service safety_center_service stats_service statsbootstrap_service statscompanion_service statsmanager_service tracingproxy_service tradeinmode_service transparency_service vfio_handler_service virtualization_maintenance_service vm_tethering_service vmnic_service microfuchsia_service uce_service wearable_sensing_service wifi_mainline_supplicant_service dynamic_instrumentation_service advanced_protection_service ranging_service ))
+(typeattributeset service_manager_type (aidl_lazy_test_service apc_service apex_service artd_service artd_pre_reboot_service audioserver_service authorization_service batteryproperties_service bluetooth_service cameraserver_service fwk_camera_service default_android_service device_config_updatable_service dexopt_chroot_setup_service dnsresolver_service drmserver_service dumpstate_service evsmanagerd_service fingerprintd_service fwk_automotive_display_service fwk_vold_service gatekeeper_service gpu_service idmap_service incident_service installd_service credstore_service keystore_compat_hal_service keystore_maintenance_service keystore_metrics_service keystore_service legacykeystore_service lpdump_service mdns_service mediaserver_service mediametrics_service mediaextractor_service mediadrmserver_service mediatranscoding_service netd_service nfc_service ondevicepersonalization_system_service ot_daemon_service profiling_service radio_service secure_element_service service_manager_service storaged_service surfaceflinger_service system_app_service system_net_netd_service system_suspend_control_internal_service system_suspend_control_service update_engine_service update_engine_stable_service virtualization_service virtual_camera_service virtual_touchpad_service vold_service vr_hwc_service vrflinger_vsync_service accessibility_service account_service activity_service activity_task_service adb_service adservices_manager_service alarm_service app_binding_service app_function_service app_hibernation_service app_integrity_service app_prediction_service app_search_service appops_service appwidget_service archive_service assetatlas_service attestation_verification_service audio_service auth_service autofill_service backup_service batterystats_service battery_service binder_calls_stats_service blob_store_service bluetooth_manager_service broadcastradio_service cacheinfo_service cameraproxy_service clipboard_service cloudsearch_service contexthub_service contextual_search_service crossprofileapps_service IProxyService_service companion_device_service connectivity_native_service connectivity_service connmetrics_service consumer_ir_service content_capture_service content_suggestions_service content_service country_detector_service coverage_service cpuinfo_service cpu_monitor_service credential_service dataloader_manager_service dbinfo_service device_config_service device_policy_service device_state_service deviceidle_service device_identifiers_service devicestoragemonitor_service diskstats_service display_service domain_verification_service color_display_service ecm_enhanced_confirmation_service external_vibrator_service file_integrity_service font_service netd_listener_service network_watchlist_service devicelock_service DockObserver_service dreams_service dropbox_service ethernet_service biometric_service bugreport_service platform_compat_service face_service fingerprint_service fwk_altitude_service fwk_stats_service fwk_sensor_service fwk_vibrator_control_service game_service gfxinfo_service gnss_time_update_service grammatical_inflection_service graphicsstats_service hardware_service hardware_properties_service hdmi_control_service healthconnect_service hint_service imms_service incremental_service input_method_service input_service intrusion_detection_service ipsec_service iris_service jobscheduler_service launcherapps_service legacy_permission_service light_service locale_service location_service location_time_zone_manager_service lock_settings_service looper_stats_service media_communication_service media_metrics_service media_projection_service media_quality_service media_router_service media_session_service meminfo_service memtrackproxy_service midi_service mount_service music_recognition_service nearby_service netpolicy_service netstats_service network_management_service network_score_service network_stack_service network_time_update_service notification_service oem_lock_service otadexopt_service overlay_service pac_proxy_service package_service package_native_service people_service permission_service permissionmgr_service permission_checker_service persistent_data_block_service pinner_service powerstats_service power_service print_service processinfo_service procstats_service reboot_readiness_service recovery_service registry_service remote_auth_service remote_provisioning_service resources_manager_service restrictions_service role_service rollback_service runtime_service rttmanager_service samplingprofiler_service scheduling_policy_service search_service search_ui_service sec_key_att_app_id_provider_service security_state_service selection_toolbar_service sensitive_content_protection_service sensorservice_service sensor_privacy_service serial_service servicediscovery_service settings_service shortcut_service slice_service smartspace_service statusbar_service storagestats_service sdk_sandbox_service system_config_service system_server_dumper_service system_update_service soundtrigger_middleware_service speech_recognition_service tare_service task_service testharness_service textclassification_service textservices_service texttospeech_service telecom_service thermal_service threadnetwork_service timedetector_service timezonedetector_service translation_service trust_service tv_ad_service tv_iapp_service tv_input_service tv_tuner_resource_mgr_service uimode_service updatelock_service uri_grants_service usagestats_service usb_service user_service uwb_service vcn_management_service vibrator_service vibrator_manager_service virtual_device_service virtual_device_native_service voiceinteraction_service vpn_management_service vr_manager_service wallpaper_service wallpaper_effects_generation_service webviewupdate_service wifip2p_service wifiscanner_service wifi_service wifinl80211_service wifiaware_service wifi_usd_service window_service inputflinger_service tethering_service emergency_affordance_service hal_audio_service hal_audiocontrol_service hal_authgraph_service hal_authsecret_service hal_bluetooth_service hal_bootctl_service hal_broadcastradio_service hal_camera_service hal_can_controller_service hal_cas_service hal_codec2_service hal_confirmationui_service hal_contexthub_service hal_drm_service hal_dumpstate_service hal_evs_service hal_face_service hal_fastboot_service hal_fingerprint_service hal_gnss_service hal_graphics_allocator_service hal_graphics_composer_service hal_graphics_mapper_service hal_health_service hal_health_storage_service hal_hwcrypto_service hal_identity_service hal_input_processor_service hal_ir_service hal_ivn_service hal_keymint_service hal_light_service hal_macsec_service hal_mediaquality_service hal_memtrack_service hal_neuralnetworks_service hal_nfc_service hal_oemlock_service hal_power_service hal_power_stats_service hal_radio_service hal_rebootescrow_service hal_remoteaccess_service hal_remotelyprovisionedcomponent_avf_service hal_remotelyprovisionedcomponent_service hal_sensors_service hal_secretkeeper_service hal_secureclock_service hal_secure_element_service hal_sharedsecret_service hal_system_suspend_service hal_tetheroffload_service hal_thermal_service hal_tv_hdmi_cec_service hal_tv_hdmi_connection_service hal_tv_hdmi_earc_service hal_tv_input_service hal_threadnetwork_service hal_tv_tuner_service hal_usb_service hal_usb_gadget_service hal_uwb_service hal_vehicle_service hal_vibrator_service hal_weaver_service hal_nlinterceptor_service hal_wifi_service hal_wifi_hostapd_service hal_wifi_supplicant_service hal_gatekeeper_service hal_vm_capabilities_service ambient_context_service authentication_policy_service attention_service bg_install_control_service compos_service communal_service dynamic_system_service feature_flags_service fwk_devicestate_service gsi_service incidentcompanion_service logcat_service logd_service mediatuner_service mmd_service on_device_intelligence_service profcollectd_service protolog_configuration_service resolver_service rkpd_registrar_service rkpd_refresh_service rkp_cert_processor_service safety_center_service stats_service statsbootstrap_service statscompanion_service statsmanager_service supervision_service tracingproxy_service tradeinmode_service transparency_service vfio_handler_service virtualization_maintenance_service vm_tethering_service vmnic_service uce_service wearable_sensing_service wifi_mainline_supplicant_service dynamic_instrumentation_service advanced_protection_service ranging_service ))
 (typeattribute hwservice_manager_type)
 (typeattributeset hwservice_manager_type (default_android_hwservice fwk_camera_hwservice fwk_display_hwservice fwk_scheduler_hwservice fwk_sensor_hwservice fwk_stats_hwservice fwk_automotive_display_hwservice hal_atrace_hwservice hal_audio_hwservice hal_audiocontrol_hwservice hal_authsecret_hwservice hal_bluetooth_hwservice hal_bootctl_hwservice hal_broadcastradio_hwservice hal_camera_hwservice hal_can_bus_hwservice hal_can_controller_hwservice hal_confirmationui_hwservice hal_contexthub_hwservice hal_dumpstate_hwservice hal_evs_hwservice hal_face_hwservice hal_fingerprint_hwservice hal_gatekeeper_hwservice hal_gnss_hwservice hal_graphics_composer_hwservice hal_health_hwservice hal_health_storage_hwservice hal_input_classifier_hwservice hal_ir_hwservice hal_keymaster_hwservice hal_light_hwservice hal_lowpan_hwservice hal_memtrack_hwservice hal_nfc_hwservice hal_oemlock_hwservice hal_power_hwservice hal_power_stats_hwservice hal_secure_element_hwservice hal_sensors_hwservice hal_telephony_hwservice hal_tetheroffload_hwservice hal_thermal_hwservice hal_tv_cec_hwservice hal_tv_input_hwservice hal_tv_tuner_hwservice hal_usb_gadget_hwservice hal_usb_hwservice hal_vehicle_hwservice hal_vibrator_hwservice hal_vr_hwservice hal_weaver_hwservice hal_wifi_hostapd_hwservice hal_wifi_hwservice hal_wifi_supplicant_hwservice system_net_netd_hwservice system_suspend_hwservice system_wifi_keystore_hwservice fwk_bufferhub_hwservice hal_cas_hwservice hal_codec2_hwservice hal_configstore_ISurfaceFlingerConfigs hal_drm_hwservice hal_graphics_allocator_hwservice hal_graphics_mapper_hwservice hal_neuralnetworks_hwservice hal_omx_hwservice hal_renderscript_hwservice hidl_allocator_hwservice hidl_base_hwservice hidl_manager_hwservice hidl_memory_hwservice hidl_token_hwservice hal_lazy_test_hwservice ))
 (typeattribute same_process_hwservice)
@@ -824,7 +824,7 @@
 (typeattribute update_engine_common)
 (typeattributeset update_engine_common (update_engine ))
 (typeattribute coredomain)
-(typeattributeset coredomain (adbd apexd app_zygote artd atrace audioserver blkid blkid_untrusted bluetooth bootanim bootstat bpfloader bufferhubd cameraserver charger crash_dump credstore crosvm dhcp dnsmasq drmserver dumpstate e2fs early_virtmgr ephemeral_app evsmanagerd extra_free_kbytes fastbootd fingerprintd flags_health_check fsck fsck_untrusted gatekeeperd gmscore_app gpuservice healthd heapprofd hwservicemanager idmap incident incident_helper incidentd init inputflinger installd isolated_app isolated_compute_app kernel keystore llkd lmkd logd logpersist mdnsd mediadrmserver mediaextractor mediametrics mediaprovider mediaserver mediaswcodec mediatranscoding modprobe netd netutils_wrapper network_stack nfc perfetto performanced platform_app postinstall priv_app prng_seeder profman radio recovery recovery_persist recovery_refresh rkpdapp rs rss_hwm_reset runas runas_app sdcardd secure_element servicemanager sgdisk shared_relro shell simpleperf simpleperf_app_runner slideshow statsd surfaceflinger system_app system_server tombstoned toolbox traced traced_perf traced_probes traceur_app ueventd uncrypt untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 update_engine update_verifier usbd vdc virtual_camera virtual_touchpad virtualizationmanager vold vold_prepare_subdirs watchdogd webview_zygote wificond zygote aconfigd aconfigd_mainline adbd_tradeinmode apex_test_prepostinstall apexd_derive_classpath art_boot art_exec auditctl automotive_display_service bert_collector blank_screen boringssl_self_test canhalconfigurator clatd compos_fd_server compos_verify composd cppreopts derive_classpath derive_sdk device_as_webcam dex2oat dexopt_chroot_setup dmesgd fuseblkd fuseblkd_untrusted fwk_bufferhub gki_apex_prepostinstall gsid hal_allocator_default hal_keymint_system iw kcmdlinectrl linkerconfig linux_vm_setup lpdumpd mediaprovider_app mediatuner memcgv2_activation_depth microfuchsiad migrate_legacy_obb_data misctrl mm_events mmd mtectrl odrefresh odsign ot_ctl ot_daemon otapreopt_chroot otapreopt_slot overlay_remounter permissioncontroller_app postinstall_dexopt prefetch preloads_copy preopt2cachename profcollectd remount rkp_cert_processor rkpd sdk_sandbox_34 sdk_sandbox_audit sdk_sandbox_next simpleperf_boot snapshotctl snapuserd stats storaged system_server_startup system_suspend trace_redactor tradeinmode uprobestats vehicle_binding_util vfio_handler virtual_face virtual_fingerprint virtualizationservice vmlauncher_app vmnic wait_for_keymaster wifi_mainline_supplicant ))
+(typeattributeset coredomain (adbd apexd app_zygote artd atrace audioserver blkid blkid_untrusted bluetooth bootanim bootstat bpfloader bufferhubd cameraserver charger crash_dump credstore crosvm dhcp dnsmasq drmserver dumpstate e2fs early_virtmgr ephemeral_app evsmanagerd extra_free_kbytes fastbootd fingerprintd flags_health_check fsck fsck_untrusted gatekeeperd gmscore_app gpuservice healthd heapprofd hwservicemanager idmap incident incident_helper incidentd init inputflinger installd isolated_app isolated_compute_app kernel keystore llkd lmkd logd logpersist mdnsd mediadrmserver mediaextractor mediametrics mediaprovider mediaserver mediaswcodec mediatranscoding modprobe netd netutils_wrapper network_stack nfc perfetto performanced platform_app postinstall priv_app prng_seeder profman radio recovery recovery_persist recovery_refresh rkpdapp rs rss_hwm_reset runas runas_app sdcardd secure_element servicemanager sgdisk shared_relro shell simpleperf simpleperf_app_runner slideshow statsd surfaceflinger system_app system_server tombstoned toolbox traced traced_perf traced_probes traceur_app ueventd uncrypt untrusted_app untrusted_app_32 untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 update_engine update_verifier usbd vdc virtual_camera virtual_touchpad virtualizationmanager vold vold_prepare_subdirs watchdogd webview_zygote wificond zygote aconfigd aconfigd_mainline adbd_tradeinmode apex_test_prepostinstall apexd_derive_classpath art_boot art_exec auditctl automotive_display_service bert_collector blank_screen boringssl_self_test canhalconfigurator clatd compos_fd_server compos_verify composd cppreopts derive_classpath derive_sdk device_as_webcam dex2oat dexopt_chroot_setup dmesgd fuseblkd fuseblkd_untrusted fwk_bufferhub gki_apex_prepostinstall gsid hal_allocator_default hal_keymint_system iw kcmdlinectrl linkerconfig linux_vm_setup lpdumpd mediaprovider_app mediatuner memcgv2_activation_depth migrate_legacy_obb_data misctrl mm_events mmd mtectrl odrefresh odsign ot_ctl ot_daemon otapreopt_chroot otapreopt_slot overlay_remounter permissioncontroller_app postinstall_dexopt prefetch preloads_copy preopt2cachename profcollectd remount rkp_cert_processor rkpd sdk_sandbox_34 sdk_sandbox_audit sdk_sandbox_next simpleperf_boot snapshotctl snapuserd stats storaged system_server_startup system_suspend trace_redactor tradeinmode uprobestats vehicle_binding_util vfio_handler virtual_face virtual_fingerprint virtualizationservice vmlauncher_app vmnic wait_for_keymaster wifi_mainline_supplicant ))
 (typeattribute vendor_hwservice_type)
 (typeattribute coredomain_socket)
 (expandtypeattribute (coredomain_socket) false)
@@ -4747,10 +4747,6 @@
 (roletype object_r memcgv2_activation_depth)
 (type memcgv2_activation_depth_exec)
 (roletype object_r memcgv2_activation_depth_exec)
-(type microfuchsiad)
-(roletype object_r microfuchsiad)
-(type microfuchsiad_exec)
-(roletype object_r microfuchsiad_exec)
 (type migrate_legacy_obb_data)
 (roletype object_r migrate_legacy_obb_data)
 (type migrate_legacy_obb_data_exec)
@@ -5125,6 +5121,8 @@
 (roletype object_r statscompanion_service)
 (type statsmanager_service)
 (roletype object_r statsmanager_service)
+(type supervision_service)
+(roletype object_r supervision_service)
 (type tracingproxy_service)
 (roletype object_r tracingproxy_service)
 (type tradeinmode_service)
@@ -5139,8 +5137,6 @@
 (roletype object_r vm_tethering_service)
 (type vmnic_service)
 (roletype object_r vmnic_service)
-(type microfuchsia_service)
-(roletype object_r microfuchsia_service)
 (type uce_service)
 (roletype object_r uce_service)
 (type wearable_sensing_service)
@@ -8897,9 +8893,6 @@
 (allow adbd system_file (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
 (allow adbd servicemanager (binder (call transfer)))
 (allow servicemanager adbd (binder (call transfer)))
-(allow servicemanager adbd (dir (search)))
-(allow servicemanager adbd (file (read open)))
-(allow servicemanager adbd (process (getattr)))
 (allow adbd surfaceflinger (binder (call transfer)))
 (allow surfaceflinger adbd (binder (transfer)))
 (allow adbd surfaceflinger (fd (use)))
@@ -9030,9 +9023,6 @@
 (typetransition init apexd_exec process apexd)
 (allow apexd servicemanager (binder (call transfer)))
 (allow servicemanager apexd (binder (call transfer)))
-(allow servicemanager apexd (dir (search)))
-(allow servicemanager apexd (file (read open)))
-(allow servicemanager apexd (process (getattr)))
 (allow apexd apex_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/apexd.te
 
@@ -9308,9 +9298,6 @@
 (allow base_typeattr_253 logd (unix_stream_socket (connectto)))
 (allow base_typeattr_254 keystore (keystore2_key (delete get_info grant rebind update use)))
 (allow base_typeattr_254 keystore_maintenance_service (service_manager (find)))
-(allow keystore base_typeattr_254 (dir (search)))
-(allow keystore base_typeattr_254 (file (read open)))
-(allow keystore base_typeattr_254 (process (getattr)))
 (allow base_typeattr_254 apc_service (service_manager (find)))
 (allow base_typeattr_254 keystore_service (service_manager (find)))
 (allow base_typeattr_254 legacykeystore_service (service_manager (find)))
@@ -9320,9 +9307,6 @@
 (allow keystore base_typeattr_254 (binder (call transfer)))
 (allow base_typeattr_254 keystore (binder (transfer)))
 (allow keystore base_typeattr_254 (fd (use)))
-(allow credstore base_typeattr_254 (dir (search)))
-(allow credstore base_typeattr_254 (file (read open)))
-(allow credstore base_typeattr_254 (process (getattr)))
 (allow base_typeattr_254 credstore_service (service_manager (find)))
 (allow base_typeattr_254 credstore (binder (call transfer)))
 (allow credstore base_typeattr_254 (binder (transfer)))
@@ -9385,19 +9369,13 @@
 (allow appdomain surfaceflinger (unix_stream_socket (read write getattr getopt setopt shutdown)))
 (allow base_typeattr_256 app_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
 (allow base_typeattr_256 privapp_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
-(allow base_typeattr_256 storage_area_content_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
 (allow base_typeattr_256 app_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
 (allow base_typeattr_256 privapp_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-(allow base_typeattr_256 storage_area_content_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-(allow base_typeattr_256 storage_area_app_dir (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_256 storage_area_dir (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
 (allowx base_typeattr_256 app_data_file (ioctl file (0x6686)))
 (allowx base_typeattr_256 privapp_data_file (ioctl file (0x6686)))
-(allowx base_typeattr_256 storage_area_content_file (ioctl file (0x6686)))
 (allow base_typeattr_255 app_data_file (file (read write getattr map)))
 (allow base_typeattr_255 privapp_data_file (file (read write getattr map)))
 (allow base_typeattr_255 system_app_data_file (file (read write getattr map)))
-(allow base_typeattr_255 storage_area_content_file (file (read write getattr map)))
 (allow appdomain sdk_sandbox_data_file (file (read getattr)))
 (allow appdomain mnt_expand_file (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow appdomain keychain_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -9456,9 +9434,6 @@
 (allow base_typeattr_257 sysfs_gpu (file (ioctl read getattr lock map open watch watch_reads)))
 (allow appdomain servicemanager (binder (call transfer)))
 (allow servicemanager appdomain (binder (call transfer)))
-(allow servicemanager appdomain (dir (search)))
-(allow servicemanager appdomain (file (read open)))
-(allow servicemanager appdomain (process (getattr)))
 (allow appdomain binderservicedomain (binder (call transfer)))
 (allow binderservicedomain appdomain (binder (transfer)))
 (allow appdomain binderservicedomain (fd (use)))
@@ -9979,11 +9954,6 @@
 (neverallow base_typeattr_265 tombstone_data_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
-(typetransition base_typeattr_254 storage_area_dir fifo_file storage_area_content_file)
-(typetransition base_typeattr_254 storage_area_dir sock_file storage_area_content_file)
-(typetransition base_typeattr_254 storage_area_dir lnk_file storage_area_content_file)
-(typetransition base_typeattr_254 storage_area_dir dir storage_area_content_file)
-(typetransition base_typeattr_254 storage_area_dir file storage_area_content_file)
 ;;* lmx 20 system/sepolicy/private/app_neverallows.te
 
 (neverallow untrusted_app_all domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
@@ -10369,22 +10339,6 @@
 (neverallow base_typeattr_278 privapp_data_file (file (execute_no_trans)))
 ;;* lme
 
-;;* lmx 75 system/sepolicy/private/app_neverallows.te
-
-(neverallow appdomain storage_area_content_file (file (execute)))
-;;* lme
-
-;;* lmx 83 system/sepolicy/private/app_neverallows.te
-
-(neverallow appdomain storage_area_app_dir (file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow appdomain storage_area_app_dir (dir (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow appdomain storage_area_app_dir (lnk_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow appdomain storage_area_app_dir (chr_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow appdomain storage_area_app_dir (blk_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow appdomain storage_area_app_dir (sock_file (write create setattr relabelfrom relabelto append unlink link rename)))
-(neverallow appdomain storage_area_app_dir (fifo_file (write create setattr relabelfrom relabelto append unlink link rename)))
-;;* lme
-
 ;;* lmx 97 system/sepolicy/private/app_neverallows.te
 
 (neverallow base_typeattr_279 dex2oat_exec (file (execute execute_no_trans)))
@@ -12035,9 +11989,6 @@
 (allow art_exec pre_reboot_dexopt_file (dir (search)))
 (allow artd servicemanager (binder (call transfer)))
 (allow servicemanager artd (binder (call transfer)))
-(allow servicemanager artd (dir (search)))
-(allow servicemanager artd (file (read open)))
-(allow servicemanager artd (process (getattr)))
 (allow artd artd_service (service_manager (add find)))
 ;;* lmx 12 system/sepolicy/private/artd.te
 
@@ -12198,9 +12149,6 @@
 (allow atrace servicemanager (service_manager (list)))
 (allow atrace servicemanager (binder (call transfer)))
 (allow servicemanager atrace (binder (call transfer)))
-(allow servicemanager atrace (dir (search)))
-(allow servicemanager atrace (file (read open)))
-(allow servicemanager atrace (process (getattr)))
 (allow atrace surfaceflinger (binder (call)))
 (allow atrace system_server (binder (call)))
 (allow atrace cameraserver (binder (call)))
@@ -12225,9 +12173,6 @@
 (allow audioserver fuse (lnk_file (ioctl read getattr lock map open watch watch_reads)))
 (allow audioserver servicemanager (binder (call transfer)))
 (allow servicemanager audioserver (binder (call transfer)))
-(allow servicemanager audioserver (dir (search)))
-(allow servicemanager audioserver (file (read open)))
-(allow servicemanager audioserver (process (getattr)))
 (allow audioserver binderservicedomain (binder (call transfer)))
 (allow binderservicedomain audioserver (binder (transfer)))
 (allow audioserver binderservicedomain (fd (use)))
@@ -12297,17 +12242,11 @@
 (allow audioserver system_suspend_hwservice (hwservice_manager (find)))
 (allow audioserver hwservicemanager (binder (call transfer)))
 (allow hwservicemanager audioserver (binder (call transfer)))
-(allow hwservicemanager audioserver (dir (search)))
-(allow hwservicemanager audioserver (file (read map open)))
-(allow hwservicemanager audioserver (process (getattr)))
 (allow audioserver hwservicemanager_prop (file (read getattr map open)))
 (allow audioserver hidl_manager_hwservice (hwservice_manager (find)))
 (allow audioserver hal_system_suspend_service (service_manager (find)))
 (allow audioserver servicemanager (binder (call transfer)))
 (allow servicemanager audioserver (binder (call transfer)))
-(allow servicemanager audioserver (dir (search)))
-(allow servicemanager audioserver (file (read open)))
-(allow servicemanager audioserver (process (getattr)))
 (allow audioserver audio_config_prop (file (read getattr map open)))
 (allow audioserver system_audio_config_prop (file (read getattr map open)))
 ;;* lmx 102 system/sepolicy/private/audioserver.te
@@ -12351,14 +12290,8 @@
 (typetransition init automotive_display_service_exec process automotive_display_service)
 (allow automotive_display_service servicemanager (binder (call transfer)))
 (allow servicemanager automotive_display_service (binder (call transfer)))
-(allow servicemanager automotive_display_service (dir (search)))
-(allow servicemanager automotive_display_service (file (read open)))
-(allow servicemanager automotive_display_service (process (getattr)))
 (allow automotive_display_service hwservicemanager (binder (call transfer)))
 (allow hwservicemanager automotive_display_service (binder (call transfer)))
-(allow hwservicemanager automotive_display_service (dir (search)))
-(allow hwservicemanager automotive_display_service (file (read map open)))
-(allow hwservicemanager automotive_display_service (process (getattr)))
 (allow automotive_display_service hwservicemanager_prop (file (read getattr map open)))
 (allow automotive_display_service surfaceflinger_service (service_manager (find)))
 (allow automotive_display_service surfaceflinger (binder (call transfer)))
@@ -12388,9 +12321,6 @@
 (allow bert_collector sysfs_firmware_acpi_tables (lnk_file (ioctl read getattr lock map open watch watch_reads)))
 (allow bert_collector servicemanager (binder (call transfer)))
 (allow servicemanager bert_collector (binder (call transfer)))
-(allow servicemanager bert_collector (dir (search)))
-(allow servicemanager bert_collector (file (read open)))
-(allow servicemanager bert_collector (process (getattr)))
 (allow bert_collector system_server (binder (call transfer)))
 (allow system_server bert_collector (binder (transfer)))
 (allow bert_collector system_server (fd (use)))
@@ -12409,9 +12339,6 @@
 (allow binderservicedomain appdomain (fifo_file (write)))
 (allow binderservicedomain permission_service (service_manager (find)))
 (allow binderservicedomain keystore (keystore2_key (delete get_info rebind use)))
-(allow keystore binderservicedomain (dir (search)))
-(allow keystore binderservicedomain (file (read open)))
-(allow keystore binderservicedomain (process (getattr)))
 (allow binderservicedomain apc_service (service_manager (find)))
 (allow binderservicedomain keystore_service (service_manager (find)))
 (allow binderservicedomain legacykeystore_service (service_manager (find)))
@@ -12524,17 +12451,11 @@
 (allow bluetooth system_suspend_hwservice (hwservice_manager (find)))
 (allow bluetooth hwservicemanager (binder (call transfer)))
 (allow hwservicemanager bluetooth (binder (call transfer)))
-(allow hwservicemanager bluetooth (dir (search)))
-(allow hwservicemanager bluetooth (file (read map open)))
-(allow hwservicemanager bluetooth (process (getattr)))
 (allow bluetooth hwservicemanager_prop (file (read getattr map open)))
 (allow bluetooth hidl_manager_hwservice (hwservice_manager (find)))
 (allow bluetooth hal_system_suspend_service (service_manager (find)))
 (allow bluetooth servicemanager (binder (call transfer)))
 (allow servicemanager bluetooth (binder (call transfer)))
-(allow servicemanager bluetooth (dir (search)))
-(allow servicemanager bluetooth (file (read open)))
-(allow servicemanager bluetooth (process (getattr)))
 (allow bluetooth bluetooth_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
 (allow bluetooth bluetooth_data_file (file (ioctl read write create getattr setattr lock append map unlink link rename open watch watch_reads)))
 (allow bluetooth bluetooth_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink link rename open watch watch_reads)))
@@ -12637,9 +12558,6 @@
 (allow bootanim vendor_apex_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow bootanim servicemanager (binder (call transfer)))
 (allow servicemanager bootanim (binder (call transfer)))
-(allow servicemanager bootanim (dir (search)))
-(allow servicemanager bootanim (file (read open)))
-(allow servicemanager bootanim (process (getattr)))
 (allow bootanim surfaceflinger (binder (call transfer)))
 (allow surfaceflinger bootanim (binder (transfer)))
 (allow bootanim surfaceflinger (fd (use)))
@@ -12648,9 +12566,6 @@
 (allow bootanim audioserver (fd (use)))
 (allow bootanim hwservicemanager (binder (call transfer)))
 (allow hwservicemanager bootanim (binder (call transfer)))
-(allow hwservicemanager bootanim (dir (search)))
-(allow hwservicemanager bootanim (file (read map open)))
-(allow hwservicemanager bootanim (process (getattr)))
 (allow bootanim gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
 (allow bootanim gpu_device (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow bootanim sysfs_gpu (file (ioctl read getattr lock map open watch watch_reads)))
@@ -12953,9 +12868,6 @@
 (allow cameraserver virtual_camera (binder (call)))
 (allow cameraserver servicemanager (binder (call transfer)))
 (allow servicemanager cameraserver (binder (call transfer)))
-(allow servicemanager cameraserver (dir (search)))
-(allow servicemanager cameraserver (file (read open)))
-(allow servicemanager cameraserver (process (getattr)))
 (allow cameraserver binderservicedomain (binder (call transfer)))
 (allow binderservicedomain cameraserver (binder (transfer)))
 (allow cameraserver binderservicedomain (fd (use)))
@@ -13034,9 +12946,6 @@
 (typetransition init canhalconfigurator_exec process canhalconfigurator)
 (allow canhalconfigurator servicemanager (binder (call transfer)))
 (allow servicemanager canhalconfigurator (binder (call transfer)))
-(allow servicemanager canhalconfigurator (dir (search)))
-(allow servicemanager canhalconfigurator (file (read open)))
-(allow servicemanager canhalconfigurator (process (getattr)))
 (allow hal_can_controller canhalconfigurator (binder (call transfer)))
 (allow canhalconfigurator hal_can_controller (binder (transfer)))
 (allow hal_can_controller canhalconfigurator (fd (use)))
@@ -13086,17 +12995,11 @@
 (allow charger_type system_suspend_hwservice (hwservice_manager (find)))
 (allow charger_type hwservicemanager (binder (call transfer)))
 (allow hwservicemanager charger_type (binder (call transfer)))
-(allow hwservicemanager charger_type (dir (search)))
-(allow hwservicemanager charger_type (file (read map open)))
-(allow hwservicemanager charger_type (process (getattr)))
 (allow charger_type hwservicemanager_prop (file (read getattr map open)))
 (allow charger_type hidl_manager_hwservice (hwservice_manager (find)))
 (allow charger_type hal_system_suspend_service (service_manager (find)))
 (allow charger_type servicemanager (binder (call transfer)))
 (allow servicemanager charger_type (binder (call transfer)))
-(allow servicemanager charger_type (dir (search)))
-(allow servicemanager charger_type (file (read open)))
-(allow servicemanager charger_type (process (getattr)))
 (allow charger_type self (netlink_kobject_uevent_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
 (allow charger_type sysfs_power (file (ioctl read write getattr lock append map open watch watch_reads)))
 (allow charger_type sysfs_batteryinfo (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -13150,9 +13053,6 @@
 
 (allow compos_verify servicemanager (binder (call transfer)))
 (allow servicemanager compos_verify (binder (call transfer)))
-(allow servicemanager compos_verify (dir (search)))
-(allow servicemanager compos_verify (file (read open)))
-(allow servicemanager compos_verify (process (getattr)))
 (allow compos_verify virtualizationmanager_exec (file (read getattr map execute open)))
 (allow compos_verify virtualizationmanager (process (transition)))
 (allow virtualizationmanager virtualizationmanager_exec (file (read getattr map execute open entrypoint)))
@@ -13198,9 +13098,6 @@
 (typetransition init composd_exec process composd)
 (allow composd servicemanager (binder (call transfer)))
 (allow servicemanager composd (binder (call transfer)))
-(allow servicemanager composd (dir (search)))
-(allow servicemanager composd (file (read open)))
-(allow servicemanager composd (process (getattr)))
 (allow composd compos_service (service_manager (add find)))
 ;;* lmx 7 system/sepolicy/private/composd.te
 
@@ -13493,9 +13390,6 @@
 (allow credstore remote_provisioning_service (service_manager (find)))
 (allow credstore servicemanager (binder (call transfer)))
 (allow servicemanager credstore (binder (call transfer)))
-(allow servicemanager credstore (dir (search)))
-(allow servicemanager credstore (file (read open)))
-(allow servicemanager credstore (process (getattr)))
 (allow credstore system_server (binder (call transfer)))
 (allow system_server credstore (binder (transfer)))
 (allow credstore system_server (fd (use)))
@@ -13623,7 +13517,6 @@
 (neverallow crosvm privapp_data_file (file (open)))
 (neverallow crosvm virtualizationservice_data_file (file (open)))
 (neverallow crosvm vm_data_file (file (open)))
-(neverallow crosvm storage_area_content_file (file (open)))
 ;;* lme
 
 ;;* lmx 192 system/sepolicy/private/credstore.te
@@ -13784,9 +13677,6 @@
 
 (allow dexopt_chroot_setup servicemanager (binder (call transfer)))
 (allow servicemanager dexopt_chroot_setup (binder (call transfer)))
-(allow servicemanager dexopt_chroot_setup (dir (search)))
-(allow servicemanager dexopt_chroot_setup (file (read open)))
-(allow servicemanager dexopt_chroot_setup (process (getattr)))
 (allow dexopt_chroot_setup dexopt_chroot_setup_service (service_manager (add find)))
 ;;* lmx 8 system/sepolicy/private/dexopt_chroot_setup.te
 
@@ -13968,9 +13858,6 @@
 (allow dmesgd toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
 (allow dmesgd servicemanager (binder (call transfer)))
 (allow servicemanager dmesgd (binder (call transfer)))
-(allow servicemanager dmesgd (dir (search)))
-(allow servicemanager dmesgd (file (read open)))
-(allow servicemanager dmesgd (process (getattr)))
 (allow dmesgd system_server (binder (call transfer)))
 (allow system_server dmesgd (binder (transfer)))
 (allow dmesgd system_server (fd (use)))
@@ -15412,78 +15299,34 @@
 (neverallow base_typeattr_438 privapp_data_file (blk_file (create unlink)))
 (neverallow base_typeattr_438 privapp_data_file (sock_file (create unlink)))
 (neverallow base_typeattr_438 privapp_data_file (fifo_file (create unlink)))
-(neverallow base_typeattr_438 storage_area_content_file (file (create unlink)))
-(neverallow base_typeattr_438 storage_area_content_file (dir (create unlink)))
-(neverallow base_typeattr_438 storage_area_content_file (lnk_file (create unlink)))
-(neverallow base_typeattr_438 storage_area_content_file (chr_file (create unlink)))
-(neverallow base_typeattr_438 storage_area_content_file (blk_file (create unlink)))
-(neverallow base_typeattr_438 storage_area_content_file (sock_file (create unlink)))
-(neverallow base_typeattr_438 storage_area_content_file (fifo_file (create unlink)))
-;;* lme
-
-;;* lmx 1665 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_455 storage_area_app_dir (dir (create unlink)))
-(neverallow base_typeattr_455 storage_area_dir (dir (create unlink)))
 ;;* lme
 
 ;;* lmx 1692 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_456 app_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
-(neverallow base_typeattr_456 privapp_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
-(neverallow base_typeattr_456 storage_area_content_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
-;;* lme
-
-;;* lmx 1694 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_457 storage_area_app_dir (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
-(neverallow base_typeattr_457 storage_area_dir (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
-;;* lme
-
-;;* lmx 1709 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_458 storage_area_key_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_458 storage_area_key_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
-(neverallow base_typeattr_458 storage_area_key_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_458 storage_area_key_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_458 storage_area_key_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_458 storage_area_key_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_458 storage_area_key_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_455 app_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_455 privapp_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 ;;* lmx 1733 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_459 app_data_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
-(neverallow base_typeattr_459 privapp_data_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
-(neverallow base_typeattr_459 storage_area_content_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
-;;* lme
-
-;;* lmx 1735 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_460 storage_area_app_dir (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
-(neverallow base_typeattr_460 storage_area_dir (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_456 app_data_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_456 privapp_data_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
 ;;* lme
 
 ;;* lmx 1757 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_461 app_data_file (file (open)))
-(neverallow base_typeattr_461 app_data_file (lnk_file (open)))
-(neverallow base_typeattr_461 app_data_file (chr_file (open)))
-(neverallow base_typeattr_461 app_data_file (blk_file (open)))
-(neverallow base_typeattr_461 app_data_file (sock_file (open)))
-(neverallow base_typeattr_461 app_data_file (fifo_file (open)))
-(neverallow base_typeattr_461 privapp_data_file (file (open)))
-(neverallow base_typeattr_461 privapp_data_file (lnk_file (open)))
-(neverallow base_typeattr_461 privapp_data_file (chr_file (open)))
-(neverallow base_typeattr_461 privapp_data_file (blk_file (open)))
-(neverallow base_typeattr_461 privapp_data_file (sock_file (open)))
-(neverallow base_typeattr_461 privapp_data_file (fifo_file (open)))
-(neverallow base_typeattr_461 storage_area_content_file (file (open)))
-(neverallow base_typeattr_461 storage_area_content_file (lnk_file (open)))
-(neverallow base_typeattr_461 storage_area_content_file (chr_file (open)))
-(neverallow base_typeattr_461 storage_area_content_file (blk_file (open)))
-(neverallow base_typeattr_461 storage_area_content_file (sock_file (open)))
-(neverallow base_typeattr_461 storage_area_content_file (fifo_file (open)))
+(neverallow base_typeattr_457 app_data_file (file (open)))
+(neverallow base_typeattr_457 app_data_file (lnk_file (open)))
+(neverallow base_typeattr_457 app_data_file (chr_file (open)))
+(neverallow base_typeattr_457 app_data_file (blk_file (open)))
+(neverallow base_typeattr_457 app_data_file (sock_file (open)))
+(neverallow base_typeattr_457 app_data_file (fifo_file (open)))
+(neverallow base_typeattr_457 privapp_data_file (file (open)))
+(neverallow base_typeattr_457 privapp_data_file (lnk_file (open)))
+(neverallow base_typeattr_457 privapp_data_file (chr_file (open)))
+(neverallow base_typeattr_457 privapp_data_file (blk_file (open)))
+(neverallow base_typeattr_457 privapp_data_file (sock_file (open)))
+(neverallow base_typeattr_457 privapp_data_file (fifo_file (open)))
 ;;* lme
 
 ;;* lmx 1768 system/sepolicy/private/domain.te
@@ -15502,64 +15345,44 @@
 (neverallow base_typeattr_438 privapp_data_file (blk_file (create unlink)))
 (neverallow base_typeattr_438 privapp_data_file (sock_file (create unlink)))
 (neverallow base_typeattr_438 privapp_data_file (fifo_file (create unlink)))
-(neverallow base_typeattr_438 storage_area_content_file (file (create unlink)))
-(neverallow base_typeattr_438 storage_area_content_file (dir (create unlink)))
-(neverallow base_typeattr_438 storage_area_content_file (lnk_file (create unlink)))
-(neverallow base_typeattr_438 storage_area_content_file (chr_file (create unlink)))
-(neverallow base_typeattr_438 storage_area_content_file (blk_file (create unlink)))
-(neverallow base_typeattr_438 storage_area_content_file (sock_file (create unlink)))
-(neverallow base_typeattr_438 storage_area_content_file (fifo_file (create unlink)))
 ;;* lme
 
 ;;* lmx 1778 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_462 app_data_file (file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 app_data_file (dir (relabelfrom relabelto)))
-(neverallow base_typeattr_462 app_data_file (lnk_file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 app_data_file (chr_file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 app_data_file (blk_file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 app_data_file (sock_file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 app_data_file (fifo_file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 privapp_data_file (file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 privapp_data_file (dir (relabelfrom relabelto)))
-(neverallow base_typeattr_462 privapp_data_file (lnk_file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 privapp_data_file (chr_file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 privapp_data_file (blk_file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 privapp_data_file (sock_file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 privapp_data_file (fifo_file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 storage_area_content_file (file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 storage_area_content_file (dir (relabelfrom relabelto)))
-(neverallow base_typeattr_462 storage_area_content_file (lnk_file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 storage_area_content_file (chr_file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 storage_area_content_file (blk_file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 storage_area_content_file (sock_file (relabelfrom relabelto)))
-(neverallow base_typeattr_462 storage_area_content_file (fifo_file (relabelfrom relabelto)))
-;;* lme
-
-;;* lmx 1780 system/sepolicy/private/domain.te
-
-(neverallow base_typeattr_455 storage_area_app_dir (dir (relabelfrom relabelto)))
-(neverallow base_typeattr_455 storage_area_dir (dir (relabelfrom relabelto)))
+(neverallow base_typeattr_458 app_data_file (file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 app_data_file (dir (relabelfrom relabelto)))
+(neverallow base_typeattr_458 app_data_file (lnk_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 app_data_file (chr_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 app_data_file (blk_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 app_data_file (sock_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 app_data_file (fifo_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 privapp_data_file (file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 privapp_data_file (dir (relabelfrom relabelto)))
+(neverallow base_typeattr_458 privapp_data_file (lnk_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 privapp_data_file (chr_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 privapp_data_file (blk_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 privapp_data_file (sock_file (relabelfrom relabelto)))
+(neverallow base_typeattr_458 privapp_data_file (fifo_file (relabelfrom relabelto)))
 ;;* lme
 
 ;;* lmx 1803 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_463 staging_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_459 staging_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 ;;* lmx 1818 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_464 staging_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_460 staging_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 ;;* lmx 1820 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_465 staging_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_461 staging_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
 ;;* lme
 
 ;;* lmx 1825 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_466 staging_data_file (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow base_typeattr_462 staging_data_file (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
 ;;* lme
 
 ;;* lmx 1829 system/sepolicy/private/domain.te
@@ -15569,12 +15392,12 @@
 
 ;;* lmx 1836 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_467 base_typeattr_468 (file (execute)))
+(neverallow base_typeattr_463 base_typeattr_464 (file (execute)))
 ;;* lme
 
 ;;* lmx 1867 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_469 base_typeattr_470 (file (execute)))
+(neverallow base_typeattr_465 base_typeattr_466 (file (execute)))
 ;;* lme
 
 ;;* lmx 1874 system/sepolicy/private/domain.te
@@ -15584,22 +15407,22 @@
 
 ;;* lmx 1887 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_471 dalvikcache_data_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_467 dalvikcache_data_file (file (write create setattr relabelfrom append unlink link rename)))
 ;;* lme
 
 ;;* lmx 1899 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_471 dalvikcache_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_467 dalvikcache_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
 ;;* lme
 
 ;;* lmx 1914 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_472 apex_art_data_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_468 apex_art_data_file (file (write create setattr relabelfrom append unlink link rename)))
 ;;* lme
 
 ;;* lmx 1927 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_472 apex_art_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_468 apex_art_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
 ;;* lme
 
 ;;* lmx 1940 system/sepolicy/private/domain.te
@@ -15609,35 +15432,35 @@
 
 ;;* lmx 1969 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_473 self (capability (dac_override)))
-(neverallow base_typeattr_473 self (cap_userns (dac_override)))
+(neverallow base_typeattr_469 self (capability (dac_override)))
+(neverallow base_typeattr_469 self (cap_userns (dac_override)))
 ;;* lme
 
 ;;* lmx 1979 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_474 self (capability (dac_read_search)))
-(neverallow base_typeattr_474 self (cap_userns (dac_read_search)))
+(neverallow base_typeattr_470 self (capability (dac_read_search)))
+(neverallow base_typeattr_470 self (cap_userns (dac_read_search)))
 ;;* lme
 
 ;;* lmx 2000 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_475 base_typeattr_476 (filesystem (mount remount relabelfrom relabelto)))
+(neverallow base_typeattr_471 base_typeattr_472 (filesystem (mount remount relabelfrom relabelto)))
 ;;* lme
 
 ;;* lmx 2002 system/sepolicy/private/domain.te
 
-(neverallow domain base_typeattr_477 (filesystem (mount remount relabelfrom relabelto)))
+(neverallow domain base_typeattr_473 (filesystem (mount remount relabelfrom relabelto)))
 ;;* lme
 
 ;;* lmx 2021 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_478 self (capability (sys_rawio)))
-(neverallow base_typeattr_478 self (cap_userns (sys_rawio)))
+(neverallow base_typeattr_474 self (capability (sys_rawio)))
+(neverallow base_typeattr_474 self (cap_userns (sys_rawio)))
 ;;* lme
 
 ;;* lmx 2030 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_479 mirror_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_475 mirror_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 ;;* lmx 2033 system/sepolicy/private/domain.te
@@ -15662,12 +15485,12 @@
 
 ;;* lmx 2041 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_480 firstboot_prop (file (ioctl read getattr lock map open watch watch_reads)))
+(neverallow base_typeattr_476 firstboot_prop (file (ioctl read getattr lock map open watch watch_reads)))
 ;;* lme
 
 ;;* lmx 2045 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_481 dalvik_config_prop (property_service (set)))
+(neverallow base_typeattr_477 dalvik_config_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 2048 system/sepolicy/private/domain.te
@@ -15677,78 +15500,78 @@
 
 ;;* lmx 2052 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_482 vendor_file (file (write create setattr relabelfrom append unlink link rename execute open execute_no_trans)))
+(neverallow base_typeattr_478 vendor_file (file (write create setattr relabelfrom append unlink link rename execute open execute_no_trans)))
 ;;* lme
 
 ;;* lmx 2070 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_483 base_typeattr_484 (socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (tcp_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (udp_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (rawip_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (packet_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (key_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (unix_stream_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (unix_dgram_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_route_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_tcpdiag_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_nflog_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_xfrm_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_selinux_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_audit_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_dnrt_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_kobject_uevent_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (appletalk_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (tun_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_iscsi_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_fib_lookup_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_connector_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_netfilter_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_generic_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_scsitransport_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_rdma_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netlink_crypto_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (sctp_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (icmp_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (ax25_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (ipx_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (netrom_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (atmpvc_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (x25_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (rose_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (decnet_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (atmsvc_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (rds_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (irda_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (pppox_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (llc_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (can_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (tipc_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (bluetooth_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (iucv_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (rxrpc_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (isdn_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (phonet_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (ieee802154_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (caif_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (alg_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (nfc_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (vsock_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (kcm_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (qipcrtr_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (smc_socket (connect sendto)))
-(neverallow base_typeattr_483 base_typeattr_484 (xdp_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (tcp_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (udp_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (rawip_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (packet_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (key_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (unix_stream_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (unix_dgram_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_route_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_tcpdiag_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_nflog_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_xfrm_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_selinux_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_audit_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_dnrt_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_kobject_uevent_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (appletalk_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (tun_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_iscsi_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_fib_lookup_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_connector_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_netfilter_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_generic_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_scsitransport_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_rdma_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netlink_crypto_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (sctp_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (icmp_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (ax25_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (ipx_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (netrom_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (atmpvc_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (x25_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (rose_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (decnet_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (atmsvc_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (rds_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (irda_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (pppox_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (llc_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (can_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (tipc_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (bluetooth_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (iucv_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (rxrpc_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (isdn_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (phonet_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (ieee802154_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (caif_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (alg_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (nfc_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (vsock_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (kcm_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (qipcrtr_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (smc_socket (connect sendto)))
+(neverallow base_typeattr_479 base_typeattr_480 (xdp_socket (connect sendto)))
 ;;* lme
 
 ;;* lmx 2070 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_483 base_typeattr_484 (unix_stream_socket (connectto)))
+(neverallow base_typeattr_479 base_typeattr_480 (unix_stream_socket (connectto)))
 ;;* lme
 
 ;;* lmx 2091 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_485 base_typeattr_486 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_481 base_typeattr_482 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 ;;* lmx 2139 system/sepolicy/private/domain.te
@@ -15758,20 +15581,20 @@
 
 ;;* lmx 2152 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_487 system_file_type (file (mounton)))
-(neverallow base_typeattr_487 system_file_type (dir (mounton)))
-(neverallow base_typeattr_487 system_file_type (lnk_file (mounton)))
-(neverallow base_typeattr_487 system_file_type (chr_file (mounton)))
-(neverallow base_typeattr_487 system_file_type (blk_file (mounton)))
-(neverallow base_typeattr_487 system_file_type (sock_file (mounton)))
-(neverallow base_typeattr_487 system_file_type (fifo_file (mounton)))
-(neverallow base_typeattr_487 vendor_file_type (file (mounton)))
-(neverallow base_typeattr_487 vendor_file_type (dir (mounton)))
-(neverallow base_typeattr_487 vendor_file_type (lnk_file (mounton)))
-(neverallow base_typeattr_487 vendor_file_type (chr_file (mounton)))
-(neverallow base_typeattr_487 vendor_file_type (blk_file (mounton)))
-(neverallow base_typeattr_487 vendor_file_type (sock_file (mounton)))
-(neverallow base_typeattr_487 vendor_file_type (fifo_file (mounton)))
+(neverallow base_typeattr_483 system_file_type (file (mounton)))
+(neverallow base_typeattr_483 system_file_type (dir (mounton)))
+(neverallow base_typeattr_483 system_file_type (lnk_file (mounton)))
+(neverallow base_typeattr_483 system_file_type (chr_file (mounton)))
+(neverallow base_typeattr_483 system_file_type (blk_file (mounton)))
+(neverallow base_typeattr_483 system_file_type (sock_file (mounton)))
+(neverallow base_typeattr_483 system_file_type (fifo_file (mounton)))
+(neverallow base_typeattr_483 vendor_file_type (file (mounton)))
+(neverallow base_typeattr_483 vendor_file_type (dir (mounton)))
+(neverallow base_typeattr_483 vendor_file_type (lnk_file (mounton)))
+(neverallow base_typeattr_483 vendor_file_type (chr_file (mounton)))
+(neverallow base_typeattr_483 vendor_file_type (blk_file (mounton)))
+(neverallow base_typeattr_483 vendor_file_type (sock_file (mounton)))
+(neverallow base_typeattr_483 vendor_file_type (fifo_file (mounton)))
 ;;* lme
 
 ;;* lmx 2161 system/sepolicy/private/domain.te
@@ -15781,53 +15604,53 @@
 
 ;;* lmx 2180 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_488 proc_kallsyms (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_484 proc_kallsyms (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 ;;* lmx 2186 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_489 base_typeattr_490 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_485 base_typeattr_486 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 2202 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_491 sysfs_devices_cs_etm (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_487 sysfs_devices_cs_etm (file (write create setattr relabelfrom append unlink link rename)))
 ;;* lme
 
 ;;* lmx 2212 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_492 self (capability2 (perfmon)))
+(neverallow base_typeattr_488 self (capability2 (perfmon)))
 ;;* lme
 
 ;;* lmx 2232 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_493 shell_data_file (file (open)))
+(neverallow base_typeattr_489 shell_data_file (file (open)))
 ;;* lme
 
 ;;* lmx 2250 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_494 shell_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_490 shell_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
 ;;* lme
 
 ;;* lmx 2263 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_495 shell_data_file (dir (open)))
+(neverallow base_typeattr_491 shell_data_file (dir (open)))
 ;;* lme
 
 ;;* lmx 2278 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_495 shell_data_file (dir (search)))
+(neverallow base_typeattr_491 shell_data_file (dir (search)))
 ;;* lme
 
 ;;* lmx 2290 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_496 system_app_data_file (file (create unlink open)))
-(neverallow base_typeattr_496 system_app_data_file (dir (create unlink open)))
-(neverallow base_typeattr_496 system_app_data_file (lnk_file (create unlink open)))
-(neverallow base_typeattr_496 system_app_data_file (chr_file (create unlink open)))
-(neverallow base_typeattr_496 system_app_data_file (blk_file (create unlink open)))
-(neverallow base_typeattr_496 system_app_data_file (sock_file (create unlink open)))
-(neverallow base_typeattr_496 system_app_data_file (fifo_file (create unlink open)))
+(neverallow base_typeattr_492 system_app_data_file (file (create unlink open)))
+(neverallow base_typeattr_492 system_app_data_file (dir (create unlink open)))
+(neverallow base_typeattr_492 system_app_data_file (lnk_file (create unlink open)))
+(neverallow base_typeattr_492 system_app_data_file (chr_file (create unlink open)))
+(neverallow base_typeattr_492 system_app_data_file (blk_file (create unlink open)))
+(neverallow base_typeattr_492 system_app_data_file (sock_file (create unlink open)))
+(neverallow base_typeattr_492 system_app_data_file (fifo_file (create unlink open)))
 ;;* lme
 
 ;;* lmx 2297 system/sepolicy/private/domain.te
@@ -15881,30 +15704,30 @@
 
 ;;* lmx 2303 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_497 checkin_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_497 checkin_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_493 checkin_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_493 checkin_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 ;;* lmx 2305 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_498 proc (file (mounton)))
-(neverallow base_typeattr_498 proc (dir (mounton)))
+(neverallow base_typeattr_494 proc (file (mounton)))
+(neverallow base_typeattr_494 proc (dir (mounton)))
 ;;* lme
 
 ;;* lmx 2306 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_499 proc_type (file (mounton)))
-(neverallow base_typeattr_499 proc_type (dir (mounton)))
+(neverallow base_typeattr_495 proc_type (file (mounton)))
+(neverallow base_typeattr_495 proc_type (dir (mounton)))
 ;;* lme
 
 ;;* lmx 2310 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_500 sysfs_pgsize_migration (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_496 sysfs_pgsize_migration (file (write create setattr relabelfrom append unlink link rename)))
 ;;* lme
 
 ;;* lmx 2315 system/sepolicy/private/domain.te
 
-(neverallow base_typeattr_501 base_typeattr_239 (vsock_socket (create bind connect accept)))
+(neverallow base_typeattr_497 base_typeattr_239 (vsock_socket (create bind connect accept)))
 ;;* lme
 
 (allow init drmserver_exec (file (read getattr map execute open)))
@@ -15917,9 +15740,6 @@
 (allow drmserver drm_service_config_prop (file (read getattr map open)))
 (allow drmserver servicemanager (binder (call transfer)))
 (allow servicemanager drmserver (binder (call transfer)))
-(allow servicemanager drmserver (dir (search)))
-(allow servicemanager drmserver (file (read open)))
-(allow servicemanager drmserver (process (getattr)))
 (allow drmserver system_server (binder (call transfer)))
 (allow system_server drmserver (binder (transfer)))
 (allow drmserver system_server (fd (use)))
@@ -15962,7 +15782,7 @@
 (allow drmserver drmserver_service (service_manager (add find)))
 ;;* lmx 61 system/sepolicy/private/drmserver.te
 
-(neverallow base_typeattr_502 drmserver_service (service_manager (add)))
+(neverallow base_typeattr_498 drmserver_service (service_manager (add)))
 ;;* lme
 
 (allow drmserver permission_service (service_manager (find)))
@@ -16105,9 +15925,6 @@
 (typetransition dumpstate derive_sdk_exec process derive_sdk)
 (allow dumpstate servicemanager (binder (call transfer)))
 (allow servicemanager dumpstate (binder (call transfer)))
-(allow servicemanager dumpstate (dir (search)))
-(allow servicemanager dumpstate (file (read open)))
-(allow servicemanager dumpstate (process (getattr)))
 (allow dumpstate sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
 (allow dumpstate self (capability2 (block_suspend)))
 (allow dumpstate self (cap2_userns (block_suspend)))
@@ -16117,17 +15934,11 @@
 (allow dumpstate system_suspend_hwservice (hwservice_manager (find)))
 (allow dumpstate hwservicemanager (binder (call transfer)))
 (allow hwservicemanager dumpstate (binder (call transfer)))
-(allow hwservicemanager dumpstate (dir (search)))
-(allow hwservicemanager dumpstate (file (read map open)))
-(allow hwservicemanager dumpstate (process (getattr)))
 (allow dumpstate hwservicemanager_prop (file (read getattr map open)))
 (allow dumpstate hidl_manager_hwservice (hwservice_manager (find)))
 (allow dumpstate hal_system_suspend_service (service_manager (find)))
 (allow dumpstate servicemanager (binder (call transfer)))
 (allow servicemanager dumpstate (binder (call transfer)))
-(allow servicemanager dumpstate (dir (search)))
-(allow servicemanager dumpstate (file (read open)))
-(allow servicemanager dumpstate (process (getattr)))
 (allow dumpstate self (capability (setgid setuid sys_resource)))
 (allow dumpstate self (cap_userns (setgid setuid sys_resource)))
 (allow dumpstate domain (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -16363,7 +16174,7 @@
 (allow dumpstate prereboot_data_file (file (ioctl read getattr lock map open watch watch_reads)))
 (allow dumpstate app_fuse_file (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow dumpstate overlayfs_file (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow dumpstate base_typeattr_503 (service_manager (find)))
+(allow dumpstate base_typeattr_499 (service_manager (find)))
 (dontaudit dumpstate hal_service_type (service_manager (find)))
 (dontaudit dumpstate apex_service (service_manager (find)))
 (dontaudit dumpstate dumpstate_service (service_manager (find)))
@@ -16382,7 +16193,7 @@
 (allow dumpstate dumpstate_service (service_manager (add find)))
 ;;* lmx 499 system/sepolicy/private/dumpstate.te
 
-(neverallow base_typeattr_504 dumpstate_service (service_manager (add)))
+(neverallow base_typeattr_500 dumpstate_service (service_manager (add)))
 ;;* lme
 
 (allow dumpstate ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
@@ -16605,17 +16416,17 @@
 
 ;;* lmx 586 system/sepolicy/private/dumpstate.te
 
-(neverallow base_typeattr_505 dumpstate_service (service_manager (find)))
+(neverallow base_typeattr_501 dumpstate_service (service_manager (find)))
 ;;* lme
 
 ;;* lmx 596 system/sepolicy/private/dumpstate.te
 
-(neverallow base_typeattr_506 apex_uwb_data_file (dir (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_502 apex_uwb_data_file (dir (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 604 system/sepolicy/private/dumpstate.te
 
-(neverallow base_typeattr_506 apex_uwb_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_502 apex_uwb_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow e2fs devpts (chr_file (ioctl read write getattr)))
@@ -16648,9 +16459,6 @@
 (allow early_virtmgr devpts (chr_file (ioctl read write getattr)))
 (allow early_virtmgr servicemanager (binder (call transfer)))
 (allow servicemanager early_virtmgr (binder (call transfer)))
-(allow servicemanager early_virtmgr (dir (search)))
-(allow servicemanager early_virtmgr (file (read open)))
-(allow servicemanager early_virtmgr (process (getattr)))
 (allow early_virtmgr crosvm_exec (file (read getattr map execute open)))
 (allow early_virtmgr crosvm (process (transition)))
 (allow crosvm crosvm_exec (file (read getattr map execute open entrypoint)))
@@ -16681,17 +16489,17 @@
 (allow early_virtmgr kmsg_debug_device (chr_file (write lock append map open)))
 ;;* lmx 1 system/sepolicy/private/early_virtmgr.te
 
-(neverallow base_typeattr_507 vm_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_503 vm_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
 ;;* lme
 
 ;;* lmx 1 system/sepolicy/private/early_virtmgr.te
 
-(neverallow base_typeattr_508 vm_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_504 vm_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 1 system/sepolicy/private/early_virtmgr.te
 
-(neverallow base_typeattr_509 early_virtmgr (vsock_socket (create bind connect listen accept)))
+(neverallow base_typeattr_505 early_virtmgr (vsock_socket (create bind connect listen accept)))
 ;;* lme
 
 (typetransition ephemeral_app tmpfs file appdomain_tmpfs)
@@ -16699,23 +16507,23 @@
 (dontaudit su ephemeral_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 17 system/sepolicy/private/ephemeral_app.te
 
-(neverallow base_typeattr_510 ephemeral_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_506 ephemeral_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow ephemeral_app appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 17 system/sepolicy/private/ephemeral_app.te
 
-(neverallow base_typeattr_511 base_typeattr_510 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_507 base_typeattr_506 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 17 system/sepolicy/private/ephemeral_app.te
 
-(neverallow base_typeattr_512 ephemeral_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_508 ephemeral_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 17 system/sepolicy/private/ephemeral_app.te
 
-(neverallow base_typeattr_513 ephemeral_app (process (ptrace)))
+(neverallow base_typeattr_509 ephemeral_app (process (ptrace)))
 ;;* lme
 
 (allow ephemeral_app sdcard_type (file (ioctl read write getattr lock append)))
@@ -16806,14 +16614,11 @@
 (allow evsmanagerd evsmanagerd_service (service_manager (add find)))
 ;;* lmx 13 system/sepolicy/private/evsmanagerd.te
 
-(neverallow base_typeattr_514 evsmanagerd_service (service_manager (add)))
+(neverallow base_typeattr_510 evsmanagerd_service (service_manager (add)))
 ;;* lme
 
 (allow evsmanagerd servicemanager (binder (call transfer)))
 (allow servicemanager evsmanagerd (binder (call transfer)))
-(allow servicemanager evsmanagerd (dir (search)))
-(allow servicemanager evsmanagerd (file (read open)))
-(allow servicemanager evsmanagerd (process (getattr)))
 (allow evsmanagerd system_server (binder (call transfer)))
 (allow system_server evsmanagerd (binder (transfer)))
 (allow evsmanagerd system_server (fd (use)))
@@ -16847,7 +16652,7 @@
 (allow fastbootd self (io_uring (sqpoll)))
 ;;* lmx 170 system/sepolicy/private/fastbootd.te
 
-(neverallow base_typeattr_515 fastbootd_iouring (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_511 fastbootd_iouring (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (dontaudit fastbootd self (capability (ipc_lock)))
@@ -16885,21 +16690,15 @@
 (typetransition init fingerprintd_exec process fingerprintd)
 (allow fingerprintd servicemanager (binder (call transfer)))
 (allow servicemanager fingerprintd (binder (call transfer)))
-(allow servicemanager fingerprintd (dir (search)))
-(allow servicemanager fingerprintd (file (read open)))
-(allow servicemanager fingerprintd (process (getattr)))
 (allow fingerprintd system_file (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow fingerprintd fingerprintd_service (service_manager (add find)))
 ;;* lmx 11 system/sepolicy/private/fingerprintd.te
 
-(neverallow base_typeattr_516 fingerprintd_service (service_manager (add)))
+(neverallow base_typeattr_512 fingerprintd_service (service_manager (add)))
 ;;* lme
 
 (allow fingerprintd fingerprintd_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
 (allow fingerprintd fingerprintd_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
-(allow keystore fingerprintd (dir (search)))
-(allow keystore fingerprintd (file (read open)))
-(allow keystore fingerprintd (process (getattr)))
 (allow fingerprintd apc_service (service_manager (find)))
 (allow fingerprintd keystore_service (service_manager (find)))
 (allow fingerprintd legacykeystore_service (service_manager (find)))
@@ -17061,17 +16860,17 @@
 (allow flags_health_check server_configurable_flags_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
 ;;* lmx 50 system/sepolicy/private/flags_health_check.te
 
-(neverallow base_typeattr_517 server_configurable_flags_data_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_513 server_configurable_flags_data_file (file (write create setattr relabelfrom append unlink link rename)))
 ;;* lme
 
 ;;* lmx 56 system/sepolicy/private/flags_health_check.te
 
-(neverallow base_typeattr_517 device_config_boot_count_prop (property_service (set)))
+(neverallow base_typeattr_513 device_config_boot_count_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 61 system/sepolicy/private/flags_health_check.te
 
-(neverallow base_typeattr_517 device_config_reset_performed_prop (property_service (set)))
+(neverallow base_typeattr_513 device_config_reset_performed_prop (property_service (set)))
 ;;* lme
 
 (allow init fsck_exec (file (read getattr map execute open)))
@@ -17114,7 +16913,7 @@
 
 ;;* lmx 80 system/sepolicy/private/fsck.te
 
-(neverallow base_typeattr_518 fsck (process (transition)))
+(neverallow base_typeattr_514 fsck (process (transition)))
 ;;* lme
 
 ;;* lmx 81 system/sepolicy/private/fsck.te
@@ -17124,7 +16923,7 @@
 
 ;;* lmx 82 system/sepolicy/private/fsck.te
 
-(neverallow fsck base_typeattr_519 (file (entrypoint)))
+(neverallow fsck base_typeattr_515 (file (entrypoint)))
 ;;* lme
 
 (allow fsck system_bootstrap_lib_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -17162,7 +16961,7 @@
 
 ;;* lmx 50 system/sepolicy/private/fsck_untrusted.te
 
-(neverallow fsck_untrusted base_typeattr_519 (file (entrypoint)))
+(neverallow fsck_untrusted base_typeattr_515 (file (entrypoint)))
 ;;* lme
 
 ;;* lmx 55 system/sepolicy/private/fsck_untrusted.te
@@ -17185,7 +16984,7 @@
 (allow fuseblkd mnt_media_rw_stub_file (dir (mounton)))
 ;;* lmx 30 system/sepolicy/private/fuseblkd.te
 
-(neverallow base_typeattr_520 fuseblkd (process (transition)))
+(neverallow base_typeattr_516 fuseblkd (process (transition)))
 ;;* lme
 
 ;;* lmx 31 system/sepolicy/private/fuseblkd.te
@@ -17195,7 +16994,7 @@
 
 ;;* lmx 32 system/sepolicy/private/fuseblkd.te
 
-(neverallow fuseblkd base_typeattr_521 (file (entrypoint)))
+(neverallow fuseblkd base_typeattr_517 (file (entrypoint)))
 ;;* lme
 
 (allow fuseblkd_untrusted fuseblkd_exec (file (read getattr map execute open)))
@@ -17244,7 +17043,7 @@
 
 ;;* lmx 70 system/sepolicy/private/fuseblkd_untrusted.te
 
-(neverallow fuseblkd_untrusted base_typeattr_522 (file (entrypoint)))
+(neverallow fuseblkd_untrusted base_typeattr_518 (file (entrypoint)))
 ;;* lme
 
 ;;* lmx 77 system/sepolicy/private/fuseblkd_untrusted.te
@@ -17279,20 +17078,14 @@
 (allow gatekeeperd gsid_prop (file (read getattr map open)))
 (allow gatekeeperd servicemanager (binder (call transfer)))
 (allow servicemanager gatekeeperd (binder (call transfer)))
-(allow servicemanager gatekeeperd (dir (search)))
-(allow servicemanager gatekeeperd (file (read open)))
-(allow servicemanager gatekeeperd (process (getattr)))
 (allow gatekeeperd ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
 (allow gatekeeperd system_file (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow gatekeeperd gatekeeper_service (service_manager (add find)))
 ;;* lmx 25 system/sepolicy/private/gatekeeperd.te
 
-(neverallow base_typeattr_523 gatekeeper_service (service_manager (add)))
+(neverallow base_typeattr_519 gatekeeper_service (service_manager (add)))
 ;;* lme
 
-(allow keystore gatekeeperd (dir (search)))
-(allow keystore gatekeeperd (file (read open)))
-(allow keystore gatekeeperd (process (getattr)))
 (allow gatekeeperd apc_service (service_manager (find)))
 (allow gatekeeperd keystore_service (service_manager (find)))
 (allow gatekeeperd legacykeystore_service (service_manager (find)))
@@ -17320,9 +17113,6 @@
 (allow gki_apex_prepostinstall gki_apex_prepostinstall_exec (file (execute_no_trans)))
 (allow gki_apex_prepostinstall servicemanager (binder (call transfer)))
 (allow servicemanager gki_apex_prepostinstall (binder (call transfer)))
-(allow servicemanager gki_apex_prepostinstall (dir (search)))
-(allow servicemanager gki_apex_prepostinstall (file (read open)))
-(allow servicemanager gki_apex_prepostinstall (process (getattr)))
 (allow gki_apex_prepostinstall update_engine_stable_service (service_manager (find)))
 (allow gki_apex_prepostinstall update_engine (binder (call transfer)))
 (allow update_engine gki_apex_prepostinstall (binder (transfer)))
@@ -17333,23 +17123,23 @@
 (dontaudit su gmscore_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 6 system/sepolicy/private/gmscore_app.te
 
-(neverallow base_typeattr_524 gmscore_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_520 gmscore_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow gmscore_app appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 6 system/sepolicy/private/gmscore_app.te
 
-(neverallow base_typeattr_525 base_typeattr_524 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_521 base_typeattr_520 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/gmscore_app.te
 
-(neverallow base_typeattr_526 gmscore_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_522 gmscore_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/gmscore_app.te
 
-(neverallow base_typeattr_527 gmscore_app (process (ptrace)))
+(neverallow base_typeattr_523 gmscore_app (process (ptrace)))
 ;;* lme
 
 (allow gmscore_app sysfs_type (dir (search)))
@@ -17446,7 +17236,7 @@
 (allow gmscore_app quick_start_prop (file (read getattr map open)))
 ;;* lmx 159 system/sepolicy/private/gmscore_app.te
 
-(neverallow base_typeattr_528 quick_start_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_524 quick_start_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow gmscore_app bluetooth_finder_prop (file (read getattr map open)))
@@ -17554,18 +17344,12 @@
 (allow gpuservice system_server (fd (use)))
 (allow gpuservice servicemanager (binder (call transfer)))
 (allow servicemanager gpuservice (binder (call transfer)))
-(allow servicemanager gpuservice (dir (search)))
-(allow servicemanager gpuservice (file (read open)))
-(allow servicemanager gpuservice (process (getattr)))
 (allow gpuservice gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
 (allow gpuservice same_process_hal_file (file (read getattr map execute open)))
 (allow gpuservice ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
 (allow gpuservice hwservicemanager_prop (file (read getattr map open)))
 (allow gpuservice hwservicemanager (binder (call transfer)))
 (allow hwservicemanager gpuservice (binder (call transfer)))
-(allow hwservicemanager gpuservice (dir (search)))
-(allow hwservicemanager gpuservice (file (read map open)))
-(allow hwservicemanager gpuservice (process (getattr)))
 (allow gpuservice graphics_device (dir (search)))
 (allow gpuservice graphics_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
 (allow gpuservice adbd (fd (use)))
@@ -17596,7 +17380,7 @@
 (allow gpuservice gpu_service (service_manager (add find)))
 ;;* lmx 61 system/sepolicy/private/gpuservice.te
 
-(neverallow base_typeattr_529 gpu_service (service_manager (add)))
+(neverallow base_typeattr_525 gpu_service (service_manager (add)))
 ;;* lme
 
 (allow gpuservice property_socket (sock_file (write)))
@@ -17605,7 +17389,7 @@
 (allow gpuservice graphics_config_writable_prop (file (read getattr map open)))
 ;;* lmx 66 system/sepolicy/private/gpuservice.te
 
-(neverallow base_typeattr_530 graphics_config_writable_prop (property_service (set)))
+(neverallow base_typeattr_526 graphics_config_writable_prop (property_service (set)))
 ;;* lme
 
 (allow gpuservice permission_service (service_manager (find)))
@@ -17617,13 +17401,10 @@
 (typetransition init gsid_exec process gsid)
 (allow gsid servicemanager (binder (call transfer)))
 (allow servicemanager gsid (binder (call transfer)))
-(allow servicemanager gsid (dir (search)))
-(allow servicemanager gsid (file (read open)))
-(allow servicemanager gsid (process (getattr)))
 (allow gsid gsi_service (service_manager (add find)))
 ;;* lmx 11 system/sepolicy/private/gsid.te
 
-(neverallow base_typeattr_531 gsi_service (service_manager (add)))
+(neverallow base_typeattr_527 gsi_service (service_manager (add)))
 ;;* lme
 
 (allow gsid vold_service (service_manager (find)))
@@ -17671,7 +17452,7 @@
 (allow gsid self (cap_userns (sys_rawio)))
 ;;* lmx 104 system/sepolicy/private/gsid.te
 
-(neverallow base_typeattr_532 gsid_prop (property_service (set)))
+(neverallow base_typeattr_528 gsid_prop (property_service (set)))
 ;;* lme
 
 (allow gsid userdata_block_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
@@ -17692,27 +17473,27 @@
 (allow gsid system_server (binder (call)))
 ;;* lmx 176 system/sepolicy/private/gsid.te
 
-(neverallow base_typeattr_533 gsi_metadata_file_type (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_529 gsi_metadata_file_type (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
 ;;* lme
 
 ;;* lmx 183 system/sepolicy/private/gsid.te
 
-(neverallow base_typeattr_533 base_typeattr_534 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_533 base_typeattr_534 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_533 base_typeattr_534 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_533 base_typeattr_534 (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_533 base_typeattr_534 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_533 base_typeattr_534 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_529 base_typeattr_530 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_529 base_typeattr_530 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_529 base_typeattr_530 (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_529 base_typeattr_530 (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_529 base_typeattr_530 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_529 base_typeattr_530 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 190 system/sepolicy/private/gsid.te
 
-(neverallow base_typeattr_533 gsi_public_metadata_file (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
-(neverallow base_typeattr_533 gsi_public_metadata_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
-(neverallow base_typeattr_533 gsi_public_metadata_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
-(neverallow base_typeattr_533 gsi_public_metadata_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
-(neverallow base_typeattr_533 gsi_public_metadata_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
-(neverallow base_typeattr_533 gsi_public_metadata_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
+(neverallow base_typeattr_529 gsi_public_metadata_file (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
+(neverallow base_typeattr_529 gsi_public_metadata_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
+(neverallow base_typeattr_529 gsi_public_metadata_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
+(neverallow base_typeattr_529 gsi_public_metadata_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
+(neverallow base_typeattr_529 gsi_public_metadata_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
+(neverallow base_typeattr_529 gsi_public_metadata_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
 ;;* lme
 
 ;;* lmx 196 system/sepolicy/private/gsid.te
@@ -17728,23 +17509,23 @@
 
 ;;* lmx 202 system/sepolicy/private/gsid.te
 
-(neverallow base_typeattr_535 gsi_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_535 gsi_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
-(neverallow base_typeattr_535 gsi_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_535 gsi_data_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_535 gsi_data_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_535 gsi_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_535 gsi_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_531 gsi_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_531 gsi_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_531 gsi_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_531 gsi_data_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_531 gsi_data_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_531 gsi_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_531 gsi_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 207 system/sepolicy/private/gsid.te
 
-(neverallow base_typeattr_531 gsi_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_531 gsi_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_531 gsi_data_file (chr_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_531 gsi_data_file (blk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_531 gsi_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_531 gsi_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_527 gsi_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_527 gsi_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_527 gsi_data_file (chr_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_527 gsi_data_file (blk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_527 gsi_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_527 gsi_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow hal_allocator_client hal_allocator_server (binder (call transfer)))
@@ -17755,12 +17536,12 @@
 (allow hal_allocator_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 4 system/sepolicy/private/hal_allocator.te
 
-(neverallow base_typeattr_536 hidl_allocator_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_532 hidl_allocator_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_allocator.te
 
-(neverallow base_typeattr_537 hidl_allocator_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_533 hidl_allocator_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_allocator_client hidl_memory_hwservice (hwservice_manager (find)))
@@ -17783,12 +17564,12 @@
 (allow hal_atrace_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 4 system/sepolicy/private/hal_atrace.te
 
-(neverallow base_typeattr_538 hal_atrace_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_534 hal_atrace_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_atrace.te
 
-(neverallow base_typeattr_539 hal_atrace_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_535 hal_atrace_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_audio_client hal_audio_server (binder (call transfer)))
@@ -17802,24 +17583,24 @@
 (allow hal_audio_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_audio.te
 
-(neverallow base_typeattr_540 hal_audio_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_536 hal_audio_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_audio.te
 
-(neverallow base_typeattr_541 hal_audio_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_537 hal_audio_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_audio_client hal_audio_service (service_manager (find)))
 (allow hal_audio_server hal_audio_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_audio.te
 
-(neverallow base_typeattr_540 hal_audio_service (service_manager (add)))
+(neverallow base_typeattr_536 hal_audio_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_audio.te
 
-(neverallow base_typeattr_542 hal_audio_service (service_manager (find)))
+(neverallow base_typeattr_538 hal_audio_service (service_manager (find)))
 ;;* lme
 
 (allow hal_audio ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
@@ -17844,9 +17625,6 @@
 (allow hal_audio_server self (cap_userns (sys_nice)))
 (allow hal_audio vndbinder_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
 (allow hal_audio vndservicemanager (binder (call transfer)))
-(allow vndservicemanager hal_audio (dir (search)))
-(allow vndservicemanager hal_audio (file (read map open)))
-(allow vndservicemanager hal_audio (process (getattr)))
 ;;* lmx 39 system/sepolicy/private/hal_audio.te
 
 (neverallow hal_audio_server fs_type (file (execute_no_trans)))
@@ -17855,7 +17633,7 @@
 
 ;;* lmx 42 system/sepolicy/private/hal_audio.te
 
-(neverallow base_typeattr_543 audio_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_539 audio_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 (allow hal_audio audio_config_prop (file (read getattr map open)))
@@ -17872,24 +17650,24 @@
 (allow hal_audiocontrol_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_audiocontrol.te
 
-(neverallow base_typeattr_544 hal_audiocontrol_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_540 hal_audiocontrol_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_audiocontrol.te
 
-(neverallow base_typeattr_545 hal_audiocontrol_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_541 hal_audiocontrol_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_audiocontrol_client hal_audiocontrol_service (service_manager (find)))
 (allow hal_audiocontrol_server hal_audiocontrol_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_audiocontrol.te
 
-(neverallow base_typeattr_544 hal_audiocontrol_service (service_manager (add)))
+(neverallow base_typeattr_540 hal_audiocontrol_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_audiocontrol.te
 
-(neverallow base_typeattr_546 hal_audiocontrol_service (service_manager (find)))
+(neverallow base_typeattr_542 hal_audiocontrol_service (service_manager (find)))
 ;;* lme
 
 (allow hal_audiocontrol_server servicemanager (binder (call transfer)))
@@ -17902,12 +17680,12 @@
 (allow hal_authgraph_server hal_authgraph_service (service_manager (add find)))
 ;;* lmx 3 system/sepolicy/private/hal_authgraph.te
 
-(neverallow base_typeattr_547 hal_authgraph_service (service_manager (add)))
+(neverallow base_typeattr_543 hal_authgraph_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 3 system/sepolicy/private/hal_authgraph.te
 
-(neverallow base_typeattr_548 hal_authgraph_service (service_manager (find)))
+(neverallow base_typeattr_544 hal_authgraph_service (service_manager (find)))
 ;;* lme
 
 (allow hal_authgraph_server servicemanager (binder (call transfer)))
@@ -17923,24 +17701,24 @@
 (allow hal_authsecret_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 4 system/sepolicy/private/hal_authsecret.te
 
-(neverallow base_typeattr_549 hal_authsecret_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_545 hal_authsecret_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_authsecret.te
 
-(neverallow base_typeattr_550 hal_authsecret_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_546 hal_authsecret_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_authsecret_client hal_authsecret_service (service_manager (find)))
 (allow hal_authsecret_server hal_authsecret_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_authsecret.te
 
-(neverallow base_typeattr_549 hal_authsecret_service (service_manager (add)))
+(neverallow base_typeattr_545 hal_authsecret_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_authsecret.te
 
-(neverallow base_typeattr_551 hal_authsecret_service (service_manager (find)))
+(neverallow base_typeattr_547 hal_authsecret_service (service_manager (find)))
 ;;* lme
 
 (allow hal_authsecret_server servicemanager (binder (call transfer)))
@@ -17960,24 +17738,24 @@
 (allow hal_bluetooth_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 6 system/sepolicy/private/hal_bluetooth.te
 
-(neverallow base_typeattr_552 hal_bluetooth_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_548 hal_bluetooth_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_bluetooth.te
 
-(neverallow base_typeattr_553 hal_bluetooth_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_549 hal_bluetooth_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_bluetooth_client hal_bluetooth_service (service_manager (find)))
 (allow hal_bluetooth_server hal_bluetooth_service (service_manager (add find)))
 ;;* lmx 7 system/sepolicy/private/hal_bluetooth.te
 
-(neverallow base_typeattr_552 hal_bluetooth_service (service_manager (add)))
+(neverallow base_typeattr_548 hal_bluetooth_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/hal_bluetooth.te
 
-(neverallow base_typeattr_554 hal_bluetooth_service (service_manager (find)))
+(neverallow base_typeattr_550 hal_bluetooth_service (service_manager (find)))
 ;;* lme
 
 (allow hal_bluetooth sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
@@ -17989,17 +17767,11 @@
 (allow hal_bluetooth system_suspend_hwservice (hwservice_manager (find)))
 (allow hal_bluetooth hwservicemanager (binder (call transfer)))
 (allow hwservicemanager hal_bluetooth (binder (call transfer)))
-(allow hwservicemanager hal_bluetooth (dir (search)))
-(allow hwservicemanager hal_bluetooth (file (read map open)))
-(allow hwservicemanager hal_bluetooth (process (getattr)))
 (allow hal_bluetooth hwservicemanager_prop (file (read getattr map open)))
 (allow hal_bluetooth hidl_manager_hwservice (hwservice_manager (find)))
 (allow hal_bluetooth hal_system_suspend_service (service_manager (find)))
 (allow hal_bluetooth servicemanager (binder (call transfer)))
 (allow servicemanager hal_bluetooth (binder (call transfer)))
-(allow servicemanager hal_bluetooth (dir (search)))
-(allow servicemanager hal_bluetooth (file (read open)))
-(allow servicemanager hal_bluetooth (process (getattr)))
 (allow hal_bluetooth self (capability (net_admin)))
 (allow hal_bluetooth self (cap_userns (net_admin)))
 (allow hal_bluetooth bluetooth_efs_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -18044,20 +17816,17 @@
 (allow hal_bootctl_server hal_bootctl_client (fd (use)))
 (allow hal_bootctl_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_bootctl_server (binder (call transfer)))
-(allow servicemanager hal_bootctl_server (dir (search)))
-(allow servicemanager hal_bootctl_server (file (read open)))
-(allow servicemanager hal_bootctl_server (process (getattr)))
 (allow hal_bootctl_client hal_bootctl_hwservice (hwservice_manager (find)))
 (allow hal_bootctl_server hal_bootctl_hwservice (hwservice_manager (add find)))
 (allow hal_bootctl_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 6 system/sepolicy/private/hal_bootctl.te
 
-(neverallow base_typeattr_555 hal_bootctl_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_551 hal_bootctl_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_bootctl.te
 
-(neverallow base_typeattr_556 hal_bootctl_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_552 hal_bootctl_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_bootctl_server proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
@@ -18065,12 +17834,12 @@
 (allow hal_bootctl_server hal_bootctl_service (service_manager (add find)))
 ;;* lmx 10 system/sepolicy/private/hal_bootctl.te
 
-(neverallow base_typeattr_555 hal_bootctl_service (service_manager (add)))
+(neverallow base_typeattr_551 hal_bootctl_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 10 system/sepolicy/private/hal_bootctl.te
 
-(neverallow base_typeattr_557 hal_bootctl_service (service_manager (find)))
+(neverallow base_typeattr_553 hal_bootctl_service (service_manager (find)))
 ;;* lme
 
 (allow hal_broadcastradio_client hal_broadcastradio_server (binder (call transfer)))
@@ -18084,24 +17853,24 @@
 (allow hal_broadcastradio_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 4 system/sepolicy/private/hal_broadcastradio.te
 
-(neverallow base_typeattr_558 hal_broadcastradio_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_554 hal_broadcastradio_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_broadcastradio.te
 
-(neverallow base_typeattr_559 hal_broadcastradio_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_555 hal_broadcastradio_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_broadcastradio_client hal_broadcastradio_service (service_manager (find)))
 (allow hal_broadcastradio_server hal_broadcastradio_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_broadcastradio.te
 
-(neverallow base_typeattr_558 hal_broadcastradio_service (service_manager (add)))
+(neverallow base_typeattr_554 hal_broadcastradio_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_broadcastradio.te
 
-(neverallow base_typeattr_560 hal_broadcastradio_service (service_manager (find)))
+(neverallow base_typeattr_556 hal_broadcastradio_service (service_manager (find)))
 ;;* lme
 
 (allow hal_broadcastradio_server servicemanager (binder (call transfer)))
@@ -18115,32 +17884,29 @@
 (allow hal_camera_server hal_camera_client (fd (use)))
 (allow hal_camera_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_camera_server (binder (call transfer)))
-(allow servicemanager hal_camera_server (dir (search)))
-(allow servicemanager hal_camera_server (file (read open)))
-(allow servicemanager hal_camera_server (process (getattr)))
 (allow hal_camera_client hal_camera_hwservice (hwservice_manager (find)))
 (allow hal_camera_server hal_camera_hwservice (hwservice_manager (add find)))
 (allow hal_camera_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 8 system/sepolicy/private/hal_camera.te
 
-(neverallow base_typeattr_561 hal_camera_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_557 hal_camera_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 8 system/sepolicy/private/hal_camera.te
 
-(neverallow base_typeattr_562 hal_camera_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_558 hal_camera_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_camera_client hal_camera_service (service_manager (find)))
 (allow hal_camera_server hal_camera_service (service_manager (add find)))
 ;;* lmx 9 system/sepolicy/private/hal_camera.te
 
-(neverallow base_typeattr_561 hal_camera_service (service_manager (add)))
+(neverallow base_typeattr_557 hal_camera_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 9 system/sepolicy/private/hal_camera.te
 
-(neverallow base_typeattr_563 hal_camera_service (service_manager (find)))
+(neverallow base_typeattr_559 hal_camera_service (service_manager (find)))
 ;;* lme
 
 (allow hal_camera device (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -18151,7 +17917,7 @@
 (allow hal_camera dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
 (allow hal_camera_client hal_graphics_allocator (fd (use)))
 (allow hal_camera_server hal_graphics_allocator (fd (use)))
-(allow hal_camera base_typeattr_564 (fd (use)))
+(allow hal_camera base_typeattr_560 (fd (use)))
 (allow hal_camera surfaceflinger (fd (use)))
 (allow hal_camera hal_allocator_server (fd (use)))
 (allow hal_camera shell (fd (use)))
@@ -18171,7 +17937,7 @@
 
 ;;* lmx 42 system/sepolicy/private/hal_camera.te
 
-(neverallow base_typeattr_565 camera_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_561 camera_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 (allow hal_can_controller_client hal_can_controller_server (binder (call transfer)))
@@ -18185,12 +17951,12 @@
 (allow hal_can_controller_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 4 system/sepolicy/private/hal_can.te
 
-(neverallow base_typeattr_566 hal_can_controller_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_562 hal_can_controller_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_can.te
 
-(neverallow base_typeattr_567 hal_can_controller_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_563 hal_can_controller_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_can_bus_client hal_can_bus_server (binder (call transfer)))
@@ -18204,31 +17970,28 @@
 (allow hal_can_bus_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 9 system/sepolicy/private/hal_can.te
 
-(neverallow base_typeattr_568 hal_can_bus_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_564 hal_can_bus_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 9 system/sepolicy/private/hal_can.te
 
-(neverallow base_typeattr_569 hal_can_bus_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_565 hal_can_bus_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_can_controller_client hal_can_controller_service (service_manager (find)))
 (allow hal_can_controller_server hal_can_controller_service (service_manager (add find)))
 ;;* lmx 12 system/sepolicy/private/hal_can.te
 
-(neverallow base_typeattr_566 hal_can_controller_service (service_manager (add)))
+(neverallow base_typeattr_562 hal_can_controller_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 12 system/sepolicy/private/hal_can.te
 
-(neverallow base_typeattr_570 hal_can_controller_service (service_manager (find)))
+(neverallow base_typeattr_566 hal_can_controller_service (service_manager (find)))
 ;;* lme
 
 (allow hal_can_controller servicemanager (binder (call transfer)))
 (allow servicemanager hal_can_controller (binder (call transfer)))
-(allow servicemanager hal_can_controller (dir (search)))
-(allow servicemanager hal_can_controller (file (read open)))
-(allow servicemanager hal_can_controller (process (getattr)))
 (allow hal_cas_client hal_cas_server (binder (call transfer)))
 (allow hal_cas_server hal_cas_client (binder (transfer)))
 (allow hal_cas_client hal_cas_server (fd (use)))
@@ -18240,12 +18003,12 @@
 (allow hal_cas_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_cas.te
 
-(neverallow base_typeattr_571 hal_cas_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_567 hal_cas_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_cas.te
 
-(neverallow base_typeattr_572 hal_cas_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_568 hal_cas_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_cas_server hidl_memory_hwservice (hwservice_manager (find)))
@@ -18253,12 +18016,12 @@
 (allow hal_cas_server hal_cas_service (service_manager (add find)))
 ;;* lmx 8 system/sepolicy/private/hal_cas.te
 
-(neverallow base_typeattr_571 hal_cas_service (service_manager (add)))
+(neverallow base_typeattr_567 hal_cas_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 8 system/sepolicy/private/hal_cas.te
 
-(neverallow base_typeattr_573 hal_cas_service (service_manager (find)))
+(neverallow base_typeattr_569 hal_cas_service (service_manager (find)))
 ;;* lme
 
 (allow hal_cas_server servicemanager (binder (call transfer)))
@@ -18324,24 +18087,24 @@
 (allow hal_codec2_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 9 system/sepolicy/private/hal_codec2.te
 
-(neverallow base_typeattr_574 hal_codec2_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_570 hal_codec2_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 9 system/sepolicy/private/hal_codec2.te
 
-(neverallow base_typeattr_575 hal_codec2_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_571 hal_codec2_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_codec2_client hal_codec2_service (service_manager (find)))
 (allow hal_codec2_server hal_codec2_service (service_manager (add find)))
 ;;* lmx 10 system/sepolicy/private/hal_codec2.te
 
-(neverallow base_typeattr_574 hal_codec2_service (service_manager (add)))
+(neverallow base_typeattr_570 hal_codec2_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 10 system/sepolicy/private/hal_codec2.te
 
-(neverallow base_typeattr_576 hal_codec2_service (service_manager (find)))
+(neverallow base_typeattr_572 hal_codec2_service (service_manager (find)))
 ;;* lme
 
 (allow hal_codec2_server hal_graphics_composer (fd (use)))
@@ -18349,7 +18112,7 @@
 (allow hal_codec2_server hal_camera (fd (use)))
 (allow hal_codec2_server bufferhubd (fd (use)))
 (allow hal_codec2_client ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_577 surfaceflinger_service (service_manager (find)))
+(allow base_typeattr_573 surfaceflinger_service (service_manager (find)))
 (allow hal_codec2_server su (fifo_file (read)))
 (allow hal_codec2_server hal_codec2_client (fifo_file (read)))
 (allow hal_codec2_server base_typeattr_257 (fifo_file (read)))
@@ -18361,12 +18124,12 @@
 (allow hal_configstore_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 4 system/sepolicy/private/hal_configstore.te
 
-(neverallow base_typeattr_578 hal_configstore_ISurfaceFlingerConfigs (hwservice_manager (add)))
+(neverallow base_typeattr_574 hal_configstore_ISurfaceFlingerConfigs (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_configstore.te
 
-(neverallow base_typeattr_579 hal_configstore_ISurfaceFlingerConfigs (hwservice_manager (find)))
+(neverallow base_typeattr_575 hal_configstore_ISurfaceFlingerConfigs (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_configstore_server anr_data_file (file (append)))
@@ -18416,15 +18179,15 @@
 
 ;;* lmx 37 system/sepolicy/private/hal_configstore.te
 
-(neverallow hal_configstore_server base_typeattr_580 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
-(neverallow hal_configstore_server base_typeattr_580 (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow hal_configstore_server base_typeattr_576 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
+(neverallow hal_configstore_server base_typeattr_576 (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
 ;;* lme
 
 ;;* lmx 45 system/sepolicy/private/hal_configstore.te
 
-(neverallow hal_configstore_server base_typeattr_581 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow hal_configstore_server base_typeattr_581 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow hal_configstore_server base_typeattr_581 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow hal_configstore_server base_typeattr_577 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow hal_configstore_server base_typeattr_577 (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow hal_configstore_server base_typeattr_577 (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 51 system/sepolicy/private/hal_configstore.te
@@ -18484,24 +18247,24 @@
 (allow hal_confirmationui_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 4 system/sepolicy/private/hal_confirmationui.te
 
-(neverallow base_typeattr_582 hal_confirmationui_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_578 hal_confirmationui_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_confirmationui.te
 
-(neverallow base_typeattr_583 hal_confirmationui_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_579 hal_confirmationui_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_confirmationui_client hal_confirmationui_service (service_manager (find)))
 (allow hal_confirmationui_server hal_confirmationui_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_confirmationui.te
 
-(neverallow base_typeattr_582 hal_confirmationui_service (service_manager (add)))
+(neverallow base_typeattr_578 hal_confirmationui_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_confirmationui.te
 
-(neverallow base_typeattr_584 hal_confirmationui_service (service_manager (find)))
+(neverallow base_typeattr_580 hal_confirmationui_service (service_manager (find)))
 ;;* lme
 
 (allow hal_confirmationui_server servicemanager (binder (call transfer)))
@@ -18516,7 +18279,7 @@
 (allow hal_contexthub_server hal_contexthub_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_contexthub.te
 
-(neverallow base_typeattr_585 hal_contexthub_service (service_manager (add)))
+(neverallow base_typeattr_581 hal_contexthub_service (service_manager (add)))
 ;;* lme
 
 (allow hal_contexthub_server servicemanager (binder (call transfer)))
@@ -18528,19 +18291,16 @@
 (allow hal_contexthub_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 10 system/sepolicy/private/hal_contexthub.te
 
-(neverallow base_typeattr_585 hal_contexthub_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_581 hal_contexthub_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 10 system/sepolicy/private/hal_contexthub.te
 
-(neverallow base_typeattr_586 hal_contexthub_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_582 hal_contexthub_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_drm_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_drm_server (binder (call transfer)))
-(allow servicemanager hal_drm_server (dir (search)))
-(allow servicemanager hal_drm_server (file (read open)))
-(allow servicemanager hal_drm_server (process (getattr)))
 (allow hal_drm_client hal_drm_server (binder (call transfer)))
 (allow hal_drm_server hal_drm_client (binder (transfer)))
 (allow hal_drm_client hal_drm_server (fd (use)))
@@ -18552,24 +18312,24 @@
 (allow hal_drm_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 6 system/sepolicy/private/hal_drm.te
 
-(neverallow base_typeattr_587 hal_drm_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_583 hal_drm_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_drm.te
 
-(neverallow base_typeattr_588 hal_drm_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_584 hal_drm_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_drm_client hal_drm_service (service_manager (find)))
 (allow hal_drm_server hal_drm_service (service_manager (add find)))
 ;;* lmx 7 system/sepolicy/private/hal_drm.te
 
-(neverallow base_typeattr_587 hal_drm_service (service_manager (add)))
+(neverallow base_typeattr_583 hal_drm_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/hal_drm.te
 
-(neverallow base_typeattr_589 hal_drm_service (service_manager (find)))
+(neverallow base_typeattr_585 hal_drm_service (service_manager (find)))
 ;;* lme
 
 (allow hal_drm hidl_memory_hwservice (hwservice_manager (find)))
@@ -18595,7 +18355,7 @@
 (allow hal_drm mediaserver (fd (use)))
 (allow hal_drm sysfs (file (ioctl read getattr lock map open watch watch_reads)))
 (allow hal_drm tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
-(allow hal_drm_server base_typeattr_564 (fd (use)))
+(allow hal_drm_server base_typeattr_560 (fd (use)))
 (allowx hal_drm self (ioctl tcp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
 (allowx hal_drm self (ioctl udp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
 (allowx hal_drm self (ioctl rawip_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
@@ -18647,24 +18407,24 @@
 (allow hal_dumpstate_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 7 system/sepolicy/private/hal_dumpstate.te
 
-(neverallow base_typeattr_590 hal_dumpstate_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_586 hal_dumpstate_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/hal_dumpstate.te
 
-(neverallow base_typeattr_591 hal_dumpstate_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_587 hal_dumpstate_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_dumpstate_client hal_dumpstate_service (service_manager (find)))
 (allow hal_dumpstate_server hal_dumpstate_service (service_manager (add find)))
 ;;* lmx 8 system/sepolicy/private/hal_dumpstate.te
 
-(neverallow base_typeattr_590 hal_dumpstate_service (service_manager (add)))
+(neverallow base_typeattr_586 hal_dumpstate_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 8 system/sepolicy/private/hal_dumpstate.te
 
-(neverallow base_typeattr_592 hal_dumpstate_service (service_manager (find)))
+(neverallow base_typeattr_588 hal_dumpstate_service (service_manager (find)))
 ;;* lme
 
 (allow hal_dumpstate_server servicemanager (binder (call transfer)))
@@ -18672,9 +18432,6 @@
 (allow hal_dumpstate_server servicemanager (fd (use)))
 (allow hal_dumpstate_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_dumpstate_server (binder (call transfer)))
-(allow servicemanager hal_dumpstate_server (dir (search)))
-(allow servicemanager hal_dumpstate_server (file (read open)))
-(allow servicemanager hal_dumpstate_server (process (getattr)))
 (allow hal_dumpstate shell_data_file (file (write)))
 (allow hal_dumpstate proc_interrupts (file (ioctl read getattr lock map open watch watch_reads)))
 (allow hal_dumpstate fscklogs (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -18682,14 +18439,8 @@
 (allow hal_dumpstate fscklogs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
 (allow hal_evs_client hwservicemanager (binder (call transfer)))
 (allow hwservicemanager hal_evs_client (binder (call transfer)))
-(allow hwservicemanager hal_evs_client (dir (search)))
-(allow hwservicemanager hal_evs_client (file (read map open)))
-(allow hwservicemanager hal_evs_client (process (getattr)))
 (allow hal_evs_server hwservicemanager (binder (call transfer)))
 (allow hwservicemanager hal_evs_server (binder (call transfer)))
-(allow hwservicemanager hal_evs_server (dir (search)))
-(allow hwservicemanager hal_evs_server (file (read map open)))
-(allow hwservicemanager hal_evs_server (process (getattr)))
 (allow hal_evs_client hal_evs_server (binder (call transfer)))
 (allow hal_evs_server hal_evs_client (binder (transfer)))
 (allow hal_evs_client hal_evs_server (fd (use)))
@@ -18701,19 +18452,19 @@
 (allow hal_evs_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 12 system/sepolicy/private/hal_evs.te
 
-(neverallow base_typeattr_593 hal_evs_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_589 hal_evs_hwservice (hwservice_manager (add)))
 ;;* lme
 
 (allow hal_evs_client hal_evs_service (service_manager (find)))
 (allow hal_evs_server hal_evs_service (service_manager (add find)))
 ;;* lmx 15 system/sepolicy/private/hal_evs.te
 
-(neverallow base_typeattr_594 hal_evs_service (service_manager (add)))
+(neverallow base_typeattr_590 hal_evs_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 15 system/sepolicy/private/hal_evs.te
 
-(neverallow base_typeattr_595 hal_evs_service (service_manager (find)))
+(neverallow base_typeattr_591 hal_evs_service (service_manager (find)))
 ;;* lme
 
 (allow hal_face_client hal_face_server (binder (call transfer)))
@@ -18727,34 +18478,31 @@
 (allow hal_face_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_face.te
 
-(neverallow base_typeattr_596 hal_face_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_592 hal_face_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_face.te
 
-(neverallow base_typeattr_597 hal_face_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_593 hal_face_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_face_client hal_face_service (service_manager (find)))
 (allow hal_face_server hal_face_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_face.te
 
-(neverallow base_typeattr_596 hal_face_service (service_manager (add)))
+(neverallow base_typeattr_592 hal_face_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_face.te
 
-(neverallow base_typeattr_598 hal_face_service (service_manager (find)))
+(neverallow base_typeattr_594 hal_face_service (service_manager (find)))
 ;;* lme
 
 (allow hal_face_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_face_server (binder (call transfer)))
-(allow servicemanager hal_face_server (dir (search)))
-(allow servicemanager hal_face_server (file (read open)))
-(allow servicemanager hal_face_server (process (getattr)))
 (allow hal_face ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_599 face_vendor_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-(allow base_typeattr_599 face_vendor_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
+(allow base_typeattr_595 face_vendor_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
+(allow base_typeattr_595 face_vendor_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
 (allow hal_fastboot_client hal_fastboot_server (binder (call transfer)))
 (allow hal_fastboot_server hal_fastboot_client (binder (transfer)))
 (allow hal_fastboot_client hal_fastboot_server (fd (use)))
@@ -18762,12 +18510,12 @@
 (allow hal_fastboot_server hal_fastboot_service (service_manager (add find)))
 ;;* lmx 4 system/sepolicy/private/hal_fastboot.te
 
-(neverallow base_typeattr_600 hal_fastboot_service (service_manager (add)))
+(neverallow base_typeattr_596 hal_fastboot_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_fastboot.te
 
-(neverallow base_typeattr_601 hal_fastboot_service (service_manager (find)))
+(neverallow base_typeattr_597 hal_fastboot_service (service_manager (find)))
 ;;* lme
 
 (allow hal_fastboot_server servicemanager (binder (call transfer)))
@@ -18784,43 +18532,40 @@
 (allow hal_fingerprint_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_fingerprint.te
 
-(neverallow base_typeattr_602 hal_fingerprint_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_598 hal_fingerprint_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_fingerprint.te
 
-(neverallow base_typeattr_603 hal_fingerprint_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_599 hal_fingerprint_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_fingerprint_client hal_fingerprint_service (service_manager (find)))
 (allow hal_fingerprint_server hal_fingerprint_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_fingerprint.te
 
-(neverallow base_typeattr_602 hal_fingerprint_service (service_manager (add)))
+(neverallow base_typeattr_598 hal_fingerprint_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_fingerprint.te
 
-(neverallow base_typeattr_604 hal_fingerprint_service (service_manager (find)))
+(neverallow base_typeattr_600 hal_fingerprint_service (service_manager (find)))
 ;;* lme
 
 (allow hal_fingerprint_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_fingerprint_server (binder (call transfer)))
-(allow servicemanager hal_fingerprint_server (dir (search)))
-(allow servicemanager hal_fingerprint_server (file (read open)))
-(allow servicemanager hal_fingerprint_server (process (getattr)))
 (allow hal_fingerprint ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_605 fingerprint_vendor_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-(allow base_typeattr_605 fingerprint_vendor_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
+(allow base_typeattr_601 fingerprint_vendor_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
+(allow base_typeattr_601 fingerprint_vendor_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
 (allow hal_fingerprint cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow hal_fingerprint cgroup (file (ioctl read getattr lock map open watch watch_reads)))
 (allow hal_fingerprint cgroup (lnk_file (ioctl read getattr lock map open watch watch_reads)))
 (allow hal_fingerprint cgroup_v2 (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow hal_fingerprint cgroup_v2 (file (ioctl read getattr lock map open watch watch_reads)))
 (allow hal_fingerprint cgroup_v2 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_605 sysfs (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow base_typeattr_605 sysfs (file (ioctl read getattr lock map open watch watch_reads)))
-(allow base_typeattr_605 sysfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_601 sysfs (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow base_typeattr_601 sysfs (file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_601 sysfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
 (allow hal_gatekeeper_client hal_gatekeeper_server (binder (call transfer)))
 (allow hal_gatekeeper_server hal_gatekeeper_client (binder (transfer)))
 (allow hal_gatekeeper_client hal_gatekeeper_server (fd (use)))
@@ -18829,24 +18574,24 @@
 (allow hal_gatekeeper_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 3 system/sepolicy/private/hal_gatekeeper.te
 
-(neverallow base_typeattr_606 hal_gatekeeper_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_602 hal_gatekeeper_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 3 system/sepolicy/private/hal_gatekeeper.te
 
-(neverallow base_typeattr_607 hal_gatekeeper_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_603 hal_gatekeeper_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_gatekeeper_client hal_gatekeeper_service (service_manager (find)))
 (allow hal_gatekeeper_server hal_gatekeeper_service (service_manager (add find)))
 ;;* lmx 4 system/sepolicy/private/hal_gatekeeper.te
 
-(neverallow base_typeattr_606 hal_gatekeeper_service (service_manager (add)))
+(neverallow base_typeattr_602 hal_gatekeeper_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_gatekeeper.te
 
-(neverallow base_typeattr_608 hal_gatekeeper_service (service_manager (find)))
+(neverallow base_typeattr_604 hal_gatekeeper_service (service_manager (find)))
 ;;* lme
 
 (allow hal_gatekeeper_server servicemanager (binder (call transfer)))
@@ -18865,36 +18610,30 @@
 (allow hal_gnss_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_gnss.te
 
-(neverallow base_typeattr_609 hal_gnss_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_605 hal_gnss_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_gnss.te
 
-(neverallow base_typeattr_610 hal_gnss_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_606 hal_gnss_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_gnss_client hal_gnss_service (service_manager (find)))
 (allow hal_gnss_server hal_gnss_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_gnss.te
 
-(neverallow base_typeattr_609 hal_gnss_service (service_manager (add)))
+(neverallow base_typeattr_605 hal_gnss_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_gnss.te
 
-(neverallow base_typeattr_611 hal_gnss_service (service_manager (find)))
+(neverallow base_typeattr_607 hal_gnss_service (service_manager (find)))
 ;;* lme
 
 (allow hal_gnss_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_gnss_server (binder (call transfer)))
-(allow servicemanager hal_gnss_server (dir (search)))
-(allow servicemanager hal_gnss_server (file (read open)))
-(allow servicemanager hal_gnss_server (process (getattr)))
 (allow hal_gnss_client servicemanager (binder (call transfer)))
 (allow servicemanager hal_gnss_client (binder (call transfer)))
-(allow servicemanager hal_gnss_client (dir (search)))
-(allow servicemanager hal_gnss_client (file (read open)))
-(allow servicemanager hal_gnss_client (process (getattr)))
 (allow hal_graphics_allocator_client hal_graphics_allocator_server (binder (call transfer)))
 (allow hal_graphics_allocator_server hal_graphics_allocator_client (binder (transfer)))
 (allow hal_graphics_allocator_client hal_graphics_allocator_server (fd (use)))
@@ -18903,12 +18642,12 @@
 (allow hal_graphics_allocator_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 4 system/sepolicy/private/hal_graphics_allocator.te
 
-(neverallow base_typeattr_612 hal_graphics_allocator_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_608 hal_graphics_allocator_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_graphics_allocator.te
 
-(neverallow base_typeattr_613 hal_graphics_allocator_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_609 hal_graphics_allocator_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_graphics_allocator_client hal_graphics_mapper_hwservice (hwservice_manager (find)))
@@ -18925,12 +18664,12 @@
 (allow hal_graphics_allocator_server hal_graphics_allocator_service (service_manager (add find)))
 ;;* lmx 22 system/sepolicy/private/hal_graphics_allocator.te
 
-(neverallow base_typeattr_612 hal_graphics_allocator_service (service_manager (add)))
+(neverallow base_typeattr_608 hal_graphics_allocator_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 22 system/sepolicy/private/hal_graphics_allocator.te
 
-(neverallow base_typeattr_614 hal_graphics_allocator_service (service_manager (find)))
+(neverallow base_typeattr_610 hal_graphics_allocator_service (service_manager (find)))
 ;;* lme
 
 (allow hal_graphics_allocator_server servicemanager (binder (call transfer)))
@@ -18952,12 +18691,12 @@
 (allow hal_graphics_composer_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 7 system/sepolicy/private/hal_graphics_composer.te
 
-(neverallow base_typeattr_615 hal_graphics_composer_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_611 hal_graphics_composer_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/hal_graphics_composer.te
 
-(neverallow base_typeattr_616 hal_graphics_composer_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_612 hal_graphics_composer_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_graphics_composer_server hal_graphics_mapper_hwservice (hwservice_manager (find)))
@@ -18984,12 +18723,12 @@
 (allow hal_graphics_composer_server hal_graphics_composer_service (service_manager (add find)))
 ;;* lmx 38 system/sepolicy/private/hal_graphics_composer.te
 
-(neverallow base_typeattr_615 hal_graphics_composer_service (service_manager (add)))
+(neverallow base_typeattr_611 hal_graphics_composer_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 38 system/sepolicy/private/hal_graphics_composer.te
 
-(neverallow base_typeattr_617 hal_graphics_composer_service (service_manager (find)))
+(neverallow base_typeattr_613 hal_graphics_composer_service (service_manager (find)))
 ;;* lme
 
 (allow hal_health_client hal_health_server (binder (call transfer)))
@@ -19003,24 +18742,24 @@
 (allow hal_health_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_health.te
 
-(neverallow base_typeattr_618 hal_health_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_614 hal_health_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_health.te
 
-(neverallow base_typeattr_619 hal_health_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_615 hal_health_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_health_client hal_health_service (service_manager (find)))
 (allow hal_health_server hal_health_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_health.te
 
-(neverallow base_typeattr_618 hal_health_service (service_manager (add)))
+(neverallow base_typeattr_614 hal_health_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_health.te
 
-(neverallow base_typeattr_620 hal_health_service (service_manager (find)))
+(neverallow base_typeattr_616 hal_health_service (service_manager (find)))
 ;;* lme
 
 (allow hal_health_server self (netlink_kobject_uevent_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
@@ -19037,17 +18776,11 @@
 (allow hal_health_server system_suspend_hwservice (hwservice_manager (find)))
 (allow hal_health_server hwservicemanager (binder (call transfer)))
 (allow hwservicemanager hal_health_server (binder (call transfer)))
-(allow hwservicemanager hal_health_server (dir (search)))
-(allow hwservicemanager hal_health_server (file (read map open)))
-(allow hwservicemanager hal_health_server (process (getattr)))
 (allow hal_health_server hwservicemanager_prop (file (read getattr map open)))
 (allow hal_health_server hidl_manager_hwservice (hwservice_manager (find)))
 (allow hal_health_server hal_system_suspend_service (service_manager (find)))
 (allow hal_health_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_health_server (binder (call transfer)))
-(allow servicemanager hal_health_server (dir (search)))
-(allow servicemanager hal_health_server (file (read open)))
-(allow servicemanager hal_health_server (process (getattr)))
 (allow hal_health_server kmsg_device (chr_file (write getattr lock append map open)))
 (allow hal_health_server self (capability2 (wake_alarm)))
 (allow hal_health_server fs_bpf_vendor (dir (search)))
@@ -19061,32 +18794,29 @@
 (allow hal_health_storage_server hal_health_storage_client (fd (use)))
 (allow hal_health_storage_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_health_storage_server (binder (call transfer)))
-(allow servicemanager hal_health_storage_server (dir (search)))
-(allow servicemanager hal_health_storage_server (file (read open)))
-(allow servicemanager hal_health_storage_server (process (getattr)))
 (allow hal_health_storage_client hal_health_storage_hwservice (hwservice_manager (find)))
 (allow hal_health_storage_server hal_health_storage_hwservice (hwservice_manager (add find)))
 (allow hal_health_storage_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 7 system/sepolicy/private/hal_health_storage.te
 
-(neverallow base_typeattr_621 hal_health_storage_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_617 hal_health_storage_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/hal_health_storage.te
 
-(neverallow base_typeattr_622 hal_health_storage_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_618 hal_health_storage_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_health_storage_client hal_health_storage_service (service_manager (find)))
 (allow hal_health_storage_server hal_health_storage_service (service_manager (add find)))
 ;;* lmx 8 system/sepolicy/private/hal_health_storage.te
 
-(neverallow base_typeattr_621 hal_health_storage_service (service_manager (add)))
+(neverallow base_typeattr_617 hal_health_storage_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 8 system/sepolicy/private/hal_health_storage.te
 
-(neverallow base_typeattr_623 hal_health_storage_service (service_manager (find)))
+(neverallow base_typeattr_619 hal_health_storage_service (service_manager (find)))
 ;;* lme
 
 (allow hal_health_storage_server gsi_metadata_file_type (dir (search)))
@@ -19101,12 +18831,12 @@
 (allow hal_identity_server hal_identity_service (service_manager (add find)))
 ;;* lmx 4 system/sepolicy/private/hal_identity.te
 
-(neverallow base_typeattr_624 hal_identity_service (service_manager (add)))
+(neverallow base_typeattr_620 hal_identity_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_identity.te
 
-(neverallow base_typeattr_625 hal_identity_service (service_manager (find)))
+(neverallow base_typeattr_621 hal_identity_service (service_manager (find)))
 ;;* lme
 
 (allow hal_identity_server servicemanager (binder (call transfer)))
@@ -19120,12 +18850,12 @@
 (allow hal_input_classifier_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 4 system/sepolicy/private/hal_input_classifier.te
 
-(neverallow base_typeattr_626 hal_input_classifier_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_622 hal_input_classifier_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_input_classifier.te
 
-(neverallow base_typeattr_627 hal_input_classifier_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_623 hal_input_classifier_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_input_processor_client hal_input_processor_server (binder (call transfer)))
@@ -19138,12 +18868,12 @@
 (allow hal_input_processor_server hal_input_processor_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_input_processor.te
 
-(neverallow base_typeattr_628 hal_input_processor_service (service_manager (add)))
+(neverallow base_typeattr_624 hal_input_processor_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_input_processor.te
 
-(neverallow base_typeattr_629 hal_input_processor_service (service_manager (find)))
+(neverallow base_typeattr_625 hal_input_processor_service (service_manager (find)))
 ;;* lme
 
 (allow hal_input_processor_server dumpstate (fifo_file (write)))
@@ -19157,12 +18887,12 @@
 (allow hal_ir_server hal_ir_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_ir.te
 
-(neverallow base_typeattr_630 hal_ir_service (service_manager (add)))
+(neverallow base_typeattr_626 hal_ir_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_ir.te
 
-(neverallow base_typeattr_631 hal_ir_service (service_manager (find)))
+(neverallow base_typeattr_627 hal_ir_service (service_manager (find)))
 ;;* lme
 
 (allow hal_ir_server servicemanager (binder (call transfer)))
@@ -19173,12 +18903,12 @@
 (allow hal_ir_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 8 system/sepolicy/private/hal_ir.te
 
-(neverallow base_typeattr_630 hal_ir_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_626 hal_ir_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 8 system/sepolicy/private/hal_ir.te
 
-(neverallow base_typeattr_632 hal_ir_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_628 hal_ir_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_ivn_client hal_ivn_server (binder (call transfer)))
@@ -19188,12 +18918,12 @@
 (allow hal_ivn_server hal_ivn_service (service_manager (add find)))
 ;;* lmx 4 system/sepolicy/private/hal_ivn.te
 
-(neverallow base_typeattr_633 hal_ivn_service (service_manager (add)))
+(neverallow base_typeattr_629 hal_ivn_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_ivn.te
 
-(neverallow base_typeattr_634 hal_ivn_service (service_manager (find)))
+(neverallow base_typeattr_630 hal_ivn_service (service_manager (find)))
 ;;* lme
 
 (allow hal_keymaster_client hal_keymaster_server (binder (call transfer)))
@@ -19204,12 +18934,12 @@
 (allow hal_keymaster_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 4 system/sepolicy/private/hal_keymaster.te
 
-(neverallow base_typeattr_635 hal_keymaster_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_631 hal_keymaster_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_keymaster.te
 
-(neverallow base_typeattr_636 hal_keymaster_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_632 hal_keymaster_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_keymaster tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
@@ -19221,31 +18951,31 @@
 (allow hal_keymint_server hal_keymint_service (service_manager (add find)))
 ;;* lmx 3 system/sepolicy/private/hal_keymint.te
 
-(neverallow base_typeattr_637 hal_keymint_service (service_manager (add)))
+(neverallow base_typeattr_633 hal_keymint_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 3 system/sepolicy/private/hal_keymint.te
 
-(neverallow base_typeattr_638 hal_keymint_service (service_manager (find)))
+(neverallow base_typeattr_634 hal_keymint_service (service_manager (find)))
 ;;* lme
 
 (allow hal_keymint_client hal_remotelyprovisionedcomponent_service (service_manager (find)))
 (allow hal_keymint_server hal_remotelyprovisionedcomponent_service (service_manager (add find)))
 ;;* lmx 4 system/sepolicy/private/hal_keymint.te
 
-(neverallow base_typeattr_637 hal_remotelyprovisionedcomponent_service (service_manager (add)))
+(neverallow base_typeattr_633 hal_remotelyprovisionedcomponent_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_keymint.te
 
-(neverallow base_typeattr_638 hal_remotelyprovisionedcomponent_service (service_manager (find)))
+(neverallow base_typeattr_634 hal_remotelyprovisionedcomponent_service (service_manager (find)))
 ;;* lme
 
 (allow hal_keymint_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_keymint_server (binder (transfer)))
 (allow hal_keymint_server servicemanager (fd (use)))
-(allow base_typeattr_639 tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
-(allow base_typeattr_639 ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
+(allow base_typeattr_635 tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
+(allow base_typeattr_635 ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
 (allow init hal_keymint_system_exec (file (read getattr map execute open)))
 (allow init hal_keymint_system (process (transition)))
 (allow hal_keymint_system hal_keymint_system_exec (file (read getattr map execute open entrypoint)))
@@ -19264,24 +18994,24 @@
 (allow hal_light_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_light.te
 
-(neverallow base_typeattr_640 hal_light_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_636 hal_light_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_light.te
 
-(neverallow base_typeattr_641 hal_light_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_637 hal_light_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_light_client hal_light_service (service_manager (find)))
 (allow hal_light_server hal_light_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_light.te
 
-(neverallow base_typeattr_640 hal_light_service (service_manager (add)))
+(neverallow base_typeattr_636 hal_light_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_light.te
 
-(neverallow base_typeattr_642 hal_light_service (service_manager (find)))
+(neverallow base_typeattr_638 hal_light_service (service_manager (find)))
 ;;* lme
 
 (allow hal_light_server servicemanager (binder (call transfer)))
@@ -19289,9 +19019,6 @@
 (allow hal_light_server servicemanager (fd (use)))
 (allow hal_light_client servicemanager (binder (call transfer)))
 (allow servicemanager hal_light_client (binder (call transfer)))
-(allow servicemanager hal_light_client (dir (search)))
-(allow servicemanager hal_light_client (file (read open)))
-(allow servicemanager hal_light_client (process (getattr)))
 (allow hal_light_server dumpstate (fifo_file (write)))
 (allow hal_light sysfs_leds (lnk_file (read)))
 (allow hal_light sysfs_leds (file (ioctl read write getattr lock append map open watch watch_reads)))
@@ -19307,12 +19034,12 @@
 (allow hal_lowpan_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 7 system/sepolicy/private/hal_lowpan.te
 
-(neverallow base_typeattr_643 hal_lowpan_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_639 hal_lowpan_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/hal_lowpan.te
 
-(neverallow base_typeattr_644 hal_lowpan_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_640 hal_lowpan_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_lowpan_server property_socket (sock_file (write)))
@@ -19322,7 +19049,7 @@
 (allow hal_lowpan_server lowpan_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
 ;;* lmx 20 system/sepolicy/private/hal_lowpan.te
 
-(neverallow base_typeattr_645 lowpan_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_641 lowpan_device (chr_file (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 (allow hal_macsec_client hal_macsec_server (binder (call transfer)))
@@ -19335,19 +19062,16 @@
 (allow hal_macsec_server hal_macsec_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_macsec.te
 
-(neverallow base_typeattr_646 hal_macsec_service (service_manager (add)))
+(neverallow base_typeattr_642 hal_macsec_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_macsec.te
 
-(neverallow base_typeattr_647 hal_macsec_service (service_manager (find)))
+(neverallow base_typeattr_643 hal_macsec_service (service_manager (find)))
 ;;* lme
 
 (allow hal_macsec_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_macsec_server (binder (call transfer)))
-(allow servicemanager hal_macsec_server (dir (search)))
-(allow servicemanager hal_macsec_server (file (read open)))
-(allow servicemanager hal_macsec_server (process (getattr)))
 (allow hal_mediaquality_client hal_mediaquality_server (binder (call transfer)))
 (allow hal_mediaquality_server hal_mediaquality_client (binder (transfer)))
 (allow hal_mediaquality_client hal_mediaquality_server (fd (use)))
@@ -19358,12 +19082,12 @@
 (allow hal_mediaquality_server hal_mediaquality_service (service_manager (add find)))
 ;;* lmx 1 system/sepolicy/private/hal_mediaquality.te
 
-(neverallow base_typeattr_648 hal_mediaquality_service (service_manager (add)))
+(neverallow base_typeattr_644 hal_mediaquality_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 1 system/sepolicy/private/hal_mediaquality.te
 
-(neverallow base_typeattr_649 hal_mediaquality_service (service_manager (find)))
+(neverallow base_typeattr_645 hal_mediaquality_service (service_manager (find)))
 ;;* lme
 
 (allow hal_mediaquality_server servicemanager (binder (call transfer)))
@@ -19380,24 +19104,24 @@
 (allow hal_memtrack_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 4 system/sepolicy/private/hal_memtrack.te
 
-(neverallow base_typeattr_650 hal_memtrack_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_646 hal_memtrack_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_memtrack.te
 
-(neverallow base_typeattr_651 hal_memtrack_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_647 hal_memtrack_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_memtrack_client hal_memtrack_service (service_manager (find)))
 (allow hal_memtrack_server hal_memtrack_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_memtrack.te
 
-(neverallow base_typeattr_650 hal_memtrack_service (service_manager (add)))
+(neverallow base_typeattr_646 hal_memtrack_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_memtrack.te
 
-(neverallow base_typeattr_652 hal_memtrack_service (service_manager (find)))
+(neverallow base_typeattr_648 hal_memtrack_service (service_manager (find)))
 ;;* lme
 
 (allow hal_memtrack_server servicemanager (binder (call transfer)))
@@ -19414,12 +19138,12 @@
 (allow hal_neuralnetworks_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_neuralnetworks.te
 
-(neverallow base_typeattr_653 hal_neuralnetworks_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_649 hal_neuralnetworks_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_neuralnetworks.te
 
-(neverallow base_typeattr_654 hal_neuralnetworks_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_650 hal_neuralnetworks_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_neuralnetworks hidl_memory_hwservice (hwservice_manager (find)))
@@ -19445,12 +19169,12 @@
 (allow hal_neuralnetworks_server hal_neuralnetworks_service (service_manager (add find)))
 ;;* lmx 42 system/sepolicy/private/hal_neuralnetworks.te
 
-(neverallow base_typeattr_653 hal_neuralnetworks_service (service_manager (add)))
+(neverallow base_typeattr_649 hal_neuralnetworks_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 42 system/sepolicy/private/hal_neuralnetworks.te
 
-(neverallow base_typeattr_655 hal_neuralnetworks_service (service_manager (find)))
+(neverallow base_typeattr_651 hal_neuralnetworks_service (service_manager (find)))
 ;;* lme
 
 (allow hal_neuralnetworks_server servicemanager (binder (call transfer)))
@@ -19458,25 +19182,22 @@
 (allow hal_neuralnetworks_server servicemanager (fd (use)))
 (allow hal_neuralnetworks_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_neuralnetworks_server (binder (call transfer)))
-(allow servicemanager hal_neuralnetworks_server (dir (search)))
-(allow servicemanager hal_neuralnetworks_server (file (read open)))
-(allow servicemanager hal_neuralnetworks_server (process (getattr)))
 (allow hal_neuralnetworks_server dumpstate (fifo_file (write)))
 ;;* lmx 17 system/sepolicy/private/hal_neverallows.te
 
-(neverallow base_typeattr_656 self (capability (net_admin net_raw)))
-(neverallow base_typeattr_656 self (cap_userns (net_admin net_raw)))
+(neverallow base_typeattr_652 self (capability (net_admin net_raw)))
+(neverallow base_typeattr_652 self (cap_userns (net_admin net_raw)))
 ;;* lme
 
 ;;* lmx 40 system/sepolicy/private/hal_neverallows.te
 
-(neverallow base_typeattr_657 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
-(neverallow base_typeattr_657 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow base_typeattr_653 domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
+(neverallow base_typeattr_653 domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
 ;;* lme
 
 ;;* lmx 57 system/sepolicy/private/hal_neverallows.te
 
-(neverallow base_typeattr_658 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
+(neverallow base_typeattr_654 domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
 ;;* lme
 
 ;;* lmx 61 system/sepolicy/private/hal_neverallows.te
@@ -19514,7 +19235,7 @@
 
 ;;* lmx 98 system/sepolicy/private/hal_neverallows.te
 
-(neverallow base_typeattr_659 base_typeattr_660 (file (execute_no_trans)))
+(neverallow base_typeattr_655 base_typeattr_656 (file (execute_no_trans)))
 ;;* lme
 
 ;;* lmx 100 system/sepolicy/private/hal_neverallows.te
@@ -19541,24 +19262,24 @@
 (allow hal_nfc_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 6 system/sepolicy/private/hal_nfc.te
 
-(neverallow base_typeattr_661 hal_nfc_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_657 hal_nfc_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_nfc.te
 
-(neverallow base_typeattr_662 hal_nfc_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_658 hal_nfc_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_nfc_client hal_nfc_service (service_manager (find)))
 (allow hal_nfc_server hal_nfc_service (service_manager (add find)))
 ;;* lmx 7 system/sepolicy/private/hal_nfc.te
 
-(neverallow base_typeattr_661 hal_nfc_service (service_manager (add)))
+(neverallow base_typeattr_657 hal_nfc_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/hal_nfc.te
 
-(neverallow base_typeattr_663 hal_nfc_service (service_manager (find)))
+(neverallow base_typeattr_659 hal_nfc_service (service_manager (find)))
 ;;* lme
 
 (allow hal_nfc property_socket (sock_file (write)))
@@ -19573,12 +19294,12 @@
 (allow hal_nlinterceptor_server hal_nlinterceptor_service (service_manager (add find)))
 ;;* lmx 3 system/sepolicy/private/hal_nlinterceptor.te
 
-(neverallow base_typeattr_664 hal_nlinterceptor_service (service_manager (add)))
+(neverallow base_typeattr_660 hal_nlinterceptor_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 3 system/sepolicy/private/hal_nlinterceptor.te
 
-(neverallow base_typeattr_665 hal_nlinterceptor_service (service_manager (find)))
+(neverallow base_typeattr_661 hal_nlinterceptor_service (service_manager (find)))
 ;;* lme
 
 (allow hal_nlinterceptor servicemanager (binder (call transfer)))
@@ -19596,24 +19317,24 @@
 (allow hal_oemlock_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 4 system/sepolicy/private/hal_oemlock.te
 
-(neverallow base_typeattr_666 hal_oemlock_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_662 hal_oemlock_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_oemlock.te
 
-(neverallow base_typeattr_667 hal_oemlock_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_663 hal_oemlock_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_oemlock_client hal_oemlock_service (service_manager (find)))
 (allow hal_oemlock_server hal_oemlock_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_oemlock.te
 
-(neverallow base_typeattr_666 hal_oemlock_service (service_manager (add)))
+(neverallow base_typeattr_662 hal_oemlock_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_oemlock.te
 
-(neverallow base_typeattr_668 hal_oemlock_service (service_manager (find)))
+(neverallow base_typeattr_664 hal_oemlock_service (service_manager (find)))
 ;;* lme
 
 (allow hal_oemlock_server servicemanager (binder (call transfer)))
@@ -19622,9 +19343,9 @@
 (allow hal_omx_server binderservicedomain (binder (call transfer)))
 (allow binderservicedomain hal_omx_server (binder (transfer)))
 (allow hal_omx_server binderservicedomain (fd (use)))
-(allow hal_omx_server base_typeattr_564 (binder (call transfer)))
-(allow base_typeattr_564 hal_omx_server (binder (transfer)))
-(allow hal_omx_server base_typeattr_564 (fd (use)))
+(allow hal_omx_server base_typeattr_560 (binder (call transfer)))
+(allow base_typeattr_560 hal_omx_server (binder (transfer)))
+(allow hal_omx_server base_typeattr_560 (fd (use)))
 (allow hal_omx_server hal_graphics_composer (fd (use)))
 (allow hal_omx_server ion_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
 (allow hal_omx_server hal_camera (fd (use)))
@@ -19644,12 +19365,12 @@
 (allow hal_omx_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 21 system/sepolicy/private/hal_omx.te
 
-(neverallow base_typeattr_669 hal_omx_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_665 hal_omx_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 21 system/sepolicy/private/hal_omx.te
 
-(neverallow base_typeattr_670 hal_omx_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_666 hal_omx_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_omx_client hidl_token_hwservice (hwservice_manager (find)))
@@ -19689,24 +19410,24 @@
 (allow hal_power_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_power.te
 
-(neverallow base_typeattr_671 hal_power_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_667 hal_power_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_power.te
 
-(neverallow base_typeattr_672 hal_power_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_668 hal_power_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_power_client hal_power_service (service_manager (find)))
 (allow hal_power_server hal_power_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_power.te
 
-(neverallow base_typeattr_671 hal_power_service (service_manager (add)))
+(neverallow base_typeattr_667 hal_power_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_power.te
 
-(neverallow base_typeattr_673 hal_power_service (service_manager (find)))
+(neverallow base_typeattr_669 hal_power_service (service_manager (find)))
 ;;* lme
 
 (allow hal_power_server servicemanager (binder (call transfer)))
@@ -19730,24 +19451,24 @@
 (allow hal_power_stats_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_power_stats.te
 
-(neverallow base_typeattr_674 hal_power_stats_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_670 hal_power_stats_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_power_stats.te
 
-(neverallow base_typeattr_675 hal_power_stats_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_671 hal_power_stats_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_power_stats_client hal_power_stats_service (service_manager (find)))
 (allow hal_power_stats_server hal_power_stats_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_power_stats.te
 
-(neverallow base_typeattr_674 hal_power_stats_service (service_manager (add)))
+(neverallow base_typeattr_670 hal_power_stats_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_power_stats.te
 
-(neverallow base_typeattr_676 hal_power_stats_service (service_manager (find)))
+(neverallow base_typeattr_672 hal_power_stats_service (service_manager (find)))
 ;;* lme
 
 (allow hal_power_stats_server servicemanager (binder (call transfer)))
@@ -19763,19 +19484,16 @@
 (allow hal_rebootescrow_server hal_rebootescrow_service (service_manager (add find)))
 ;;* lmx 4 system/sepolicy/private/hal_rebootescrow.te
 
-(neverallow base_typeattr_677 hal_rebootescrow_service (service_manager (add)))
+(neverallow base_typeattr_673 hal_rebootescrow_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_rebootescrow.te
 
-(neverallow base_typeattr_678 hal_rebootescrow_service (service_manager (find)))
+(neverallow base_typeattr_674 hal_rebootescrow_service (service_manager (find)))
 ;;* lme
 
 (allow hal_rebootescrow_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_rebootescrow_server (binder (call transfer)))
-(allow servicemanager hal_rebootescrow_server (dir (search)))
-(allow servicemanager hal_rebootescrow_server (file (read open)))
-(allow servicemanager hal_rebootescrow_server (process (getattr)))
 (allow hal_remoteaccess_client hal_remoteaccess_server (binder (call transfer)))
 (allow hal_remoteaccess_server hal_remoteaccess_client (binder (transfer)))
 (allow hal_remoteaccess_client hal_remoteaccess_server (fd (use)))
@@ -19786,12 +19504,12 @@
 (allow hal_remoteaccess_server hal_remoteaccess_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_remoteaccess.te
 
-(neverallow base_typeattr_679 hal_remoteaccess_service (service_manager (add)))
+(neverallow base_typeattr_675 hal_remoteaccess_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_remoteaccess.te
 
-(neverallow base_typeattr_680 hal_remoteaccess_service (service_manager (find)))
+(neverallow base_typeattr_676 hal_remoteaccess_service (service_manager (find)))
 ;;* lme
 
 (allow hal_remotelyprovisionedcomponent_avf_client hal_remotelyprovisionedcomponent_avf_server (binder (call transfer)))
@@ -19801,19 +19519,16 @@
 (allow hal_remotelyprovisionedcomponent_avf_server hal_remotelyprovisionedcomponent_avf_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_remotelyprovisionedcomponent_avf.te
 
-(neverallow base_typeattr_681 hal_remotelyprovisionedcomponent_avf_service (service_manager (add)))
+(neverallow base_typeattr_677 hal_remotelyprovisionedcomponent_avf_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_remotelyprovisionedcomponent_avf.te
 
-(neverallow base_typeattr_682 hal_remotelyprovisionedcomponent_avf_service (service_manager (find)))
+(neverallow base_typeattr_678 hal_remotelyprovisionedcomponent_avf_service (service_manager (find)))
 ;;* lme
 
 (allow hal_remotelyprovisionedcomponent_avf_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_remotelyprovisionedcomponent_avf_server (binder (call transfer)))
-(allow servicemanager hal_remotelyprovisionedcomponent_avf_server (dir (search)))
-(allow servicemanager hal_remotelyprovisionedcomponent_avf_server (file (read open)))
-(allow servicemanager hal_remotelyprovisionedcomponent_avf_server (process (getattr)))
 (allow hal_secretkeeper_client hal_secretkeeper_server (binder (call transfer)))
 (allow hal_secretkeeper_server hal_secretkeeper_client (binder (transfer)))
 (allow hal_secretkeeper_client hal_secretkeeper_server (fd (use)))
@@ -19821,24 +19536,18 @@
 (allow hal_secretkeeper_server hal_secretkeeper_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_secretkeeper.te
 
-(neverallow base_typeattr_683 hal_secretkeeper_service (service_manager (add)))
+(neverallow base_typeattr_679 hal_secretkeeper_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_secretkeeper.te
 
-(neverallow base_typeattr_684 hal_secretkeeper_service (service_manager (find)))
+(neverallow base_typeattr_680 hal_secretkeeper_service (service_manager (find)))
 ;;* lme
 
 (allow hal_secretkeeper_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_secretkeeper_server (binder (call transfer)))
-(allow servicemanager hal_secretkeeper_server (dir (search)))
-(allow servicemanager hal_secretkeeper_server (file (read open)))
-(allow servicemanager hal_secretkeeper_server (process (getattr)))
 (allow hal_secretkeeper_client servicemanager (binder (call transfer)))
 (allow servicemanager hal_secretkeeper_client (binder (call transfer)))
-(allow servicemanager hal_secretkeeper_client (dir (search)))
-(allow servicemanager hal_secretkeeper_client (file (read open)))
-(allow servicemanager hal_secretkeeper_client (process (getattr)))
 (allow hal_secretkeeper_server tee_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
 (allow hal_secure_element_client hal_secure_element_server (binder (call transfer)))
 (allow hal_secure_element_server hal_secure_element_client (binder (transfer)))
@@ -19851,31 +19560,28 @@
 (allow hal_secure_element_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_secure_element.te
 
-(neverallow base_typeattr_685 hal_secure_element_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_681 hal_secure_element_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_secure_element.te
 
-(neverallow base_typeattr_686 hal_secure_element_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_682 hal_secure_element_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_secure_element_client hal_secure_element_service (service_manager (find)))
 (allow hal_secure_element_server hal_secure_element_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_secure_element.te
 
-(neverallow base_typeattr_685 hal_secure_element_service (service_manager (add)))
+(neverallow base_typeattr_681 hal_secure_element_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_secure_element.te
 
-(neverallow base_typeattr_687 hal_secure_element_service (service_manager (find)))
+(neverallow base_typeattr_683 hal_secure_element_service (service_manager (find)))
 ;;* lme
 
 (allow hal_secure_element_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_secure_element_server (binder (call transfer)))
-(allow servicemanager hal_secure_element_server (dir (search)))
-(allow servicemanager hal_secure_element_server (file (read open)))
-(allow servicemanager hal_secure_element_server (process (getattr)))
 (allow hal_secure_element_client hal_secure_element_service (service_manager (find)))
 (allow hal_sensors_client hal_sensors_server (binder (call transfer)))
 (allow hal_sensors_server hal_sensors_client (binder (transfer)))
@@ -19885,22 +19591,22 @@
 (allow hal_sensors_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 4 system/sepolicy/private/hal_sensors.te
 
-(neverallow base_typeattr_688 hal_sensors_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_684 hal_sensors_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_sensors.te
 
-(neverallow base_typeattr_689 hal_sensors_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_685 hal_sensors_hwservice (hwservice_manager (find)))
 ;;* lme
 
-(allow hal_sensors base_typeattr_564 (fd (use)))
+(allow hal_sensors base_typeattr_560 (fd (use)))
 (allow hal_sensors hal_allocator (fd (use)))
 (allow hal_sensors self (capability (sys_nice)))
 (allow hal_sensors self (cap_userns (sys_nice)))
 (allow hal_sensors_server hal_sensors_service (service_manager (add find)))
 ;;* lmx 16 system/sepolicy/private/hal_sensors.te
 
-(neverallow base_typeattr_688 hal_sensors_service (service_manager (add)))
+(neverallow base_typeattr_684 hal_sensors_service (service_manager (add)))
 ;;* lme
 
 (allow hal_sensors_server servicemanager (binder (call transfer)))
@@ -19918,24 +19624,24 @@
 (allow hal_telephony_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_telephony.te
 
-(neverallow base_typeattr_690 hal_telephony_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_686 hal_telephony_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_telephony.te
 
-(neverallow base_typeattr_691 hal_telephony_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_687 hal_telephony_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_telephony_client hal_radio_service (service_manager (find)))
 (allow hal_telephony_server hal_radio_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_telephony.te
 
-(neverallow base_typeattr_690 hal_radio_service (service_manager (add)))
+(neverallow base_typeattr_686 hal_radio_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_telephony.te
 
-(neverallow base_typeattr_692 hal_radio_service (service_manager (find)))
+(neverallow base_typeattr_688 hal_radio_service (service_manager (find)))
 ;;* lme
 
 (allowx hal_telephony_server self (ioctl udp_socket (0x6900 0x6902)))
@@ -19983,17 +19689,11 @@
 (allow hal_telephony_server system_suspend_hwservice (hwservice_manager (find)))
 (allow hal_telephony_server hwservicemanager (binder (call transfer)))
 (allow hwservicemanager hal_telephony_server (binder (call transfer)))
-(allow hwservicemanager hal_telephony_server (dir (search)))
-(allow hwservicemanager hal_telephony_server (file (read map open)))
-(allow hwservicemanager hal_telephony_server (process (getattr)))
 (allow hal_telephony_server hwservicemanager_prop (file (read getattr map open)))
 (allow hal_telephony_server hidl_manager_hwservice (hwservice_manager (find)))
 (allow hal_telephony_server hal_system_suspend_service (service_manager (find)))
 (allow hal_telephony_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_telephony_server (binder (call transfer)))
-(allow servicemanager hal_telephony_server (dir (search)))
-(allow servicemanager hal_telephony_server (file (read open)))
-(allow servicemanager hal_telephony_server (process (getattr)))
 (allow hal_telephony_server proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow hal_telephony_server proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
 (allow hal_telephony_server proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
@@ -20015,31 +19715,28 @@
 (allow hal_tetheroffload_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_tetheroffload.te
 
-(neverallow base_typeattr_693 hal_tetheroffload_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_689 hal_tetheroffload_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_tetheroffload.te
 
-(neverallow base_typeattr_694 hal_tetheroffload_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_690 hal_tetheroffload_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_tetheroffload_client hal_tetheroffload_service (service_manager (find)))
 (allow hal_tetheroffload_server hal_tetheroffload_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_tetheroffload.te
 
-(neverallow base_typeattr_693 hal_tetheroffload_service (service_manager (add)))
+(neverallow base_typeattr_689 hal_tetheroffload_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_tetheroffload.te
 
-(neverallow base_typeattr_695 hal_tetheroffload_service (service_manager (find)))
+(neverallow base_typeattr_691 hal_tetheroffload_service (service_manager (find)))
 ;;* lme
 
 (allow hal_tetheroffload_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_tetheroffload_server (binder (call transfer)))
-(allow servicemanager hal_tetheroffload_server (dir (search)))
-(allow servicemanager hal_tetheroffload_server (file (read open)))
-(allow servicemanager hal_tetheroffload_server (process (getattr)))
 (allow hal_tetheroffload_server hal_tetheroffload_client (netlink_netfilter_socket (read write getattr setopt)))
 (allow hal_thermal_client hal_thermal_server (binder (call transfer)))
 (allow hal_thermal_server hal_thermal_client (binder (transfer)))
@@ -20052,30 +19749,30 @@
 (allow hal_thermal_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_thermal.te
 
-(neverallow base_typeattr_696 hal_thermal_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_692 hal_thermal_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_thermal.te
 
-(neverallow base_typeattr_697 hal_thermal_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_693 hal_thermal_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_thermal_client hal_thermal_service (service_manager (find)))
 (allow hal_thermal_server hal_thermal_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_thermal.te
 
-(neverallow base_typeattr_696 hal_thermal_service (service_manager (add)))
+(neverallow base_typeattr_692 hal_thermal_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_thermal.te
 
-(neverallow base_typeattr_698 hal_thermal_service (service_manager (find)))
+(neverallow base_typeattr_694 hal_thermal_service (service_manager (find)))
 ;;* lme
 
 (allow hal_thermal_server hal_thermal_service (service_manager (add find)))
 ;;* lmx 8 system/sepolicy/private/hal_thermal.te
 
-(neverallow base_typeattr_696 hal_thermal_service (service_manager (add)))
+(neverallow base_typeattr_692 hal_thermal_service (service_manager (add)))
 ;;* lme
 
 (allow hal_thermal_server servicemanager (binder (call transfer)))
@@ -20094,12 +19791,12 @@
 (allow hal_threadnetwork_server hal_threadnetwork_service (service_manager (add find)))
 ;;* lmx 4 system/sepolicy/private/hal_threadnetwork.te
 
-(neverallow base_typeattr_699 hal_threadnetwork_service (service_manager (add)))
+(neverallow base_typeattr_695 hal_threadnetwork_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_threadnetwork.te
 
-(neverallow base_typeattr_700 hal_threadnetwork_service (service_manager (find)))
+(neverallow base_typeattr_696 hal_threadnetwork_service (service_manager (find)))
 ;;* lme
 
 (allow hal_threadnetwork_server servicemanager (binder (call transfer)))
@@ -20119,12 +19816,12 @@
 (allow hal_tv_cec_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_tv_cec.te
 
-(neverallow base_typeattr_701 hal_tv_cec_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_697 hal_tv_cec_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_tv_cec.te
 
-(neverallow base_typeattr_702 hal_tv_cec_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_698 hal_tv_cec_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_tv_hdmi_cec_client hal_tv_hdmi_cec_server (binder (call transfer)))
@@ -20135,24 +19832,18 @@
 (allow hal_tv_hdmi_cec_server hal_tv_hdmi_cec_client (fd (use)))
 (allow hal_tv_hdmi_cec_client servicemanager (binder (call transfer)))
 (allow servicemanager hal_tv_hdmi_cec_client (binder (call transfer)))
-(allow servicemanager hal_tv_hdmi_cec_client (dir (search)))
-(allow servicemanager hal_tv_hdmi_cec_client (file (read open)))
-(allow servicemanager hal_tv_hdmi_cec_client (process (getattr)))
 (allow hal_tv_hdmi_cec_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_tv_hdmi_cec_server (binder (call transfer)))
-(allow servicemanager hal_tv_hdmi_cec_server (dir (search)))
-(allow servicemanager hal_tv_hdmi_cec_server (file (read open)))
-(allow servicemanager hal_tv_hdmi_cec_server (process (getattr)))
 (allow hal_tv_hdmi_cec_client hal_tv_hdmi_cec_service (service_manager (find)))
 (allow hal_tv_hdmi_cec_server hal_tv_hdmi_cec_service (service_manager (add find)))
 ;;* lmx 7 system/sepolicy/private/hal_tv_hdmi_cec.te
 
-(neverallow base_typeattr_703 hal_tv_hdmi_cec_service (service_manager (add)))
+(neverallow base_typeattr_699 hal_tv_hdmi_cec_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/hal_tv_hdmi_cec.te
 
-(neverallow base_typeattr_704 hal_tv_hdmi_cec_service (service_manager (find)))
+(neverallow base_typeattr_700 hal_tv_hdmi_cec_service (service_manager (find)))
 ;;* lme
 
 (allow hal_tv_hdmi_connection_client hal_tv_hdmi_connection_server (binder (call transfer)))
@@ -20163,24 +19854,18 @@
 (allow hal_tv_hdmi_connection_server hal_tv_hdmi_connection_client (fd (use)))
 (allow hal_tv_hdmi_connection_client servicemanager (binder (call transfer)))
 (allow servicemanager hal_tv_hdmi_connection_client (binder (call transfer)))
-(allow servicemanager hal_tv_hdmi_connection_client (dir (search)))
-(allow servicemanager hal_tv_hdmi_connection_client (file (read open)))
-(allow servicemanager hal_tv_hdmi_connection_client (process (getattr)))
 (allow hal_tv_hdmi_connection_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_tv_hdmi_connection_server (binder (call transfer)))
-(allow servicemanager hal_tv_hdmi_connection_server (dir (search)))
-(allow servicemanager hal_tv_hdmi_connection_server (file (read open)))
-(allow servicemanager hal_tv_hdmi_connection_server (process (getattr)))
 (allow hal_tv_hdmi_connection_client hal_tv_hdmi_connection_service (service_manager (find)))
 (allow hal_tv_hdmi_connection_server hal_tv_hdmi_connection_service (service_manager (add find)))
 ;;* lmx 7 system/sepolicy/private/hal_tv_hdmi_connection.te
 
-(neverallow base_typeattr_705 hal_tv_hdmi_connection_service (service_manager (add)))
+(neverallow base_typeattr_701 hal_tv_hdmi_connection_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/hal_tv_hdmi_connection.te
 
-(neverallow base_typeattr_706 hal_tv_hdmi_connection_service (service_manager (find)))
+(neverallow base_typeattr_702 hal_tv_hdmi_connection_service (service_manager (find)))
 ;;* lme
 
 (allow hal_tv_hdmi_earc_client hal_tv_hdmi_earc_server (binder (call transfer)))
@@ -20191,24 +19876,18 @@
 (allow hal_tv_hdmi_earc_server hal_tv_hdmi_earc_client (fd (use)))
 (allow hal_tv_hdmi_earc_client servicemanager (binder (call transfer)))
 (allow servicemanager hal_tv_hdmi_earc_client (binder (call transfer)))
-(allow servicemanager hal_tv_hdmi_earc_client (dir (search)))
-(allow servicemanager hal_tv_hdmi_earc_client (file (read open)))
-(allow servicemanager hal_tv_hdmi_earc_client (process (getattr)))
 (allow hal_tv_hdmi_earc_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_tv_hdmi_earc_server (binder (call transfer)))
-(allow servicemanager hal_tv_hdmi_earc_server (dir (search)))
-(allow servicemanager hal_tv_hdmi_earc_server (file (read open)))
-(allow servicemanager hal_tv_hdmi_earc_server (process (getattr)))
 (allow hal_tv_hdmi_earc_client hal_tv_hdmi_earc_service (service_manager (find)))
 (allow hal_tv_hdmi_earc_server hal_tv_hdmi_earc_service (service_manager (add find)))
 ;;* lmx 7 system/sepolicy/private/hal_tv_hdmi_earc.te
 
-(neverallow base_typeattr_707 hal_tv_hdmi_earc_service (service_manager (add)))
+(neverallow base_typeattr_703 hal_tv_hdmi_earc_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/hal_tv_hdmi_earc.te
 
-(neverallow base_typeattr_708 hal_tv_hdmi_earc_service (service_manager (find)))
+(neverallow base_typeattr_704 hal_tv_hdmi_earc_service (service_manager (find)))
 ;;* lme
 
 (allow hal_tv_input_client hal_tv_input_server (binder (call transfer)))
@@ -20222,24 +19901,24 @@
 (allow hal_tv_input_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_tv_input.te
 
-(neverallow base_typeattr_709 hal_tv_input_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_705 hal_tv_input_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_tv_input.te
 
-(neverallow base_typeattr_710 hal_tv_input_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_706 hal_tv_input_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_tv_input_client hal_tv_input_service (service_manager (find)))
 (allow hal_tv_input_server hal_tv_input_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_tv_input.te
 
-(neverallow base_typeattr_709 hal_tv_input_service (service_manager (add)))
+(neverallow base_typeattr_705 hal_tv_input_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_tv_input.te
 
-(neverallow base_typeattr_711 hal_tv_input_service (service_manager (find)))
+(neverallow base_typeattr_707 hal_tv_input_service (service_manager (find)))
 ;;* lme
 
 (allow hal_tv_input_server servicemanager (binder (call transfer)))
@@ -20259,24 +19938,24 @@
 (allow hal_tv_tuner_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 4 system/sepolicy/private/hal_tv_tuner.te
 
-(neverallow base_typeattr_712 hal_tv_tuner_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_708 hal_tv_tuner_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_tv_tuner.te
 
-(neverallow base_typeattr_713 hal_tv_tuner_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_709 hal_tv_tuner_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_tv_tuner_client hal_tv_tuner_service (service_manager (find)))
 (allow hal_tv_tuner_server hal_tv_tuner_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_tv_tuner.te
 
-(neverallow base_typeattr_712 hal_tv_tuner_service (service_manager (add)))
+(neverallow base_typeattr_708 hal_tv_tuner_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_tv_tuner.te
 
-(neverallow base_typeattr_714 hal_tv_tuner_service (service_manager (find)))
+(neverallow base_typeattr_710 hal_tv_tuner_service (service_manager (find)))
 ;;* lme
 
 (allow hal_tv_tuner_server servicemanager (binder (call transfer)))
@@ -20295,12 +19974,12 @@
 (allow hal_usb_server hal_usb_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_usb.te
 
-(neverallow base_typeattr_715 hal_usb_service (service_manager (add)))
+(neverallow base_typeattr_711 hal_usb_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_usb.te
 
-(neverallow base_typeattr_716 hal_usb_service (service_manager (find)))
+(neverallow base_typeattr_712 hal_usb_service (service_manager (find)))
 ;;* lme
 
 (allow hal_usb_server servicemanager (binder (call transfer)))
@@ -20311,12 +19990,12 @@
 (allow hal_usb_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 8 system/sepolicy/private/hal_usb.te
 
-(neverallow base_typeattr_715 hal_usb_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_711 hal_usb_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 8 system/sepolicy/private/hal_usb.te
 
-(neverallow base_typeattr_717 hal_usb_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_713 hal_usb_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_usb self (netlink_kobject_uevent_socket (create)))
@@ -20340,12 +20019,12 @@
 (allow hal_usb_gadget_server hal_usb_gadget_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_usb_gadget.te
 
-(neverallow base_typeattr_718 hal_usb_gadget_service (service_manager (add)))
+(neverallow base_typeattr_714 hal_usb_gadget_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_usb_gadget.te
 
-(neverallow base_typeattr_719 hal_usb_gadget_service (service_manager (find)))
+(neverallow base_typeattr_715 hal_usb_gadget_service (service_manager (find)))
 ;;* lme
 
 (allow hal_usb_gadget_server servicemanager (binder (call transfer)))
@@ -20356,12 +20035,12 @@
 (allow hal_usb_gadget_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 8 system/sepolicy/private/hal_usb_gadget.te
 
-(neverallow base_typeattr_718 hal_usb_gadget_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_714 hal_usb_gadget_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 8 system/sepolicy/private/hal_usb_gadget.te
 
-(neverallow base_typeattr_720 hal_usb_gadget_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_716 hal_usb_gadget_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_usb_gadget_server configfs (lnk_file (read create unlink)))
@@ -20381,12 +20060,12 @@
 (allow hal_uwb_server hal_uwb_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_uwb.te
 
-(neverallow base_typeattr_721 hal_uwb_service (service_manager (add)))
+(neverallow base_typeattr_717 hal_uwb_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_uwb.te
 
-(neverallow base_typeattr_722 hal_uwb_service (service_manager (find)))
+(neverallow base_typeattr_718 hal_uwb_service (service_manager (find)))
 ;;* lme
 
 (allow hal_uwb_server servicemanager (binder (call transfer)))
@@ -20406,24 +20085,24 @@
 (allow hal_vehicle_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 6 system/sepolicy/private/hal_vehicle.te
 
-(neverallow base_typeattr_723 hal_vehicle_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_719 hal_vehicle_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_vehicle.te
 
-(neverallow base_typeattr_724 hal_vehicle_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_720 hal_vehicle_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_vehicle_client hal_vehicle_service (service_manager (find)))
 (allow hal_vehicle_server hal_vehicle_service (service_manager (add find)))
 ;;* lmx 7 system/sepolicy/private/hal_vehicle.te
 
-(neverallow base_typeattr_723 hal_vehicle_service (service_manager (add)))
+(neverallow base_typeattr_719 hal_vehicle_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/hal_vehicle.te
 
-(neverallow base_typeattr_725 hal_vehicle_service (service_manager (find)))
+(neverallow base_typeattr_721 hal_vehicle_service (service_manager (find)))
 ;;* lme
 
 (allow hal_vibrator_client hal_vibrator_server (binder (call transfer)))
@@ -20437,24 +20116,24 @@
 (allow hal_vibrator_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_vibrator.te
 
-(neverallow base_typeattr_726 hal_vibrator_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_722 hal_vibrator_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_vibrator.te
 
-(neverallow base_typeattr_727 hal_vibrator_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_723 hal_vibrator_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_vibrator_client hal_vibrator_service (service_manager (find)))
 (allow hal_vibrator_server hal_vibrator_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_vibrator.te
 
-(neverallow base_typeattr_726 hal_vibrator_service (service_manager (add)))
+(neverallow base_typeattr_722 hal_vibrator_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_vibrator.te
 
-(neverallow base_typeattr_728 hal_vibrator_service (service_manager (find)))
+(neverallow base_typeattr_724 hal_vibrator_service (service_manager (find)))
 ;;* lme
 
 (allow hal_vibrator_server servicemanager (binder (call transfer)))
@@ -20471,24 +20150,18 @@
 (allow hal_vm_capabilities_server hal_vm_capabilities_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_vm_capabilities.te
 
-(neverallow base_typeattr_729 hal_vm_capabilities_service (service_manager (add)))
+(neverallow base_typeattr_725 hal_vm_capabilities_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_vm_capabilities.te
 
-(neverallow base_typeattr_730 hal_vm_capabilities_service (service_manager (find)))
+(neverallow base_typeattr_726 hal_vm_capabilities_service (service_manager (find)))
 ;;* lme
 
 (allow hal_vm_capabilities_client servicemanager (binder (call transfer)))
 (allow servicemanager hal_vm_capabilities_client (binder (call transfer)))
-(allow servicemanager hal_vm_capabilities_client (dir (search)))
-(allow servicemanager hal_vm_capabilities_client (file (read open)))
-(allow servicemanager hal_vm_capabilities_client (process (getattr)))
 (allow hal_vm_capabilities_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_vm_capabilities_server (binder (call transfer)))
-(allow servicemanager hal_vm_capabilities_server (dir (search)))
-(allow servicemanager hal_vm_capabilities_server (file (read open)))
-(allow servicemanager hal_vm_capabilities_server (process (getattr)))
 (allow hal_vr_client hal_vr_server (binder (call transfer)))
 (allow hal_vr_server hal_vr_client (binder (transfer)))
 (allow hal_vr_client hal_vr_server (fd (use)))
@@ -20500,12 +20173,12 @@
 (allow hal_vr_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_vr.te
 
-(neverallow base_typeattr_731 hal_vr_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_727 hal_vr_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_vr.te
 
-(neverallow base_typeattr_732 hal_vr_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_728 hal_vr_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_weaver_client hal_weaver_server (binder (call transfer)))
@@ -20516,24 +20189,24 @@
 (allow hal_weaver_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 4 system/sepolicy/private/hal_weaver.te
 
-(neverallow base_typeattr_733 hal_weaver_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_729 hal_weaver_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/hal_weaver.te
 
-(neverallow base_typeattr_734 hal_weaver_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_730 hal_weaver_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_weaver_client hal_weaver_service (service_manager (find)))
 (allow hal_weaver_server hal_weaver_service (service_manager (add find)))
 ;;* lmx 5 system/sepolicy/private/hal_weaver.te
 
-(neverallow base_typeattr_733 hal_weaver_service (service_manager (add)))
+(neverallow base_typeattr_729 hal_weaver_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_weaver.te
 
-(neverallow base_typeattr_735 hal_weaver_service (service_manager (find)))
+(neverallow base_typeattr_731 hal_weaver_service (service_manager (find)))
 ;;* lme
 
 (allow hal_weaver_server servicemanager (binder (call transfer)))
@@ -20550,31 +20223,28 @@
 (allow hal_wifi_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_wifi.te
 
-(neverallow base_typeattr_736 hal_wifi_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_732 hal_wifi_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_wifi.te
 
-(neverallow base_typeattr_737 hal_wifi_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_733 hal_wifi_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_wifi_client hal_wifi_service (service_manager (find)))
 (allow hal_wifi_server hal_wifi_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_wifi.te
 
-(neverallow base_typeattr_736 hal_wifi_service (service_manager (add)))
+(neverallow base_typeattr_732 hal_wifi_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_wifi.te
 
-(neverallow base_typeattr_738 hal_wifi_service (service_manager (find)))
+(neverallow base_typeattr_734 hal_wifi_service (service_manager (find)))
 ;;* lme
 
 (allow hal_wifi_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_wifi_server (binder (call transfer)))
-(allow servicemanager hal_wifi_server (dir (search)))
-(allow servicemanager hal_wifi_server (file (read open)))
-(allow servicemanager hal_wifi_server (process (getattr)))
 (allow hal_wifi proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow hal_wifi proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
 (allow hal_wifi proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
@@ -20611,31 +20281,28 @@
 (allow hal_wifi_hostapd_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_wifi_hostapd.te
 
-(neverallow base_typeattr_739 hal_wifi_hostapd_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_735 hal_wifi_hostapd_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_wifi_hostapd.te
 
-(neverallow base_typeattr_740 hal_wifi_hostapd_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_736 hal_wifi_hostapd_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_wifi_hostapd_client hal_wifi_hostapd_service (service_manager (find)))
 (allow hal_wifi_hostapd_server hal_wifi_hostapd_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_wifi_hostapd.te
 
-(neverallow base_typeattr_739 hal_wifi_hostapd_service (service_manager (add)))
+(neverallow base_typeattr_735 hal_wifi_hostapd_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_wifi_hostapd.te
 
-(neverallow base_typeattr_741 hal_wifi_hostapd_service (service_manager (find)))
+(neverallow base_typeattr_737 hal_wifi_hostapd_service (service_manager (find)))
 ;;* lme
 
 (allow hal_wifi_hostapd_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_wifi_hostapd_server (binder (call transfer)))
-(allow servicemanager hal_wifi_hostapd_server (dir (search)))
-(allow servicemanager hal_wifi_hostapd_server (file (read open)))
-(allow servicemanager hal_wifi_hostapd_server (process (getattr)))
 (allow hal_wifi_hostapd_server dumpstate (fifo_file (write)))
 (allow hal_wifi_hostapd_server self (capability (net_admin net_raw)))
 (allow hal_wifi_hostapd_server self (cap_userns (net_admin net_raw)))
@@ -20671,24 +20338,24 @@
 (allow hal_wifi_supplicant_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hal_wifi_supplicant.te
 
-(neverallow base_typeattr_742 hal_wifi_supplicant_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_738 hal_wifi_supplicant_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/hal_wifi_supplicant.te
 
-(neverallow base_typeattr_743 hal_wifi_supplicant_hwservice (hwservice_manager (find)))
+(neverallow base_typeattr_739 hal_wifi_supplicant_hwservice (hwservice_manager (find)))
 ;;* lme
 
 (allow hal_wifi_supplicant_client hal_wifi_supplicant_service (service_manager (find)))
 (allow hal_wifi_supplicant_server hal_wifi_supplicant_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/hal_wifi_supplicant.te
 
-(neverallow base_typeattr_742 hal_wifi_supplicant_service (service_manager (add)))
+(neverallow base_typeattr_738 hal_wifi_supplicant_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/hal_wifi_supplicant.te
 
-(neverallow base_typeattr_744 hal_wifi_supplicant_service (service_manager (find)))
+(neverallow base_typeattr_740 hal_wifi_supplicant_service (service_manager (find)))
 ;;* lme
 
 (allowx hal_wifi_supplicant self (ioctl udp_socket (0x6900 0x6902)))
@@ -20712,9 +20379,6 @@
 (allowx hal_wifi_supplicant self (ioctl packet_socket (0x6900 0x6902)))
 (allowx hal_wifi_supplicant self (ioctl packet_socket ((range 0x8906 0x8907) (range 0x890b 0x890d) (range 0x8910 0x8927) 0x8929 (range 0x8930 0x8939) (range 0x8940 0x8943) (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
 (allowx hal_wifi_supplicant self (ioctl packet_socket ((range 0x8b00 0x8b02) (range 0x8b04 0x8b1d) (range 0x8b20 0x8b2d) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
-(allow keystore hal_wifi_supplicant (dir (search)))
-(allow keystore hal_wifi_supplicant (file (read open)))
-(allow keystore hal_wifi_supplicant (process (getattr)))
 (allow hal_wifi_supplicant apc_service (service_manager (find)))
 (allow hal_wifi_supplicant keystore_service (service_manager (find)))
 (allow hal_wifi_supplicant legacykeystore_service (service_manager (find)))
@@ -20726,9 +20390,6 @@
 (allow keystore hal_wifi_supplicant (fd (use)))
 (allow hal_wifi_supplicant_server servicemanager (binder (call transfer)))
 (allow servicemanager hal_wifi_supplicant_server (binder (call transfer)))
-(allow servicemanager hal_wifi_supplicant_server (dir (search)))
-(allow servicemanager hal_wifi_supplicant_server (file (read open)))
-(allow servicemanager hal_wifi_supplicant_server (process (getattr)))
 (allow hal_wifi_supplicant wifi_key (keystore2_key (get_info use)))
 ;;* lmx 37 system/sepolicy/private/hal_wifi_supplicant.te
 
@@ -20744,16 +20405,10 @@
 
 (allow halclientdomain hwservicemanager (binder (call transfer)))
 (allow hwservicemanager halclientdomain (binder (call transfer)))
-(allow hwservicemanager halclientdomain (dir (search)))
-(allow hwservicemanager halclientdomain (file (read map open)))
-(allow hwservicemanager halclientdomain (process (getattr)))
 (allow halclientdomain hwservicemanager_prop (file (read getattr map open)))
 (allow halclientdomain hidl_manager_hwservice (hwservice_manager (find)))
 (allow halserverdomain hwservicemanager (binder (call transfer)))
 (allow hwservicemanager halserverdomain (binder (call transfer)))
-(allow hwservicemanager halserverdomain (dir (search)))
-(allow hwservicemanager halserverdomain (file (read map open)))
-(allow hwservicemanager halserverdomain (process (getattr)))
 (allow halserverdomain system_file (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow halserverdomain hwservicemanager_prop (file (read getattr map open)))
 (allow init heapprofd_exec (file (read getattr map execute open)))
@@ -20851,12 +20506,12 @@
 
 ;;* lmx 72 system/sepolicy/private/heapprofd.te
 
-(neverallow heapprofd base_typeattr_745 (file (execute execute_no_trans)))
+(neverallow heapprofd base_typeattr_741 (file (execute execute_no_trans)))
 ;;* lme
 
 ;;* lmx 11 system/sepolicy/private/hwservice.te
 
-(neverallow domain base_typeattr_746 (hwservice_manager (add find)))
+(neverallow domain base_typeattr_742 (hwservice_manager (add find)))
 ;;* lme
 
 (allow init hwservicemanager_exec (file (read getattr map execute open)))
@@ -20869,14 +20524,14 @@
 (allow hwservicemanager hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 5 system/sepolicy/private/hwservicemanager.te
 
-(neverallow base_typeattr_747 hidl_manager_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_743 hidl_manager_hwservice (hwservice_manager (add)))
 ;;* lme
 
 (allow hwservicemanager hidl_token_hwservice (hwservice_manager (add find)))
 (allow hwservicemanager hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 6 system/sepolicy/private/hwservicemanager.te
 
-(neverallow base_typeattr_747 hidl_token_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_743 hidl_token_hwservice (hwservice_manager (add)))
 ;;* lme
 
 (allow hwservicemanager property_socket (sock_file (write)))
@@ -20925,13 +20580,10 @@
 (allow idmap vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
 (allow idmap servicemanager (binder (call transfer)))
 (allow servicemanager idmap (binder (call transfer)))
-(allow servicemanager idmap (dir (search)))
-(allow servicemanager idmap (file (read open)))
-(allow servicemanager idmap (process (getattr)))
 (allow idmap idmap_service (service_manager (add find)))
 ;;* lmx 26 system/sepolicy/private/idmap.te
 
-(neverallow base_typeattr_748 idmap_service (service_manager (add)))
+(neverallow base_typeattr_744 idmap_service (service_manager (add)))
 ;;* lme
 
 (allow shell incident_exec (file (read getattr map execute open)))
@@ -20958,9 +20610,6 @@
 (allow incident adbd (process (sigchld)))
 (allow incident servicemanager (binder (call transfer)))
 (allow servicemanager incident (binder (call transfer)))
-(allow servicemanager incident (dir (search)))
-(allow servicemanager incident (file (read open)))
-(allow servicemanager incident (process (getattr)))
 (allow incident incident_service (service_manager (find)))
 (allow incident incidentd (binder (call transfer)))
 (allow incidentd incident (binder (transfer)))
@@ -20968,7 +20617,7 @@
 (allow incident incidentd (fifo_file (write)))
 ;;* lmx 47 system/sepolicy/private/incident.te
 
-(neverallow base_typeattr_749 incident_exec (file (execute execute_no_trans)))
+(neverallow base_typeattr_745 incident_exec (file (execute execute_no_trans)))
 ;;* lme
 
 (allow incidentd incident_helper_exec (file (read getattr map execute open)))
@@ -20989,7 +20638,7 @@
 (allow incident_helper incidentd (unix_stream_socket (read write)))
 ;;* lmx 23 system/sepolicy/private/incident_helper.te
 
-(neverallow base_typeattr_750 incident_helper_exec (file (execute execute_no_trans)))
+(neverallow base_typeattr_746 incident_helper_exec (file (execute execute_no_trans)))
 ;;* lme
 
 (allow init incidentd_exec (file (read getattr map execute open)))
@@ -21000,9 +20649,6 @@
 (typetransition init incidentd_exec process incidentd)
 (allow incidentd servicemanager (binder (call transfer)))
 (allow servicemanager incidentd (binder (call transfer)))
-(allow servicemanager incidentd (dir (search)))
-(allow servicemanager incidentd (file (read open)))
-(allow servicemanager incidentd (process (getattr)))
 (allow incidentd sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
 (allow incidentd self (capability2 (block_suspend)))
 (allow incidentd self (cap2_userns (block_suspend)))
@@ -21012,17 +20658,11 @@
 (allow incidentd system_suspend_hwservice (hwservice_manager (find)))
 (allow incidentd hwservicemanager (binder (call transfer)))
 (allow hwservicemanager incidentd (binder (call transfer)))
-(allow hwservicemanager incidentd (dir (search)))
-(allow hwservicemanager incidentd (file (read map open)))
-(allow hwservicemanager incidentd (process (getattr)))
 (allow incidentd hwservicemanager_prop (file (read getattr map open)))
 (allow incidentd hidl_manager_hwservice (hwservice_manager (find)))
 (allow incidentd hal_system_suspend_service (service_manager (find)))
 (allow incidentd servicemanager (binder (call transfer)))
 (allow servicemanager incidentd (binder (call transfer)))
-(allow servicemanager incidentd (dir (search)))
-(allow servicemanager incidentd (file (read open)))
-(allow servicemanager incidentd (process (getattr)))
 (allow incidentd domain (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow incidentd domain (file (ioctl read getattr lock map open watch watch_reads)))
 (allow incidentd domain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
@@ -21036,7 +20676,7 @@
 (dontaudit su incidentd_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 29 system/sepolicy/private/incidentd.te
 
-(neverallow base_typeattr_751 incidentd_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_747 incidentd_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow incidentd proc_pagetypeinfo (file (ioctl read getattr lock map open watch watch_reads)))
@@ -21056,14 +20696,8 @@
 (allow incidentd incident_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
 (allow incidentd servicemanager (binder (call transfer)))
 (allow servicemanager incidentd (binder (call transfer)))
-(allow servicemanager incidentd (dir (search)))
-(allow servicemanager incidentd (file (read open)))
-(allow servicemanager incidentd (process (getattr)))
 (allow incidentd hwservicemanager (binder (call transfer)))
 (allow hwservicemanager incidentd (binder (call transfer)))
-(allow hwservicemanager incidentd (dir (search)))
-(allow hwservicemanager incidentd (file (read map open)))
-(allow hwservicemanager incidentd (process (getattr)))
 (allow incidentd hwservicemanager (hwservice_manager (list)))
 (allow incidentd hwservicemanager_prop (file (read getattr map open)))
 (allow incidentd hidl_manager_hwservice (hwservice_manager (find)))
@@ -21125,11 +20759,11 @@
 (allow incidentd misc_logd_file (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow incidentd misc_logd_file (file (ioctl read getattr lock map open watch watch_reads)))
 (allow incidentd misc_logd_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow incidentd base_typeattr_752 (service_manager (find)))
+(allow incidentd base_typeattr_748 (service_manager (find)))
 (allow incidentd incident_service (service_manager (add find)))
 ;;* lmx 174 system/sepolicy/private/incidentd.te
 
-(neverallow base_typeattr_751 incident_service (service_manager (add)))
+(neverallow base_typeattr_747 incident_service (service_manager (add)))
 ;;* lme
 
 (allow incidentd dumpstate (fd (use)))
@@ -21142,17 +20776,17 @@
 (allow incidentd build_attestation_prop (file (read getattr map open)))
 ;;* lmx 215 system/sepolicy/private/incidentd.te
 
-(neverallow base_typeattr_753 incident_data_file (file (write create getattr setattr lock append map unlink rename execute open execute_no_trans)))
+(neverallow base_typeattr_749 incident_data_file (file (write create getattr setattr lock append map unlink rename execute open execute_no_trans)))
 ;;* lme
 
 ;;* lmx 217 system/sepolicy/private/incidentd.te
 
-(neverallow base_typeattr_754 incident_data_file (file (ioctl read getattr lock map open watch watch_reads)))
+(neverallow base_typeattr_750 incident_data_file (file (ioctl read getattr lock map open watch watch_reads)))
 ;;* lme
 
 ;;* lmx 219 system/sepolicy/private/incidentd.te
 
-(neverallow base_typeattr_753 incident_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_749 incident_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 (typetransition init tmpfs file init_tmpfs)
@@ -21248,7 +20882,7 @@
 (allow init debugfs_bootreceiver_tracing (file (write lock append map open)))
 (allow init prng_seeder (unix_stream_socket (create bind listen)))
 (dontaudit init debugfs_tracing_debug (dir (write add_name)))
-(allow init base_typeattr_755 (chr_file (setattr)))
+(allow init base_typeattr_751 (chr_file (setattr)))
 (allow init tmpfs (chr_file (ioctl read write create getattr setattr lock append map unlink open watch watch_reads)))
 (allow init tmpfs (chr_file (relabelfrom)))
 (allow init kmsg_device (chr_file (write getattr relabelto)))
@@ -21350,7 +20984,7 @@
 (allow init dev_type (blk_file (ioctl read getattr lock map open watch watch_reads)))
 (allowx init dev_type (ioctl blk_file (0x125d)))
 (allowx init system_data_root_file (ioctl dir (0x587d)))
-(allow init base_typeattr_756 (filesystem (mount remount unmount getattr relabelfrom associate quotamod quotaget watch)))
+(allow init base_typeattr_752 (filesystem (mount remount unmount getattr relabelfrom associate quotamod quotaget watch)))
 (allow init debugfs_tracing_debug (filesystem (mount)))
 (allow init unlabeled (filesystem (mount remount unmount getattr relabelfrom associate quotamod quotaget watch)))
 (allow init contextmount_type (filesystem (relabelto)))
@@ -21363,22 +20997,22 @@
 (allow init rootfs (dir (relabelfrom)))
 (allow init self (capability (chown fowner fsetid)))
 (allow init self (cap_userns (chown fowner fsetid)))
-(allow init base_typeattr_757 (dir (ioctl read create getattr setattr open search)))
-(allow init base_typeattr_758 (dir (write relabelfrom add_name remove_name rmdir)))
-(allow init base_typeattr_759 (file (read write create getattr setattr relabelfrom map unlink open)))
+(allow init base_typeattr_753 (dir (ioctl read create getattr setattr open search)))
+(allow init base_typeattr_754 (dir (write relabelfrom add_name remove_name rmdir)))
+(allow init base_typeattr_755 (file (read write create getattr setattr relabelfrom map unlink open)))
 (allow init tracefs_type (file (ioctl read write create getattr setattr lock relabelfrom append map unlink rename open watch watch_reads)))
 (allow init apex_info_file (file (ioctl read getattr lock map open watch watch_reads)))
-(allow init base_typeattr_760 (sock_file (read create getattr setattr relabelfrom unlink open)))
-(allow init base_typeattr_760 (fifo_file (read create getattr setattr relabelfrom unlink open)))
-(allow init base_typeattr_761 (lnk_file (create getattr setattr relabelfrom unlink)))
+(allow init base_typeattr_756 (sock_file (read create getattr setattr relabelfrom unlink open)))
+(allow init base_typeattr_756 (fifo_file (read create getattr setattr relabelfrom unlink open)))
+(allow init base_typeattr_757 (lnk_file (create getattr setattr relabelfrom unlink)))
 (allow init cache_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow init base_typeattr_762 (file (relabelto)))
-(allow init base_typeattr_762 (dir (relabelto)))
-(allow init base_typeattr_762 (lnk_file (relabelto)))
-(allow init base_typeattr_762 (chr_file (relabelto)))
-(allow init base_typeattr_762 (blk_file (relabelto)))
-(allow init base_typeattr_762 (sock_file (relabelto)))
-(allow init base_typeattr_762 (fifo_file (relabelto)))
+(allow init base_typeattr_758 (file (relabelto)))
+(allow init base_typeattr_758 (dir (relabelto)))
+(allow init base_typeattr_758 (lnk_file (relabelto)))
+(allow init base_typeattr_758 (chr_file (relabelto)))
+(allow init base_typeattr_758 (blk_file (relabelto)))
+(allow init base_typeattr_758 (sock_file (relabelto)))
+(allow init base_typeattr_758 (fifo_file (relabelto)))
 (allow init sysfs (file (getattr relabelfrom)))
 (allow init sysfs (dir (getattr relabelfrom)))
 (allow init sysfs (lnk_file (getattr relabelfrom)))
@@ -21401,8 +21035,8 @@
 (allow init debugfs_tracing_instances (file (write lock append map open)))
 (allow init debugfs_wifi_tracing (file (write lock append map open)))
 (allow init debugfs_wifi_tracing (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
-(allow init base_typeattr_763 (file (read setattr open)))
-(allow init base_typeattr_764 (dir (read setattr open search)))
+(allow init base_typeattr_759 (file (read setattr open)))
+(allow init base_typeattr_760 (dir (read setattr open search)))
 (allow init binder_device (chr_file (read open)))
 (allow init hwbinder_device (chr_file (read open)))
 (allow init dm_device (chr_file (read open)))
@@ -21591,7 +21225,7 @@
 
 ;;* lmx 818 system/sepolicy/private/init.te
 
-(neverallow init base_typeattr_765 (file (entrypoint)))
+(neverallow init base_typeattr_761 (file (entrypoint)))
 ;;* lme
 
 ;;* lmx 821 system/sepolicy/private/init.te
@@ -21642,7 +21276,7 @@
 
 ;;* lmx 853 system/sepolicy/private/init.te
 
-(neverallow base_typeattr_766 system_data_root_file (dir (write add_name remove_name)))
+(neverallow base_typeattr_762 system_data_root_file (dir (write add_name remove_name)))
 ;;* lme
 
 ;;* lmx 856 system/sepolicy/private/init.te
@@ -21694,9 +21328,6 @@
 (typetransition init inputflinger_exec process inputflinger)
 (allow inputflinger servicemanager (binder (call transfer)))
 (allow servicemanager inputflinger (binder (call transfer)))
-(allow servicemanager inputflinger (dir (search)))
-(allow servicemanager inputflinger (file (read open)))
-(allow servicemanager inputflinger (process (getattr)))
 (allow inputflinger system_server (binder (call transfer)))
 (allow system_server inputflinger (binder (transfer)))
 (allow inputflinger system_server (fd (use)))
@@ -21709,17 +21340,11 @@
 (allow inputflinger system_suspend_hwservice (hwservice_manager (find)))
 (allow inputflinger hwservicemanager (binder (call transfer)))
 (allow hwservicemanager inputflinger (binder (call transfer)))
-(allow hwservicemanager inputflinger (dir (search)))
-(allow hwservicemanager inputflinger (file (read map open)))
-(allow hwservicemanager inputflinger (process (getattr)))
 (allow inputflinger hwservicemanager_prop (file (read getattr map open)))
 (allow inputflinger hidl_manager_hwservice (hwservice_manager (find)))
 (allow inputflinger hal_system_suspend_service (service_manager (find)))
 (allow inputflinger servicemanager (binder (call transfer)))
 (allow servicemanager inputflinger (binder (call transfer)))
-(allow servicemanager inputflinger (dir (search)))
-(allow servicemanager inputflinger (file (read open)))
-(allow servicemanager inputflinger (process (getattr)))
 (allow inputflinger input_device (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow inputflinger input_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
 (allow inputflinger cgroup (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -21884,13 +21509,10 @@
 (allow installd toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
 (allow installd servicemanager (binder (call transfer)))
 (allow servicemanager installd (binder (call transfer)))
-(allow servicemanager installd (dir (search)))
-(allow servicemanager installd (file (read open)))
-(allow servicemanager installd (process (getattr)))
 (allow installd installd_service (service_manager (add find)))
 ;;* lmx 192 system/sepolicy/private/installd.te
 
-(neverallow base_typeattr_767 installd_service (service_manager (add)))
+(neverallow base_typeattr_763 installd_service (service_manager (add)))
 ;;* lme
 
 (allow installd dumpstate (fifo_file (write getattr)))
@@ -21907,22 +21529,20 @@
 (allow installd proc_filesystems (file (ioctl read getattr lock map open watch watch_reads)))
 (allow installd storage_config_prop (file (read getattr map open)))
 (allow installd vold (fd (use)))
-(allow installd storage_area_key_file (dir (read write getattr lock open remove_name search rmdir)))
-(allow installd storage_area_key_file (file (unlink)))
 (allow installd virtualizationservice_data_file (file (unlink)))
 ;;* lmx 241 system/sepolicy/private/installd.te
 
-(neverallow base_typeattr_768 installd_service (service_manager (find)))
+(neverallow base_typeattr_764 installd_service (service_manager (find)))
 ;;* lme
 
 ;;* lmx 242 system/sepolicy/private/installd.te
 
-(neverallow base_typeattr_769 installd (binder (call)))
+(neverallow base_typeattr_765 installd (binder (call)))
 ;;* lme
 
 ;;* lmx 248 system/sepolicy/private/installd.te
 
-(neverallow installd base_typeattr_770 (binder (call)))
+(neverallow installd base_typeattr_766 (binder (call)))
 ;;* lme
 
 (typetransition isolated_app tmpfs file appdomain_tmpfs)
@@ -21936,17 +21556,17 @@
 (allow isolated_app appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 10 system/sepolicy/private/isolated_app.te
 
-(neverallow base_typeattr_771 base_typeattr_287 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_767 base_typeattr_287 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 10 system/sepolicy/private/isolated_app.te
 
-(neverallow base_typeattr_772 isolated_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_768 isolated_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 10 system/sepolicy/private/isolated_app.te
 
-(neverallow base_typeattr_773 isolated_app (process (ptrace)))
+(neverallow base_typeattr_769 isolated_app (process (ptrace)))
 ;;* lme
 
 (allow isolated_app webviewupdate_service (service_manager (find)))
@@ -21992,12 +21612,12 @@
 
 ;;* lmx 53 system/sepolicy/private/isolated_app_all.te
 
-(neverallow base_typeattr_774 hwbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_770 hwbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 ;;* lmx 54 system/sepolicy/private/isolated_app_all.te
 
-(neverallow base_typeattr_774 base_typeattr_239 (hwservice_manager (add find list)))
+(neverallow base_typeattr_770 base_typeattr_239 (hwservice_manager (add find list)))
 ;;* lme
 
 ;;* lmx 57 system/sepolicy/private/isolated_app_all.te
@@ -22007,17 +21627,17 @@
 
 ;;* lmx 61 system/sepolicy/private/isolated_app_all.te
 
-(neverallow base_typeattr_774 base_typeattr_239 (service_manager (add list)))
+(neverallow base_typeattr_770 base_typeattr_239 (service_manager (add list)))
 ;;* lme
 
 ;;* lmx 71 system/sepolicy/private/isolated_app_all.te
 
-(neverallow base_typeattr_774 base_typeattr_775 (service_manager (find)))
+(neverallow base_typeattr_770 base_typeattr_771 (service_manager (find)))
 ;;* lme
 
 ;;* lmx 74 system/sepolicy/private/isolated_app_all.te
 
-(neverallow base_typeattr_774 gpu_device (chr_file (ioctl read write getattr lock append map execute open watch watch_reads)))
+(neverallow base_typeattr_770 gpu_device (chr_file (ioctl read write getattr lock append map execute open watch watch_reads)))
 ;;* lme
 
 ;;* lmx 77 system/sepolicy/private/isolated_app_all.te
@@ -22087,7 +21707,7 @@
 
 ;;* lmx 105 system/sepolicy/private/isolated_app_all.te
 
-(neverallow base_typeattr_774 base_typeattr_776 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_770 base_typeattr_772 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 126 system/sepolicy/private/isolated_app_all.te
@@ -22374,32 +21994,29 @@
 (dontaudit su isolated_compute_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 14 system/sepolicy/private/isolated_compute_app.te
 
-(neverallow base_typeattr_777 isolated_compute_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_773 isolated_compute_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow isolated_compute_app appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 14 system/sepolicy/private/isolated_compute_app.te
 
-(neverallow base_typeattr_778 base_typeattr_777 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_774 base_typeattr_773 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 14 system/sepolicy/private/isolated_compute_app.te
 
-(neverallow base_typeattr_779 isolated_compute_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_775 isolated_compute_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 14 system/sepolicy/private/isolated_compute_app.te
 
-(neverallow base_typeattr_780 isolated_compute_app (process (ptrace)))
+(neverallow base_typeattr_776 isolated_compute_app (process (ptrace)))
 ;;* lme
 
 (allow isolated_compute_app isolated_compute_allowed_service (service_manager (find)))
 (allow isolated_compute_app isolated_compute_allowed_device (chr_file (ioctl read write map)))
 (allow isolated_compute_app hwservicemanager (binder (call transfer)))
 (allow hwservicemanager isolated_compute_app (binder (call transfer)))
-(allow hwservicemanager isolated_compute_app (dir (search)))
-(allow hwservicemanager isolated_compute_app (file (read map open)))
-(allow hwservicemanager isolated_compute_app (process (getattr)))
 (allow isolated_compute_app dmabuf_system_heap_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
 (allow isolated_compute_app untrusted_app_all (tcp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
 (allow isolated_compute_app untrusted_app_all (udp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
@@ -22569,9 +22186,6 @@
 (allow keystore vendor_apex_metadata_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
 (allow keystore servicemanager (binder (call transfer)))
 (allow servicemanager keystore (binder (call transfer)))
-(allow servicemanager keystore (dir (search)))
-(allow servicemanager keystore (file (read open)))
-(allow servicemanager keystore (process (getattr)))
 (allow keystore remote_provisioning_service_server (binder (call transfer)))
 (allow remote_provisioning_service_server keystore (binder (transfer)))
 (allow keystore remote_provisioning_service_server (fd (use)))
@@ -22593,7 +22207,7 @@
 (allow keystore keystore_service (service_manager (add find)))
 ;;* lmx 62 system/sepolicy/private/keystore.te
 
-(neverallow base_typeattr_781 keystore_service (service_manager (add)))
+(neverallow base_typeattr_777 keystore_service (service_manager (add)))
 ;;* lme
 
 (allow keystore sec_key_att_app_id_provider_service (service_manager (find)))
@@ -22604,37 +22218,37 @@
 (allow keystore apc_service (service_manager (add find)))
 ;;* lmx 71 system/sepolicy/private/keystore.te
 
-(neverallow base_typeattr_781 apc_service (service_manager (add)))
+(neverallow base_typeattr_777 apc_service (service_manager (add)))
 ;;* lme
 
 (allow keystore keystore_compat_hal_service (service_manager (add find)))
 ;;* lmx 72 system/sepolicy/private/keystore.te
 
-(neverallow base_typeattr_781 keystore_compat_hal_service (service_manager (add)))
+(neverallow base_typeattr_777 keystore_compat_hal_service (service_manager (add)))
 ;;* lme
 
 (allow keystore authorization_service (service_manager (add find)))
 ;;* lmx 73 system/sepolicy/private/keystore.te
 
-(neverallow base_typeattr_781 authorization_service (service_manager (add)))
+(neverallow base_typeattr_777 authorization_service (service_manager (add)))
 ;;* lme
 
 (allow keystore keystore_maintenance_service (service_manager (add find)))
 ;;* lmx 74 system/sepolicy/private/keystore.te
 
-(neverallow base_typeattr_781 keystore_maintenance_service (service_manager (add)))
+(neverallow base_typeattr_777 keystore_maintenance_service (service_manager (add)))
 ;;* lme
 
 (allow keystore keystore_metrics_service (service_manager (add find)))
 ;;* lmx 75 system/sepolicy/private/keystore.te
 
-(neverallow base_typeattr_781 keystore_metrics_service (service_manager (add)))
+(neverallow base_typeattr_777 keystore_metrics_service (service_manager (add)))
 ;;* lme
 
 (allow keystore legacykeystore_service (service_manager (add find)))
 ;;* lmx 76 system/sepolicy/private/keystore.te
 
-(neverallow base_typeattr_781 legacykeystore_service (service_manager (add)))
+(neverallow base_typeattr_777 legacykeystore_service (service_manager (add)))
 ;;* lme
 
 (allow keystore selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -22653,28 +22267,28 @@
 (allow keystore keystore_config_prop (file (read getattr map open)))
 ;;* lmx 97 system/sepolicy/private/keystore.te
 
-(neverallow base_typeattr_781 keystore_data_file (dir (write lock relabelfrom append map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_777 keystore_data_file (dir (write lock relabelfrom append map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
 ;;* lme
 
 ;;* lmx 98 system/sepolicy/private/keystore.te
 
-(neverallow base_typeattr_781 keystore_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_781 keystore_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_781 keystore_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_781 keystore_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_777 keystore_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_777 keystore_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_777 keystore_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_777 keystore_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 100 system/sepolicy/private/keystore.te
 
-(neverallow base_typeattr_782 keystore_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_778 keystore_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 ;;* lmx 101 system/sepolicy/private/keystore.te
 
-(neverallow base_typeattr_782 keystore_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_782 keystore_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_782 keystore_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_782 keystore_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_778 keystore_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_778 keystore_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_778 keystore_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_778 keystore_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 103 system/sepolicy/private/keystore.te
@@ -22684,7 +22298,7 @@
 
 ;;* lmx 107 system/sepolicy/private/keystore.te
 
-(neverallow base_typeattr_782 keystore_diagnostics_prop (property_service (set)))
+(neverallow base_typeattr_778 keystore_diagnostics_prop (property_service (set)))
 ;;* lme
 
 (allow init linkerconfig_exec (file (read getattr map execute open)))
@@ -22708,7 +22322,7 @@
 (allow linkerconfig dexopt_chroot_setup (fd (use)))
 ;;* lmx 40 system/sepolicy/private/linkerconfig.te
 
-(neverallow base_typeattr_783 linkerconfig_exec (file (execute execute_no_trans)))
+(neverallow base_typeattr_779 linkerconfig_exec (file (execute execute_no_trans)))
 ;;* lme
 
 (allow init linux_vm_setup_exec (file (read getattr map execute open)))
@@ -22817,7 +22431,7 @@
 
 ;;* lmx 94 system/sepolicy/private/lmkd.te
 
-(neverallow base_typeattr_784 lmkd_prop (property_service (set)))
+(neverallow base_typeattr_780 lmkd_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 95 system/sepolicy/private/lmkd.te
@@ -22834,31 +22448,28 @@
 (allow logd device_logging_prop (file (read getattr map open)))
 ;;* lmx 17 system/sepolicy/private/logd.te
 
-(neverallow logd base_typeattr_785 (file (write create append)))
+(neverallow logd base_typeattr_781 (file (write create append)))
 ;;* lme
 
 ;;* lmx 32 system/sepolicy/private/logd.te
 
-(neverallow base_typeattr_786 runtime_event_log_tags_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_782 runtime_event_log_tags_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 43 system/sepolicy/private/logd.te
 
-(neverallow base_typeattr_787 runtime_event_log_tags_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_783 runtime_event_log_tags_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow logd servicemanager (binder (call transfer)))
 (allow servicemanager logd (binder (call transfer)))
-(allow servicemanager logd (dir (search)))
-(allow servicemanager logd (file (read open)))
-(allow servicemanager logd (process (getattr)))
 (allow logd system_server (binder (call transfer)))
 (allow system_server logd (binder (transfer)))
 (allow logd system_server (fd (use)))
 (allow logd logd_service (service_manager (add find)))
 ;;* lmx 50 system/sepolicy/private/logd.te
 
-(neverallow base_typeattr_788 logd_service (service_manager (add)))
+(neverallow base_typeattr_784 logd_service (service_manager (add)))
 ;;* lme
 
 (allow logd logcat_service (service_manager (find)))
@@ -22928,13 +22539,13 @@
 
 ;;* lmx 116 system/sepolicy/private/logd.te
 
-(neverallow logd base_typeattr_789 (file (write)))
-(neverallow logd base_typeattr_789 (dir (write)))
-(neverallow logd base_typeattr_789 (lnk_file (write)))
-(neverallow logd base_typeattr_789 (chr_file (write)))
-(neverallow logd base_typeattr_789 (blk_file (write)))
-(neverallow logd base_typeattr_789 (sock_file (write)))
-(neverallow logd base_typeattr_789 (fifo_file (write)))
+(neverallow logd base_typeattr_785 (file (write)))
+(neverallow logd base_typeattr_785 (dir (write)))
+(neverallow logd base_typeattr_785 (lnk_file (write)))
+(neverallow logd base_typeattr_785 (chr_file (write)))
+(neverallow logd base_typeattr_785 (blk_file (write)))
+(neverallow logd base_typeattr_785 (sock_file (write)))
+(neverallow logd base_typeattr_785 (fifo_file (write)))
 ;;* lme
 
 ;;* lmx 119 system/sepolicy/private/logd.te
@@ -22949,7 +22560,7 @@
 
 ;;* lmx 127 system/sepolicy/private/logd.te
 
-(neverallow base_typeattr_790 runtime_event_log_tags_file (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_786 runtime_event_log_tags_file (file (write create setattr relabelfrom append unlink link rename)))
 ;;* lme
 
 (allow logpersist shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
@@ -22996,7 +22607,7 @@
 
 ;;* lmx 62 system/sepolicy/private/logpersist.te
 
-(neverallow base_typeattr_791 misc_logd_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_787 misc_logd_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 63 system/sepolicy/private/logpersist.te
@@ -23017,13 +22628,10 @@
 (typetransition init lpdumpd_exec process lpdumpd)
 (allow lpdumpd servicemanager (binder (call transfer)))
 (allow servicemanager lpdumpd (binder (call transfer)))
-(allow servicemanager lpdumpd (dir (search)))
-(allow servicemanager lpdumpd (file (read open)))
-(allow servicemanager lpdumpd (process (getattr)))
 (allow lpdumpd lpdump_service (service_manager (add find)))
 ;;* lmx 8 system/sepolicy/private/lpdumpd.te
 
-(neverallow base_typeattr_792 lpdump_service (service_manager (add)))
+(neverallow base_typeattr_788 lpdump_service (service_manager (add)))
 ;;* lme
 
 (allow lpdumpd block_device (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -23045,12 +22653,12 @@
 (allow lpdumpd ota_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
 ;;* lmx 39 system/sepolicy/private/lpdumpd.te
 
-(neverallow base_typeattr_793 lpdump_service (service_manager (find)))
+(neverallow base_typeattr_789 lpdump_service (service_manager (find)))
 ;;* lme
 
 ;;* lmx 47 system/sepolicy/private/lpdumpd.te
 
-(neverallow base_typeattr_794 lpdumpd (binder (call)))
+(neverallow base_typeattr_790 lpdumpd (binder (call)))
 ;;* lme
 
 (allow init mdnsd_exec (file (read getattr map execute open)))
@@ -23071,9 +22679,6 @@
 (auditallow mediadrmserver hal_graphics_allocator_server (binder (call)))
 (allow mediadrmserver servicemanager (binder (call transfer)))
 (allow servicemanager mediadrmserver (binder (call transfer)))
-(allow servicemanager mediadrmserver (dir (search)))
-(allow servicemanager mediadrmserver (file (read open)))
-(allow servicemanager mediadrmserver (process (getattr)))
 (allow mediadrmserver binderservicedomain (binder (call transfer)))
 (allow binderservicedomain mediadrmserver (binder (transfer)))
 (allow mediadrmserver binderservicedomain (fd (use)))
@@ -23083,7 +22688,7 @@
 (allow mediadrmserver mediadrmserver_service (service_manager (add find)))
 ;;* lmx 18 system/sepolicy/private/mediadrmserver.te
 
-(neverallow base_typeattr_795 mediadrmserver_service (service_manager (add)))
+(neverallow base_typeattr_791 mediadrmserver_service (service_manager (add)))
 ;;* lme
 
 (allow mediadrmserver mediaserver_service (service_manager (find)))
@@ -23136,9 +22741,6 @@
 (allow mediaextractor device_config_swcodec_native_prop (file (read getattr map open)))
 (allow mediaextractor servicemanager (binder (call transfer)))
 (allow servicemanager mediaextractor (binder (call transfer)))
-(allow servicemanager mediaextractor (dir (search)))
-(allow servicemanager mediaextractor (file (read open)))
-(allow servicemanager mediaextractor (process (getattr)))
 (allow mediaextractor binderservicedomain (binder (call transfer)))
 (allow binderservicedomain mediaextractor (binder (transfer)))
 (allow mediaextractor binderservicedomain (fd (use)))
@@ -23148,7 +22750,7 @@
 (allow mediaextractor mediaextractor_service (service_manager (add find)))
 ;;* lmx 19 system/sepolicy/private/mediaextractor.te
 
-(neverallow base_typeattr_796 mediaextractor_service (service_manager (add)))
+(neverallow base_typeattr_792 mediaextractor_service (service_manager (add)))
 ;;* lme
 
 (allow mediaextractor mediametrics_service (service_manager (find)))
@@ -23216,16 +22818,13 @@
 (allow mediametrics statsd (fd (use)))
 (allow mediametrics servicemanager (binder (call transfer)))
 (allow servicemanager mediametrics (binder (call transfer)))
-(allow servicemanager mediametrics (dir (search)))
-(allow servicemanager mediametrics (file (read open)))
-(allow servicemanager mediametrics (process (getattr)))
 (allow mediametrics binderservicedomain (binder (call transfer)))
 (allow binderservicedomain mediametrics (binder (transfer)))
 (allow mediametrics binderservicedomain (fd (use)))
 (allow mediametrics mediametrics_service (service_manager (add find)))
 ;;* lmx 14 system/sepolicy/private/mediametrics.te
 
-(neverallow base_typeattr_797 mediametrics_service (service_manager (add)))
+(neverallow base_typeattr_793 mediametrics_service (service_manager (add)))
 ;;* lme
 
 (allow mediametrics system_server (fd (use)))
@@ -23263,23 +22862,23 @@
 (dontaudit su mediaprovider_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 7 system/sepolicy/private/mediaprovider.te
 
-(neverallow base_typeattr_798 mediaprovider_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_794 mediaprovider_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow mediaprovider appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 7 system/sepolicy/private/mediaprovider.te
 
-(neverallow base_typeattr_799 base_typeattr_798 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_795 base_typeattr_794 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/mediaprovider.te
 
-(neverallow base_typeattr_800 mediaprovider (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_796 mediaprovider (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/mediaprovider.te
 
-(neverallow base_typeattr_801 mediaprovider (process (ptrace)))
+(neverallow base_typeattr_797 mediaprovider (process (ptrace)))
 ;;* lme
 
 (allow mediaprovider cache_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
@@ -23311,23 +22910,23 @@
 (dontaudit su mediaprovider_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 6 system/sepolicy/private/mediaprovider_app.te
 
-(neverallow base_typeattr_802 mediaprovider_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_798 mediaprovider_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow mediaprovider_app appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 6 system/sepolicy/private/mediaprovider_app.te
 
-(neverallow base_typeattr_803 base_typeattr_802 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_799 base_typeattr_798 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/mediaprovider_app.te
 
-(neverallow base_typeattr_804 mediaprovider_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_800 mediaprovider_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/mediaprovider_app.te
 
-(neverallow base_typeattr_805 mediaprovider_app (process (ptrace)))
+(neverallow base_typeattr_801 mediaprovider_app (process (ptrace)))
 ;;* lme
 
 (allow mediaprovider_app mnt_pass_through_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -23412,9 +23011,6 @@
 (allow mediaserver system_file (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow mediaserver servicemanager (binder (call transfer)))
 (allow servicemanager mediaserver (binder (call transfer)))
-(allow servicemanager mediaserver (dir (search)))
-(allow servicemanager mediaserver (file (read open)))
-(allow servicemanager mediaserver (process (getattr)))
 (allow mediaserver binderservicedomain (binder (call transfer)))
 (allow binderservicedomain mediaserver (binder (transfer)))
 (allow mediaserver binderservicedomain (fd (use)))
@@ -23451,7 +23047,7 @@
 (allow mediaserver mediaserver_service (service_manager (add find)))
 ;;* lmx 103 system/sepolicy/private/mediaserver.te
 
-(neverallow base_typeattr_806 mediaserver_service (service_manager (add)))
+(neverallow base_typeattr_802 mediaserver_service (service_manager (add)))
 ;;* lme
 
 (allow mediaserver activity_service (service_manager (find)))
@@ -23477,9 +23073,6 @@
 (allow mediaserver oemfs (file (ioctl read getattr lock map open watch watch_reads)))
 (allow mediaserver bootanim_oem_file (file (ioctl read getattr lock map open watch watch_reads)))
 (allow mediaserver vendor_app_file (file (read getattr map)))
-(allow drmserver mediaserver (dir (search)))
-(allow drmserver mediaserver (file (read open)))
-(allow drmserver mediaserver (process (getattr)))
 (allow mediaserver drmserver (drmservice (consumeRights setPlaybackStatus openDecryptSession closeDecryptSession initializeDecryptUnit decrypt finalizeDecryptUnit pread)))
 (allowx mediaserver self (ioctl tcp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
 (allowx mediaserver self (ioctl udp_socket ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
@@ -23502,27 +23095,27 @@
 (allow mediaserver system_server (fd (use)))
 (allow mediaserver vold (fd (use)))
 (allow mediaserver vendor_overlay_file (file (read getattr map)))
-;;* lmx 186 system/sepolicy/private/mediaserver.te
+;;* lmx 185 system/sepolicy/private/mediaserver.te
 
 (neverallow mediaserver fs_type (file (execute_no_trans)))
 (neverallow mediaserver file_type (file (execute_no_trans)))
 ;;* lme
 
-;;* lmx 189 system/sepolicy/private/mediaserver.te
+;;* lmx 188 system/sepolicy/private/mediaserver.te
 
 (neverallowx mediaserver domain (ioctl tcp_socket (0x6900 0x6902)))
 (neverallowx mediaserver domain (ioctl udp_socket (0x6900 0x6902)))
 (neverallowx mediaserver domain (ioctl rawip_socket (0x6900 0x6902)))
 ;;* lme
 
-;;* lmx 189 system/sepolicy/private/mediaserver.te
+;;* lmx 188 system/sepolicy/private/mediaserver.te
 
 (neverallowx mediaserver domain (ioctl tcp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
 (neverallowx mediaserver domain (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
 (neverallowx mediaserver domain (ioctl rawip_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
 ;;* lme
 
-;;* lmx 189 system/sepolicy/private/mediaserver.te
+;;* lmx 188 system/sepolicy/private/mediaserver.te
 
 (neverallowx mediaserver domain (ioctl tcp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
 (neverallowx mediaserver domain (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
@@ -23580,9 +23173,6 @@
 (allow mediatranscoding appdomain_tmpfs (file (read write getattr map)))
 (allow mediatranscoding servicemanager (binder (call transfer)))
 (allow servicemanager mediatranscoding (binder (call transfer)))
-(allow servicemanager mediatranscoding (dir (search)))
-(allow servicemanager mediatranscoding (file (read open)))
-(allow servicemanager mediatranscoding (process (getattr)))
 (allow mediatranscoding binderservicedomain (binder (call transfer)))
 (allow binderservicedomain mediatranscoding (binder (transfer)))
 (allow mediatranscoding binderservicedomain (fd (use)))
@@ -23592,7 +23182,7 @@
 (allow mediatranscoding mediatranscoding_service (service_manager (add find)))
 ;;* lmx 15 system/sepolicy/private/mediatranscoding.te
 
-(neverallow base_typeattr_807 mediatranscoding_service (service_manager (add)))
+(neverallow base_typeattr_803 mediatranscoding_service (service_manager (add)))
 ;;* lme
 
 (allow mediatranscoding mediaserver_service (service_manager (find)))
@@ -23638,16 +23228,13 @@
 (typetransition init mediatuner_exec process mediatuner)
 (allow mediatuner servicemanager (binder (call transfer)))
 (allow servicemanager mediatuner (binder (call transfer)))
-(allow servicemanager mediatuner (dir (search)))
-(allow servicemanager mediatuner (file (read open)))
-(allow servicemanager mediatuner (process (getattr)))
 (allow mediatuner appdomain (binder (call transfer)))
 (allow appdomain mediatuner (binder (transfer)))
 (allow mediatuner appdomain (fd (use)))
 (allow mediatuner mediatuner_service (service_manager (add find)))
 ;;* lmx 14 system/sepolicy/private/mediatuner.te
 
-(neverallow base_typeattr_808 mediatuner_service (service_manager (add)))
+(neverallow base_typeattr_804 mediatuner_service (service_manager (add)))
 ;;* lme
 
 (allow mediatuner system_server (fd (use)))
@@ -23703,47 +23290,6 @@
 (allow memcgv2_activation_depth init (unix_stream_socket (connectto)))
 (allow memcgv2_activation_depth powerctl_prop (property_service (set)))
 (allow memcgv2_activation_depth powerctl_prop (file (read getattr map open)))
-(allow init microfuchsiad_exec (file (read getattr map execute open)))
-(allow init microfuchsiad (process (transition)))
-(allow microfuchsiad microfuchsiad_exec (file (read getattr map execute open entrypoint)))
-(dontaudit init microfuchsiad (process (noatsecure)))
-(allow init microfuchsiad (process (siginh rlimitinh)))
-(typetransition init microfuchsiad_exec process microfuchsiad)
-(allow microfuchsiad servicemanager (binder (call transfer)))
-(allow servicemanager microfuchsiad (binder (call transfer)))
-(allow servicemanager microfuchsiad (dir (search)))
-(allow servicemanager microfuchsiad (file (read open)))
-(allow servicemanager microfuchsiad (process (getattr)))
-(allow microfuchsiad microfuchsia_service (service_manager (add find)))
-;;* lmx 1 system/sepolicy/private/microfuchsiad.te
-
-(neverallow base_typeattr_809 microfuchsia_service (service_manager (add)))
-;;* lme
-
-(allow microfuchsiad system_server (binder (call transfer)))
-(allow system_server microfuchsiad (binder (transfer)))
-(allow microfuchsiad system_server (fd (use)))
-(allow microfuchsiad virtualizationmanager_exec (file (read getattr map execute open)))
-(allow microfuchsiad virtualizationmanager (process (transition)))
-(allow virtualizationmanager virtualizationmanager_exec (file (read getattr map execute open entrypoint)))
-(allow virtualizationmanager microfuchsiad (process (sigchld)))
-(dontaudit microfuchsiad virtualizationmanager (process (noatsecure)))
-(allow microfuchsiad virtualizationmanager (process (siginh rlimitinh)))
-(typetransition microfuchsiad virtualizationmanager_exec process virtualizationmanager)
-(allow crosvm microfuchsiad (unix_stream_socket (ioctl read write getattr)))
-(allow virtualizationmanager microfuchsiad (unix_stream_socket (ioctl read write getattr)))
-(allow crosvm microfuchsiad (fd (use)))
-(allow virtualizationmanager microfuchsiad (fd (use)))
-(allow microfuchsiad virtualizationmanager (fd (use)))
-(allow crosvm microfuchsiad (fifo_file (ioctl read write getattr)))
-(allow virtualizationmanager microfuchsiad (fifo_file (ioctl read write getattr)))
-(allow microfuchsiad virtualizationmanager (vsock_socket (read write getattr getopt)))
-(allow microfuchsiad hypervisor_prop (file (read getattr map open)))
-(allow microfuchsiad virtualizationservice_data_file (file (read getattr)))
-(allow virtualizationmanager microfuchsiad (dir (search)))
-(allow virtualizationmanager microfuchsiad (file (read)))
-(allow virtualizationmanager microfuchsiad (lnk_file (read)))
-(allow microfuchsiad devpts (chr_file (ioctl read write getattr open)))
 (allow migrate_legacy_obb_data media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
 (allow migrate_legacy_obb_data media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
 (allow migrate_legacy_obb_data shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
@@ -23778,35 +23324,20 @@
 (dontaudit misctrl vendor_property_type (file (read)))
 ;;* lmx 16 system/sepolicy/private/mlstrustedsubject.te
 
-(neverallow base_typeattr_810 app_data_file (file (create setattr relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_810 privapp_data_file (file (create setattr relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_810 storage_area_content_file (file (create setattr relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_805 app_data_file (file (create setattr relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_805 privapp_data_file (file (create setattr relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 ;;* lmx 26 system/sepolicy/private/mlstrustedsubject.te
 
-(neverallow base_typeattr_810 app_data_file (dir (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
-(neverallow base_typeattr_810 privapp_data_file (dir (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
-(neverallow base_typeattr_810 storage_area_content_file (dir (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
-;;* lme
-
-;;* lmx 27 system/sepolicy/private/mlstrustedsubject.te
-
-(neverallow base_typeattr_811 storage_area_app_dir (dir (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
-(neverallow base_typeattr_811 storage_area_dir (dir (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_805 app_data_file (dir (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_805 privapp_data_file (dir (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
 ;;* lme
 
 ;;* lmx 49 system/sepolicy/private/mlstrustedsubject.te
 
-(neverallow base_typeattr_812 app_data_file (dir (read getattr search)))
-(neverallow base_typeattr_812 privapp_data_file (dir (read getattr search)))
-(neverallow base_typeattr_812 storage_area_content_file (dir (read getattr search)))
-;;* lme
-
-;;* lmx 51 system/sepolicy/private/mlstrustedsubject.te
-
-(neverallow base_typeattr_813 storage_area_app_dir (dir (read getattr search)))
-(neverallow base_typeattr_813 storage_area_dir (dir (read getattr search)))
+(neverallow base_typeattr_806 app_data_file (dir (read getattr search)))
+(neverallow base_typeattr_806 privapp_data_file (dir (read getattr search)))
 ;;* lme
 
 (allow init mm_events_exec (file (read getattr map execute open)))
@@ -23844,14 +23375,11 @@
 (allow mmd mmd_service (service_manager (add find)))
 ;;* lmx 15 system/sepolicy/private/mmd.te
 
-(neverallow base_typeattr_814 mmd_service (service_manager (add)))
+(neverallow base_typeattr_807 mmd_service (service_manager (add)))
 ;;* lme
 
 (allow mmd servicemanager (binder (call transfer)))
 (allow servicemanager mmd (binder (call transfer)))
-(allow servicemanager mmd (dir (search)))
-(allow servicemanager mmd (file (read open)))
-(allow servicemanager mmd (process (getattr)))
 (allow mmd proc_swaps (file (ioctl read getattr lock map open watch watch_reads)))
 (allow mmd sysfs_zram (dir (search)))
 (allow mmd sysfs_zram (file (ioctl read write getattr lock append map open watch watch_reads)))
@@ -23893,13 +23421,13 @@
 (allow mtectrl proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
 (dontaudit mtectrl sysfs_dt_firmware_android (dir (search)))
 (dontaudit mtectrl vendor_property_type (file (read)))
-(allow base_typeattr_815 node_type (tcp_socket (node_bind)))
-(allow base_typeattr_815 node_type (udp_socket (node_bind)))
-(allow base_typeattr_815 node_type (rawip_socket (node_bind)))
-(allow base_typeattr_815 node_type (icmp_socket (node_bind)))
-(allow base_typeattr_815 port_type (udp_socket (name_bind)))
-(allow base_typeattr_815 port_type (tcp_socket (name_bind)))
-(allow base_typeattr_816 self (netlink_route_socket (bind nlmsg_readpriv nlmsg_getneigh)))
+(allow base_typeattr_808 node_type (tcp_socket (node_bind)))
+(allow base_typeattr_808 node_type (udp_socket (node_bind)))
+(allow base_typeattr_808 node_type (rawip_socket (node_bind)))
+(allow base_typeattr_808 node_type (icmp_socket (node_bind)))
+(allow base_typeattr_808 port_type (udp_socket (name_bind)))
+(allow base_typeattr_808 port_type (tcp_socket (name_bind)))
+(allow base_typeattr_809 self (netlink_route_socket (bind nlmsg_readpriv nlmsg_getneigh)))
 (allow netdomain self (tcp_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
 (allow netdomain self (udp_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
 (allow netdomain self (rawip_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
@@ -24009,25 +23537,22 @@
 (allow netd dnsmasq (process (sigkill signal)))
 (allow netd servicemanager (binder (call transfer)))
 (allow servicemanager netd (binder (call transfer)))
-(allow servicemanager netd (dir (search)))
-(allow servicemanager netd (file (read open)))
-(allow servicemanager netd (process (getattr)))
 (allow netd netd_service (service_manager (add find)))
 ;;* lmx 116 system/sepolicy/private/netd.te
 
-(neverallow base_typeattr_817 netd_service (service_manager (add)))
+(neverallow base_typeattr_810 netd_service (service_manager (add)))
 ;;* lme
 
 (allow netd dnsresolver_service (service_manager (add find)))
 ;;* lmx 117 system/sepolicy/private/netd.te
 
-(neverallow base_typeattr_817 dnsresolver_service (service_manager (add)))
+(neverallow base_typeattr_810 dnsresolver_service (service_manager (add)))
 ;;* lme
 
 (allow netd mdns_service (service_manager (add find)))
 ;;* lmx 118 system/sepolicy/private/netd.te
 
-(neverallow base_typeattr_817 mdns_service (service_manager (add)))
+(neverallow base_typeattr_810 mdns_service (service_manager (add)))
 ;;* lme
 
 (allow netd dumpstate (fifo_file (write getattr)))
@@ -24045,21 +23570,18 @@
 (allow netd hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 142 system/sepolicy/private/netd.te
 
-(neverallow base_typeattr_817 system_net_netd_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_810 system_net_netd_hwservice (hwservice_manager (add)))
 ;;* lme
 
 (allow netd hwservicemanager (binder (call transfer)))
 (allow hwservicemanager netd (binder (call transfer)))
-(allow hwservicemanager netd (dir (search)))
-(allow hwservicemanager netd (file (read map open)))
-(allow hwservicemanager netd (process (getattr)))
 (allow system_net_netd_service servicemanager (binder (call transfer)))
 (allow servicemanager system_net_netd_service (binder (transfer)))
 (allow system_net_netd_service servicemanager (fd (use)))
 (allow netd system_net_netd_service (service_manager (add find)))
 ;;* lmx 147 system/sepolicy/private/netd.te
 
-(neverallow base_typeattr_817 system_net_netd_service (service_manager (add)))
+(neverallow base_typeattr_810 system_net_netd_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 155 system/sepolicy/private/netd.te
@@ -24103,17 +23625,17 @@
 
 ;;* lmx 174 system/sepolicy/private/netd.te
 
-(neverallow base_typeattr_818 netd_service (service_manager (find)))
+(neverallow base_typeattr_811 netd_service (service_manager (find)))
 ;;* lme
 
 ;;* lmx 184 system/sepolicy/private/netd.te
 
-(neverallow base_typeattr_818 dnsresolver_service (service_manager (find)))
+(neverallow base_typeattr_811 dnsresolver_service (service_manager (find)))
 ;;* lme
 
 ;;* lmx 194 system/sepolicy/private/netd.te
 
-(neverallow base_typeattr_818 mdns_service (service_manager (find)))
+(neverallow base_typeattr_811 mdns_service (service_manager (find)))
 ;;* lme
 
 ;;* lmx 197 system/sepolicy/private/netd.te
@@ -24148,12 +23670,12 @@
 (dontaudit netd appdomain (unix_stream_socket (read write)))
 ;;* lmx 221 system/sepolicy/private/netd.te
 
-(neverallow base_typeattr_819 netd_stable_secret_prop (file (ioctl read getattr lock map open watch watch_reads)))
+(neverallow base_typeattr_812 netd_stable_secret_prop (file (ioctl read getattr lock map open watch watch_reads)))
 ;;* lme
 
 ;;* lmx 225 system/sepolicy/private/netd.te
 
-(neverallow base_typeattr_820 netd_stable_secret_prop (property_service (set)))
+(neverallow base_typeattr_813 netd_stable_secret_prop (property_service (set)))
 ;;* lme
 
 (allow netutils_wrapper system_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -24174,9 +23696,6 @@
 (allow netutils_wrapper mdns_service (service_manager (find)))
 (allow netutils_wrapper servicemanager (binder (call transfer)))
 (allow servicemanager netutils_wrapper (binder (call transfer)))
-(allow servicemanager netutils_wrapper (dir (search)))
-(allow servicemanager netutils_wrapper (file (read open)))
-(allow servicemanager netutils_wrapper (process (getattr)))
 (allow netutils_wrapper netd (binder (call transfer)))
 (allow netd netutils_wrapper (binder (transfer)))
 (allow netutils_wrapper netd (fd (use)))
@@ -24217,23 +23736,23 @@
 (dontaudit su network_stack_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 6 system/sepolicy/private/network_stack.te
 
-(neverallow base_typeattr_821 network_stack_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_814 network_stack_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow network_stack appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 6 system/sepolicy/private/network_stack.te
 
-(neverallow base_typeattr_822 base_typeattr_821 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_815 base_typeattr_814 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/network_stack.te
 
-(neverallow base_typeattr_823 network_stack (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_816 network_stack (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/network_stack.te
 
-(neverallow base_typeattr_824 network_stack (process (ptrace)))
+(neverallow base_typeattr_817 network_stack (process (ptrace)))
 ;;* lme
 
 (allow network_stack self (capability (net_bind_service net_broadcast net_admin net_raw)))
@@ -24355,29 +23874,29 @@
 (dontaudit su nfc_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 3 system/sepolicy/private/nfc.te
 
-(neverallow base_typeattr_825 nfc_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_818 nfc_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow nfc appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 3 system/sepolicy/private/nfc.te
 
-(neverallow base_typeattr_826 base_typeattr_825 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_819 base_typeattr_818 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 3 system/sepolicy/private/nfc.te
 
-(neverallow base_typeattr_827 nfc (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_820 nfc (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 3 system/sepolicy/private/nfc.te
 
-(neverallow base_typeattr_828 nfc (process (ptrace)))
+(neverallow base_typeattr_821 nfc (process (ptrace)))
 ;;* lme
 
 (allow nfc nfc_service (service_manager (add find)))
 ;;* lmx 7 system/sepolicy/private/nfc.te
 
-(neverallow base_typeattr_825 nfc_service (service_manager (add)))
+(neverallow base_typeattr_818 nfc_service (service_manager (add)))
 ;;* lme
 
 (allow nfc nfc_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
@@ -24412,7 +23931,7 @@
 (dontaudit su odrefresh_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 14 system/sepolicy/private/odrefresh.te
 
-(neverallow base_typeattr_829 odrefresh_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_822 odrefresh_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow odrefresh apex_art_staging_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
@@ -24449,17 +23968,17 @@
 (allow odrefresh artd (fd (use)))
 ;;* lmx 65 system/sepolicy/private/odrefresh.te
 
-(neverallow base_typeattr_830 apex_art_staging_data_file (file (open)))
+(neverallow base_typeattr_823 apex_art_staging_data_file (file (open)))
 ;;* lme
 
 ;;* lmx 71 system/sepolicy/private/odrefresh.te
 
-(neverallow base_typeattr_831 odrefresh_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_824 odrefresh_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 ;;* lmx 72 system/sepolicy/private/odrefresh.te
 
-(neverallow base_typeattr_832 odrefresh_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_825 odrefresh_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 (allow init odsign_exec (file (read getattr map execute open)))
@@ -24483,12 +24002,6 @@
 (allowx odsign apex_art_data_file (ioctl file (0x6601 (range 0x6685 0x6686))))
 (allow odsign servicemanager (binder (call transfer)))
 (allow servicemanager odsign (binder (call transfer)))
-(allow servicemanager odsign (dir (search)))
-(allow servicemanager odsign (file (read open)))
-(allow servicemanager odsign (process (getattr)))
-(allow keystore odsign (dir (search)))
-(allow keystore odsign (file (read open)))
-(allow keystore odsign (process (getattr)))
 (allow odsign apc_service (service_manager (find)))
 (allow odsign keystore_service (service_manager (find)))
 (allow odsign legacykeystore_service (service_manager (find)))
@@ -24522,7 +24035,7 @@
 (allow odsign odsign_prop (file (read getattr map open)))
 ;;* lmx 59 system/sepolicy/private/odsign.te
 
-(neverallow base_typeattr_833 odsign_prop (property_service (set)))
+(neverallow base_typeattr_826 odsign_prop (property_service (set)))
 ;;* lme
 
 (allow odsign property_socket (sock_file (write)))
@@ -24531,12 +24044,12 @@
 (allow odsign ctl_odsign_prop (file (read getattr map open)))
 ;;* lmx 65 system/sepolicy/private/odsign.te
 
-(neverallow base_typeattr_833 odsign_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_826 odsign_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
 ;;* lme
 
 ;;* lmx 66 system/sepolicy/private/odsign.te
 
-(neverallow base_typeattr_833 odsign_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_826 odsign_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 (allow init ot_daemon_exec (file (read getattr map execute open)))
@@ -24553,13 +24066,10 @@
 (allow ot_daemon system_server (udp_socket (ioctl read write getattr setattr lock append map bind connect getopt setopt shutdown)))
 (allow ot_daemon servicemanager (binder (call transfer)))
 (allow servicemanager ot_daemon (binder (call transfer)))
-(allow servicemanager ot_daemon (dir (search)))
-(allow servicemanager ot_daemon (file (read open)))
-(allow servicemanager ot_daemon (process (getattr)))
 (allow ot_daemon ot_daemon_service (service_manager (add find)))
 ;;* lmx 36 system/sepolicy/private/ot_daemon.te
 
-(neverallow base_typeattr_834 ot_daemon_service (service_manager (add)))
+(neverallow base_typeattr_827 ot_daemon_service (service_manager (add)))
 ;;* lme
 
 (allow ot_daemon system_server (binder (call transfer)))
@@ -24571,7 +24081,7 @@
 (allow ot_daemon dumpstate (fifo_file (write)))
 ;;* lmx 53 system/sepolicy/private/ot_daemon.te
 
-(neverallow base_typeattr_835 ot_daemon_socket (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_828 ot_daemon_socket (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow otapreopt_chroot postinstall_file (dir (mounton search)))
@@ -24675,9 +24185,6 @@
 (allow perfetto tracingproxy_service (service_manager (find)))
 (allow perfetto servicemanager (binder (call transfer)))
 (allow servicemanager perfetto (binder (call transfer)))
-(allow servicemanager perfetto (dir (search)))
-(allow servicemanager perfetto (file (read open)))
-(allow servicemanager perfetto (process (getattr)))
 (allow perfetto system_server (binder (call transfer)))
 (allow system_server perfetto (binder (transfer)))
 (allow perfetto system_server (fd (use)))
@@ -24710,12 +24217,12 @@
 (dontauditx perfetto shell (ioctl fifo_file ((range 0x5401 0x5404) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
 ;;* lmx 99 system/sepolicy/private/perfetto.te
 
-(neverallow base_typeattr_836 perfetto_traces_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_829 perfetto_traces_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 ;;* lmx 109 system/sepolicy/private/perfetto.te
 
-(neverallow base_typeattr_837 perfetto_traces_data_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_830 perfetto_traces_data_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 ;;* lmx 115 system/sepolicy/private/perfetto.te
@@ -24735,17 +24242,17 @@
 
 ;;* lmx 139 system/sepolicy/private/perfetto.te
 
-(neverallow perfetto base_typeattr_838 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow perfetto base_typeattr_831 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 ;;* lmx 144 system/sepolicy/private/perfetto.te
 
-(neverallow perfetto base_typeattr_839 (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
+(neverallow perfetto base_typeattr_832 (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
 ;;* lme
 
 ;;* lmx 152 system/sepolicy/private/perfetto.te
 
-(neverallow perfetto base_typeattr_840 (file (ioctl read create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow perfetto base_typeattr_833 (file (ioctl read create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 (allow init performanced_exec (file (read getattr map execute open)))
@@ -24756,9 +24263,6 @@
 (typetransition init performanced_exec process performanced)
 (allow performanced servicemanager (binder (call transfer)))
 (allow servicemanager performanced (binder (call transfer)))
-(allow servicemanager performanced (dir (search)))
-(allow servicemanager performanced (file (read open)))
-(allow servicemanager performanced (process (getattr)))
 (allow performanced system_server (binder (call transfer)))
 (allow system_server performanced (binder (transfer)))
 (allow performanced system_server (fd (use)))
@@ -24769,7 +24273,7 @@
 (allow performanced pdx_performance_client_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
 ;;* lmx 10 system/sepolicy/private/performanced.te
 
-(neverallow base_typeattr_841 pdx_performance_client_endpoint_socket_type (unix_stream_socket (listen accept)))
+(neverallow base_typeattr_834 pdx_performance_client_endpoint_socket_type (unix_stream_socket (listen accept)))
 ;;* lme
 
 (allow performanced self (capability (setgid setuid sys_nice)))
@@ -24802,23 +24306,23 @@
 (dontaudit su permissioncontroller_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 6 system/sepolicy/private/permissioncontroller_app.te
 
-(neverallow base_typeattr_842 permissioncontroller_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_835 permissioncontroller_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow permissioncontroller_app appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 6 system/sepolicy/private/permissioncontroller_app.te
 
-(neverallow base_typeattr_843 base_typeattr_842 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_836 base_typeattr_835 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/permissioncontroller_app.te
 
-(neverallow base_typeattr_844 permissioncontroller_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_837 permissioncontroller_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/permissioncontroller_app.te
 
-(neverallow base_typeattr_845 permissioncontroller_app (process (ptrace)))
+(neverallow base_typeattr_838 permissioncontroller_app (process (ptrace)))
 ;;* lme
 
 (allow permissioncontroller_app app_api_service (service_manager (find)))
@@ -24838,23 +24342,23 @@
 (dontaudit su platform_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 7 system/sepolicy/private/platform_app.te
 
-(neverallow base_typeattr_846 platform_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_839 platform_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow platform_app appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 7 system/sepolicy/private/platform_app.te
 
-(neverallow base_typeattr_847 base_typeattr_846 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_840 base_typeattr_839 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/platform_app.te
 
-(neverallow base_typeattr_848 platform_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_841 platform_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/platform_app.te
 
-(neverallow base_typeattr_849 platform_app (process (ptrace)))
+(neverallow base_typeattr_842 platform_app (process (ptrace)))
 ;;* lme
 
 (allow platform_app shell_data_file (dir (search)))
@@ -24878,7 +24382,7 @@
 (allow platform_app radio_cdma_ecm_prop (file (read getattr map open)))
 ;;* lmx 46 system/sepolicy/private/platform_app.te
 
-(neverallow base_typeattr_480 persist_wm_debug_prop (property_service (set)))
+(neverallow base_typeattr_476 persist_wm_debug_prop (property_service (set)))
 ;;* lme
 
 (allow platform_app property_socket (sock_file (write)))
@@ -24974,9 +24478,6 @@
 (allow postinstall toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
 (allow postinstall servicemanager (binder (call transfer)))
 (allow servicemanager postinstall (binder (call transfer)))
-(allow servicemanager postinstall (dir (search)))
-(allow servicemanager postinstall (file (read open)))
-(allow servicemanager postinstall (process (getattr)))
 (allow postinstall system_server (binder (call transfer)))
 (allow system_server postinstall (binder (transfer)))
 (allow postinstall system_server (fd (use)))
@@ -24985,7 +24486,7 @@
 (allow postinstall sysfs_fs_f2fs (dir (ioctl read getattr lock open watch watch_reads search)))
 ;;* lmx 53 system/sepolicy/private/postinstall.te
 
-(neverallow base_typeattr_850 postinstall (process (transition dyntransition)))
+(neverallow base_typeattr_843 postinstall (process (transition dyntransition)))
 ;;* lme
 
 (allow postinstall_dexopt dex2oat_exec (file (read getattr map execute open)))
@@ -25079,7 +24580,7 @@
 (allow prefetch prefetch_service_prop (file (read getattr map open)))
 ;;* lmx 24 system/sepolicy/private/prefetch.te
 
-(neverallow base_typeattr_851 ctl_prefetch_prop (property_service (set)))
+(neverallow base_typeattr_844 ctl_prefetch_prop (property_service (set)))
 ;;* lme
 
 (allow init preloads_copy_exec (file (read getattr map execute open)))
@@ -25104,23 +24605,23 @@
 (dontaudit su priv_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 6 system/sepolicy/private/priv_app.te
 
-(neverallow base_typeattr_852 priv_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_845 priv_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow priv_app appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 6 system/sepolicy/private/priv_app.te
 
-(neverallow base_typeattr_853 base_typeattr_852 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_846 base_typeattr_845 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/priv_app.te
 
-(neverallow base_typeattr_854 priv_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_847 priv_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/priv_app.te
 
-(neverallow base_typeattr_855 priv_app (process (ptrace)))
+(neverallow base_typeattr_848 priv_app (process (ptrace)))
 ;;* lme
 
 (typetransition priv_app devpts chr_file priv_app_devpts)
@@ -25330,12 +24831,12 @@
 
 ;;* lmx 275 system/sepolicy/private/priv_app.te
 
-(neverallow priv_app base_typeattr_856 (file (execute execute_no_trans)))
+(neverallow priv_app base_typeattr_849 (file (execute execute_no_trans)))
 ;;* lme
 
 ;;* lmx 278 system/sepolicy/private/priv_app.te
 
-(neverallow priv_app base_typeattr_856 (lnk_file (read getattr open)))
+(neverallow priv_app base_typeattr_849 (lnk_file (read getattr open)))
 ;;* lme
 
 ;;* lmx 281 system/sepolicy/private/priv_app.te
@@ -25926,7 +25427,7 @@
 (allow vendor_init init (unix_stream_socket (connectto)))
 (allow vendor_init high_barometer_quality_prop (property_service (set)))
 (allow vendor_init high_barometer_quality_prop (file (read getattr map open)))
-;;* lmx 116 system/sepolicy/private/property.te
+;;* lmx 119 system/sepolicy/private/property.te
 
 (neverallow base_typeattr_233 high_barometer_quality_prop (property_service (set)))
 ;;* lme
@@ -25935,7 +25436,7 @@
 (allow vendor_init init (unix_stream_socket (connectto)))
 (allow vendor_init mmd_prop (property_service (set)))
 (allow vendor_init mmd_prop (file (read getattr map open)))
-;;* lmx 117 system/sepolicy/private/property.te
+;;* lmx 120 system/sepolicy/private/property.te
 
 (neverallow base_typeattr_233 mmd_prop (property_service (set)))
 ;;* lme
@@ -25944,7 +25445,7 @@
 (allow vendor_init init (unix_stream_socket (connectto)))
 (allow vendor_init mmd_shared_prop (property_service (set)))
 (allow vendor_init mmd_shared_prop (file (read getattr map open)))
-;;* lmx 118 system/sepolicy/private/property.te
+;;* lmx 121 system/sepolicy/private/property.te
 
 (neverallow base_typeattr_233 mmd_shared_prop (property_service (set)))
 ;;* lme
@@ -25953,7 +25454,7 @@
 (allow vendor_init init (unix_stream_socket (connectto)))
 (allow vendor_init prefetch_boot_prop (property_service (set)))
 (allow vendor_init prefetch_boot_prop (file (read getattr map open)))
-;;* lmx 119 system/sepolicy/private/property.te
+;;* lmx 122 system/sepolicy/private/property.te
 
 (neverallow base_typeattr_233 prefetch_boot_prop (property_service (set)))
 ;;* lme
@@ -25961,27 +25462,27 @@
 (allow property_type tmpfs (filesystem (associate)))
 ;;* lmx 166 system/sepolicy/private/property.te
 
-(neverallow domain base_typeattr_857 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow domain base_typeattr_850 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 166 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_232 base_typeattr_858 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_232 base_typeattr_851 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 166 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_232 base_typeattr_859 (property_service (set)))
+(neverallow base_typeattr_232 base_typeattr_852 (property_service (set)))
 ;;* lme
 
 ;;* lmx 166 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_234 base_typeattr_860 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_234 base_typeattr_853 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 166 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_340 base_typeattr_861 (property_service (set)))
+(neverallow base_typeattr_340 base_typeattr_854 (property_service (set)))
 ;;* lme
 
 ;;* lmx 209 system/sepolicy/private/property.te
@@ -25991,7 +25492,7 @@
 
 ;;* lmx 235 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_239 base_typeattr_862 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_239 base_typeattr_855 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 243 system/sepolicy/private/property.te
@@ -26009,7 +25510,7 @@
 (dontaudit domain ctl_default_prop (property_service (set)))
 ;;* lmx 262 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_863 init_storage_prop (property_service (set)))
+(neverallow base_typeattr_856 init_storage_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 267 system/sepolicy/private/property.te
@@ -26019,92 +25520,92 @@
 
 ;;* lmx 274 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_864 init_svc_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_857 init_svc_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 285 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_865 misctrl_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_858 misctrl_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 291 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_866 misctrl_prop (property_service (set)))
+(neverallow base_typeattr_859 misctrl_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_867 base_typeattr_868 (property_service (set)))
+(neverallow base_typeattr_860 base_typeattr_861 (property_service (set)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_869 nfc_prop (property_service (set)))
+(neverallow base_typeattr_862 nfc_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_870 radio_control_prop (property_service (set)))
+(neverallow base_typeattr_863 radio_control_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_871 radio_prop (property_service (set)))
+(neverallow base_typeattr_864 radio_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_872 bluetooth_prop (property_service (set)))
+(neverallow base_typeattr_865 bluetooth_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_873 exported_bluetooth_prop (property_service (set)))
+(neverallow base_typeattr_866 exported_bluetooth_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_874 exported_camera_prop (property_service (set)))
+(neverallow base_typeattr_867 exported_camera_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_875 wifi_prop (property_service (set)))
+(neverallow base_typeattr_868 wifi_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_876 wifi_hal_prop (property_service (set)))
+(neverallow base_typeattr_869 wifi_hal_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_867 base_typeattr_877 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_860 base_typeattr_870 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_878 dalvik_dynamic_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_871 dalvik_dynamic_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_869 nfc_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_862 nfc_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_871 radio_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_864 radio_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_872 bluetooth_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_865 bluetooth_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_875 wifi_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_868 wifi_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 293 system/sepolicy/private/property.te
@@ -26124,13 +25625,13 @@
 
 ;;* lmx 293 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_864 suspend_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_857 suspend_debug_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (dontaudit system_suspend suspend_debug_prop (file (ioctl read getattr lock map open watch watch_reads)))
 ;;* lmx 490 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_879 base_typeattr_880 (property_service (set)))
+(neverallow base_typeattr_872 base_typeattr_873 (property_service (set)))
 ;;* lme
 
 ;;* lmx 510 system/sepolicy/private/property.te
@@ -26151,12 +25652,12 @@
 
 ;;* lmx 539 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_881 adbd_config_prop (property_service (set)))
+(neverallow base_typeattr_874 adbd_config_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 549 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_882 adbd_prop (property_service (set)))
+(neverallow base_typeattr_875 adbd_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 557 system/sepolicy/private/property.te
@@ -26166,7 +25667,7 @@
 
 ;;* lmx 567 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_851 userspace_reboot_test_prop (property_service (set)))
+(neverallow base_typeattr_844 userspace_reboot_test_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 576 system/sepolicy/private/property.te
@@ -26181,13 +25682,13 @@
 
 ;;* lmx 598 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_883 arm64_memtag_prop (property_service (set)))
-(neverallow base_typeattr_883 gwp_asan_prop (property_service (set)))
+(neverallow base_typeattr_876 arm64_memtag_prop (property_service (set)))
+(neverallow base_typeattr_876 gwp_asan_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 607 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_884 kcmdline_prop (property_service (set)))
+(neverallow base_typeattr_877 kcmdline_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 614 system/sepolicy/private/property.te
@@ -26226,7 +25727,7 @@
 
 ;;* lmx 665 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_885 telephony_status_prop (property_service (set)))
+(neverallow base_typeattr_878 telephony_status_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 673 system/sepolicy/private/property.te
@@ -26236,12 +25737,12 @@
 
 ;;* lmx 681 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_886 surfaceflinger_display_prop (property_service (set)))
+(neverallow base_typeattr_879 surfaceflinger_display_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 688 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_867 packagemanager_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_860 packagemanager_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 694 system/sepolicy/private/property.te
@@ -26256,7 +25757,7 @@
 
 ;;* lmx 709 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_887 oem_unlock_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_880 oem_unlock_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 715 system/sepolicy/private/property.te
@@ -26266,17 +25767,17 @@
 
 ;;* lmx 723 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_888 sendbug_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_881 sendbug_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 731 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_888 camera_calibration_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_881 camera_calibration_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 739 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_889 hal_dumpstate_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_882 hal_dumpstate_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 750 system/sepolicy/private/property.te
@@ -26311,7 +25812,7 @@
 
 ;;* lmx 786 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_851 sqlite_log_prop (property_service (set)))
+(neverallow base_typeattr_844 sqlite_log_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 792 system/sepolicy/private/property.te
@@ -26332,7 +25833,7 @@
 
 ;;* lmx 810 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_890 remote_prov_prop (property_service (set)))
+(neverallow base_typeattr_883 remote_prov_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 815 system/sepolicy/private/property.te
@@ -26342,7 +25843,7 @@
 
 ;;* lmx 822 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_851 rollback_test_prop (property_service (set)))
+(neverallow base_typeattr_844 rollback_test_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 828 system/sepolicy/private/property.te
@@ -26352,7 +25853,7 @@
 
 ;;* lmx 836 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_891 ctl_apex_load_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_884 ctl_apex_load_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 842 system/sepolicy/private/property.te
@@ -26362,12 +25863,12 @@
 
 ;;* lmx 850 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_892 apex_ready_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_885 apex_ready_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 858 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_893 profcollectd_node_id_prop (file (ioctl read getattr lock map open watch watch_reads)))
+(neverallow base_typeattr_886 profcollectd_node_id_prop (file (ioctl read getattr lock map open watch watch_reads)))
 ;;* lme
 
 ;;* lmx 863 system/sepolicy/private/property.te
@@ -26382,7 +25883,7 @@
 
 ;;* lmx 876 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_894 usb_uvc_enabled_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_887 usb_uvc_enabled_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 882 system/sepolicy/private/property.te
@@ -26392,12 +25893,12 @@
 
 ;;* lmx 889 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_851 bionic_linker_16kb_app_compat_prop (property_service (set)))
+(neverallow base_typeattr_844 bionic_linker_16kb_app_compat_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 896 system/sepolicy/private/property.te
 
-(neverallow base_typeattr_851 pm_16kb_app_compat_prop (property_service (set)))
+(neverallow base_typeattr_844 pm_16kb_app_compat_prop (property_service (set)))
 ;;* lme
 
 (typetransition radio tmpfs file appdomain_tmpfs)
@@ -26405,23 +25906,23 @@
 (dontaudit su radio_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 3 system/sepolicy/private/radio.te
 
-(neverallow base_typeattr_895 radio_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_888 radio_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow radio appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 3 system/sepolicy/private/radio.te
 
-(neverallow base_typeattr_896 base_typeattr_895 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_889 base_typeattr_888 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 3 system/sepolicy/private/radio.te
 
-(neverallow base_typeattr_897 radio (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_890 radio (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 3 system/sepolicy/private/radio.te
 
-(neverallow base_typeattr_898 radio (process (ptrace)))
+(neverallow base_typeattr_891 radio (process (ptrace)))
 ;;* lme
 
 (allow radio runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
@@ -26473,7 +25974,7 @@
 (allow radio radio_service (service_manager (add find)))
 ;;* lmx 51 system/sepolicy/private/radio.te
 
-(neverallow base_typeattr_895 radio_service (service_manager (add)))
+(neverallow base_typeattr_888 radio_service (service_manager (add)))
 ;;* lme
 
 (allow radio audioserver_service (service_manager (find)))
@@ -26487,23 +25988,20 @@
 (allow radio timezonedetector_service (service_manager (find)))
 (allow radio hwservicemanager (binder (call transfer)))
 (allow hwservicemanager radio (binder (call transfer)))
-(allow hwservicemanager radio (dir (search)))
-(allow hwservicemanager radio (file (read map open)))
-(allow hwservicemanager radio (process (getattr)))
 (allow radio proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
 ;;* lmx 74 system/sepolicy/private/radio.te
 
-(neverallow base_typeattr_899 binder_cache_telephony_server_prop (property_service (set)))
+(neverallow base_typeattr_892 binder_cache_telephony_server_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 206 system/sepolicy/private/recovery.te
 
-(neverallow recovery base_typeattr_900 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
+(neverallow recovery base_typeattr_893 (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
 ;;* lme
 
 ;;* lmx 212 system/sepolicy/private/recovery.te
 
-(neverallow recovery base_typeattr_900 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
+(neverallow recovery base_typeattr_893 (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
 ;;* lme
 
 (allow init recovery_persist_exec (file (read getattr map execute open)))
@@ -26561,7 +26059,7 @@
 
 ;;* lmx 39 system/sepolicy/private/recovery_persist.te
 
-(neverallow recovery_persist base_typeattr_901 (file (write)))
+(neverallow recovery_persist base_typeattr_894 (file (write)))
 ;;* lme
 
 (allow init recovery_refresh_exec (file (read getattr map execute open)))
@@ -26619,14 +26117,11 @@
 (allow remote_provisioning_service_server remote_provisioning_service (service_manager (add find)))
 ;;* lmx 3 system/sepolicy/private/remote_provisioning_service_server.te
 
-(neverallow base_typeattr_902 remote_provisioning_service (service_manager (add)))
+(neverallow base_typeattr_895 remote_provisioning_service (service_manager (add)))
 ;;* lme
 
 (allow remote_provisioning_service_server servicemanager (binder (call transfer)))
 (allow servicemanager remote_provisioning_service_server (binder (call transfer)))
-(allow servicemanager remote_provisioning_service_server (dir (search)))
-(allow servicemanager remote_provisioning_service_server (file (read open)))
-(allow servicemanager remote_provisioning_service_server (process (getattr)))
 (allow init rkp_cert_processor_exec (file (read getattr map execute open)))
 (allow init rkp_cert_processor (process (transition)))
 (allow rkp_cert_processor rkp_cert_processor_exec (file (read getattr map execute open entrypoint)))
@@ -26635,16 +26130,13 @@
 (typetransition init rkp_cert_processor_exec process rkp_cert_processor)
 (allow rkp_cert_processor servicemanager (binder (call transfer)))
 (allow servicemanager rkp_cert_processor (binder (call transfer)))
-(allow servicemanager rkp_cert_processor (dir (search)))
-(allow servicemanager rkp_cert_processor (file (read open)))
-(allow servicemanager rkp_cert_processor (process (getattr)))
 (allow rkp_cert_processor system_server (binder (call transfer)))
 (allow system_server rkp_cert_processor (binder (transfer)))
 (allow rkp_cert_processor system_server (fd (use)))
 (allow rkp_cert_processor rkp_cert_processor_service (service_manager (add find)))
 ;;* lmx 11 system/sepolicy/private/rkp_cert_processor.te
 
-(neverallow base_typeattr_903 rkp_cert_processor_service (service_manager (add)))
+(neverallow base_typeattr_896 rkp_cert_processor_service (service_manager (add)))
 ;;* lme
 
 (allow rkp_cert_processor system_bootstrap_lib_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -26652,9 +26144,6 @@
 (allow rkp_cert_processor package_native_service (service_manager (find)))
 (allow rkpd servicemanager (binder (call transfer)))
 (allow servicemanager rkpd (binder (call transfer)))
-(allow servicemanager rkpd (dir (search)))
-(allow servicemanager rkpd (file (read open)))
-(allow servicemanager rkpd (process (getattr)))
 (allow init rkpd_exec (file (read getattr map execute open)))
 (allow init rkpd (process (transition)))
 (allow rkpd rkpd_exec (file (read getattr map execute open entrypoint)))
@@ -26664,13 +26153,13 @@
 (allow rkpd rkpd_registrar_service (service_manager (add find)))
 ;;* lmx 12 system/sepolicy/private/rkpd.te
 
-(neverallow base_typeattr_904 rkpd_registrar_service (service_manager (add)))
+(neverallow base_typeattr_897 rkpd_registrar_service (service_manager (add)))
 ;;* lme
 
 (allow rkpd rkpd_refresh_service (service_manager (add find)))
 ;;* lmx 13 system/sepolicy/private/rkpd.te
 
-(neverallow base_typeattr_904 rkpd_refresh_service (service_manager (add)))
+(neverallow base_typeattr_897 rkpd_refresh_service (service_manager (add)))
 ;;* lme
 
 (allow rkpd device_config_remote_key_provisioning_native_prop (file (read getattr map open)))
@@ -26679,23 +26168,23 @@
 (dontaudit su rkpdapp_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 7 system/sepolicy/private/rkpd_app.te
 
-(neverallow base_typeattr_905 rkpdapp_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_898 rkpdapp_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow rkpdapp appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 7 system/sepolicy/private/rkpd_app.te
 
-(neverallow base_typeattr_906 base_typeattr_905 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_899 base_typeattr_898 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/rkpd_app.te
 
-(neverallow base_typeattr_907 rkpdapp (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_900 rkpdapp (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 7 system/sepolicy/private/rkpd_app.te
 
-(neverallow base_typeattr_908 rkpdapp (process (ptrace)))
+(neverallow base_typeattr_901 rkpdapp (process (ptrace)))
 ;;* lme
 
 (allow rkpdapp device_config_remote_key_provisioning_native_prop (file (read getattr map open)))
@@ -26818,7 +26307,7 @@
 (allow runas selinuxfs (file (write lock append map open)))
 (allow runas kernel (security (check_context)))
 (allow runas self (process (setcurrent)))
-(allow runas base_typeattr_909 (process (dyntransition)))
+(allow runas base_typeattr_902 (process (dyntransition)))
 (allow runas seapp_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
 ;;* lmx 44 system/sepolicy/private/runas.te
 
@@ -26837,23 +26326,23 @@
 (dontaudit su runas_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 3 system/sepolicy/private/runas_app.te
 
-(neverallow base_typeattr_910 runas_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_903 runas_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow runas_app appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 3 system/sepolicy/private/runas_app.te
 
-(neverallow base_typeattr_911 base_typeattr_910 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_904 base_typeattr_903 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 3 system/sepolicy/private/runas_app.te
 
-(neverallow base_typeattr_912 runas_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_905 runas_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 3 system/sepolicy/private/runas_app.te
 
-(neverallow base_typeattr_913 runas_app (process (ptrace)))
+(neverallow base_typeattr_906 runas_app (process (ptrace)))
 ;;* lme
 
 (allow runas_app app_data_file (file (execute_no_trans)))
@@ -26874,7 +26363,7 @@
 (allow scheduler_service_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 1 system/sepolicy/private/scheduler_service_server.te
 
-(neverallow base_typeattr_914 fwk_scheduler_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_907 fwk_scheduler_hwservice (hwservice_manager (add)))
 ;;* lme
 
 (typetransition sdcardd system_data_file dir media_rw_data_file)
@@ -26921,23 +26410,23 @@
 (dontaudit su sdk_sandbox_34_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 9 system/sepolicy/private/sdk_sandbox_34.te
 
-(neverallow base_typeattr_915 sdk_sandbox_34_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_908 sdk_sandbox_34_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow sdk_sandbox_34 appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 9 system/sepolicy/private/sdk_sandbox_34.te
 
-(neverallow base_typeattr_916 base_typeattr_915 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_909 base_typeattr_908 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 9 system/sepolicy/private/sdk_sandbox_34.te
 
-(neverallow base_typeattr_917 sdk_sandbox_34 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_910 sdk_sandbox_34 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 9 system/sepolicy/private/sdk_sandbox_34.te
 
-(neverallow base_typeattr_918 sdk_sandbox_34 (process (ptrace)))
+(neverallow base_typeattr_911 sdk_sandbox_34 (process (ptrace)))
 ;;* lme
 
 (allow sdk_sandbox_all system_linker_exec (file (execute_no_trans)))
@@ -27003,12 +26492,12 @@
 
 ;;* lmx 71 system/sepolicy/private/sdk_sandbox_all.te
 
-(neverallow sdk_sandbox_all base_typeattr_919 (dir (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow sdk_sandbox_all base_typeattr_912 (dir (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 72 system/sepolicy/private/sdk_sandbox_all.te
 
-(neverallow sdk_sandbox_all base_typeattr_919 (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow sdk_sandbox_all base_typeattr_912 (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 ;;* lmx 75 system/sepolicy/private/sdk_sandbox_all.te
@@ -27033,22 +26522,22 @@
 
 ;;* lmx 90 system/sepolicy/private/sdk_sandbox_all.te
 
-(neverallow base_typeattr_920 sdk_sandbox_system_data_file (dir (relabelfrom)))
+(neverallow base_typeattr_913 sdk_sandbox_system_data_file (dir (relabelfrom)))
 ;;* lme
 
 ;;* lmx 100 system/sepolicy/private/sdk_sandbox_all.te
 
-(neverallow base_typeattr_921 sdk_sandbox_system_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_914 sdk_sandbox_system_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 ;;* lmx 110 system/sepolicy/private/sdk_sandbox_all.te
 
-(neverallow base_typeattr_920 sdk_sandbox_system_data_file (dir (relabelfrom)))
+(neverallow base_typeattr_913 sdk_sandbox_system_data_file (dir (relabelfrom)))
 ;;* lme
 
 ;;* lmx 120 system/sepolicy/private/sdk_sandbox_all.te
 
-(neverallow base_typeattr_921 sdk_sandbox_system_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_914 sdk_sandbox_system_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 ;;* lmx 123 system/sepolicy/private/sdk_sandbox_all.te
@@ -27063,12 +26552,12 @@
 
 ;;* lmx 144 system/sepolicy/private/sdk_sandbox_all.te
 
-(neverallow sdk_sandbox_all base_typeattr_922 (unix_stream_socket (connectto)))
+(neverallow sdk_sandbox_all base_typeattr_915 (unix_stream_socket (connectto)))
 ;;* lme
 
 ;;* lmx 149 system/sepolicy/private/sdk_sandbox_all.te
 
-(neverallow base_typeattr_923 sdk_sandbox_all (unix_stream_socket (connectto)))
+(neverallow base_typeattr_916 sdk_sandbox_all (unix_stream_socket (connectto)))
 ;;* lme
 
 (typetransition sdk_sandbox_audit tmpfs file appdomain_tmpfs)
@@ -27076,31 +26565,31 @@
 (dontaudit su sdk_sandbox_audit_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 14 system/sepolicy/private/sdk_sandbox_audit.te
 
-(neverallow base_typeattr_924 sdk_sandbox_audit_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_917 sdk_sandbox_audit_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow sdk_sandbox_audit appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 14 system/sepolicy/private/sdk_sandbox_audit.te
 
-(neverallow base_typeattr_925 base_typeattr_924 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_918 base_typeattr_917 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 14 system/sepolicy/private/sdk_sandbox_audit.te
 
-(neverallow base_typeattr_926 sdk_sandbox_audit (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_919 sdk_sandbox_audit (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 14 system/sepolicy/private/sdk_sandbox_audit.te
 
-(neverallow base_typeattr_927 sdk_sandbox_audit (process (ptrace)))
+(neverallow base_typeattr_920 sdk_sandbox_audit (process (ptrace)))
 ;;* lme
 
 (auditallow sdk_sandbox_audit ephemeral_app_api_service (service_manager (find)))
 (auditallow sdk_sandbox_audit cameraserver_service (service_manager (find)))
 (auditallow sdk_sandbox_audit mediadrmserver_service (service_manager (find)))
 (auditallow sdk_sandbox_audit radio_service (service_manager (find)))
-(auditallow sdk_sandbox_audit base_typeattr_928 (file (ioctl read write getattr lock append map open watch watch_reads)))
-(auditallow sdk_sandbox_audit base_typeattr_928 (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
+(auditallow sdk_sandbox_audit base_typeattr_921 (file (ioctl read write getattr lock append map open watch watch_reads)))
+(auditallow sdk_sandbox_audit base_typeattr_921 (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
 (allow sdk_sandbox_current ephemeral_app_api_service (service_manager (find)))
 (allow sdk_sandbox_current audioserver_service (service_manager (find)))
 (allow sdk_sandbox_current batteryproperties_service (service_manager (find)))
@@ -27182,23 +26671,23 @@
 (dontaudit su sdk_sandbox_next_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 11 system/sepolicy/private/sdk_sandbox_next.te
 
-(neverallow base_typeattr_929 sdk_sandbox_next_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_922 sdk_sandbox_next_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow sdk_sandbox_next appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 11 system/sepolicy/private/sdk_sandbox_next.te
 
-(neverallow base_typeattr_930 base_typeattr_929 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_923 base_typeattr_922 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 11 system/sepolicy/private/sdk_sandbox_next.te
 
-(neverallow base_typeattr_931 sdk_sandbox_next (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_924 sdk_sandbox_next (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 11 system/sepolicy/private/sdk_sandbox_next.te
 
-(neverallow base_typeattr_932 sdk_sandbox_next (process (ptrace)))
+(neverallow base_typeattr_925 sdk_sandbox_next (process (ptrace)))
 ;;* lme
 
 (allow sdk_sandbox_next audioserver_service (service_manager (find)))
@@ -27278,29 +26767,29 @@
 (dontaudit su secure_element_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 3 system/sepolicy/private/secure_element.te
 
-(neverallow base_typeattr_933 secure_element_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_926 secure_element_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow secure_element appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 3 system/sepolicy/private/secure_element.te
 
-(neverallow base_typeattr_934 base_typeattr_933 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_927 base_typeattr_926 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 3 system/sepolicy/private/secure_element.te
 
-(neverallow base_typeattr_935 secure_element (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_928 secure_element (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 3 system/sepolicy/private/secure_element.te
 
-(neverallow base_typeattr_936 secure_element (process (ptrace)))
+(neverallow base_typeattr_929 secure_element (process (ptrace)))
 ;;* lme
 
 (allow secure_element secure_element_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/secure_element.te
 
-(neverallow base_typeattr_933 secure_element_service (service_manager (add)))
+(neverallow base_typeattr_926 secure_element_service (service_manager (add)))
 ;;* lme
 
 (allow secure_element app_api_service (service_manager (find)))
@@ -27310,12 +26799,12 @@
 (allow sensor_service_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 1 system/sepolicy/private/sensor_service_server.te
 
-(neverallow base_typeattr_937 fwk_sensor_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_930 fwk_sensor_hwservice (hwservice_manager (add)))
 ;;* lme
 
 ;;* lmx 88 system/sepolicy/private/service.te
 
-(neverallow domain base_typeattr_938 (service_manager (add find)))
+(neverallow domain base_typeattr_931 (service_manager (add find)))
 ;;* lme
 
 (allow init servicemanager_exec (file (read getattr map execute open)))
@@ -27341,13 +26830,13 @@
 (allow servicemanager vendor_apex_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
 (allow servicemanager vendor_apex_metadata_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
 (allow servicemanager self (binder (set_context_mgr)))
-(allow servicemanager base_typeattr_939 (binder (transfer)))
+(allow servicemanager base_typeattr_932 (binder (transfer)))
 (allow servicemanager service_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
 (allow servicemanager vendor_service_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
 (allow servicemanager service_manager_service (service_manager (add find)))
 ;;* lmx 38 system/sepolicy/private/servicemanager.te
 
-(neverallow base_typeattr_940 service_manager_service (service_manager (add)))
+(neverallow base_typeattr_933 service_manager_service (service_manager (add)))
 ;;* lme
 
 (allow servicemanager dumpstate (fd (use)))
@@ -27387,7 +26876,7 @@
 
 ;;* lmx 39 system/sepolicy/private/sgdisk.te
 
-(neverallow sgdisk base_typeattr_941 (file (entrypoint)))
+(neverallow sgdisk base_typeattr_934 (file (entrypoint)))
 ;;* lme
 
 (typetransition shared_relro tmpfs file appdomain_tmpfs)
@@ -27395,23 +26884,23 @@
 (dontaudit su shared_relro_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 5 system/sepolicy/private/shared_relro.te
 
-(neverallow base_typeattr_942 shared_relro_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_935 shared_relro_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow shared_relro appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 5 system/sepolicy/private/shared_relro.te
 
-(neverallow base_typeattr_943 base_typeattr_942 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_936 base_typeattr_935 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/shared_relro.te
 
-(neverallow base_typeattr_944 shared_relro (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_937 shared_relro (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 5 system/sepolicy/private/shared_relro.te
 
-(neverallow base_typeattr_945 shared_relro (process (ptrace)))
+(neverallow base_typeattr_938 shared_relro (process (ptrace)))
 ;;* lme
 
 (allow shared_relro shared_relro_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
@@ -27434,23 +26923,23 @@
 (dontaudit su shell_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 26 system/sepolicy/private/shell.te
 
-(neverallow base_typeattr_946 shell_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_939 shell_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow shell appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 26 system/sepolicy/private/shell.te
 
-(neverallow base_typeattr_947 base_typeattr_946 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_940 base_typeattr_939 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 26 system/sepolicy/private/shell.te
 
-(neverallow base_typeattr_912 shell (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_905 shell (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 26 system/sepolicy/private/shell.te
 
-(neverallow base_typeattr_948 shell (process (ptrace)))
+(neverallow base_typeattr_941 shell (process (ptrace)))
 ;;* lme
 
 (allow shell storaged (binder (call transfer)))
@@ -27742,13 +27231,10 @@
 (allow shell shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
 (allow shell zygote_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
 (allow shell servicemanager (service_manager (list)))
-(allow shell base_typeattr_949 (service_manager (find)))
+(allow shell base_typeattr_942 (service_manager (find)))
 (allow shell dumpstate (binder (call)))
 (allow shell hwservicemanager (binder (call transfer)))
 (allow hwservicemanager shell (binder (call transfer)))
-(allow hwservicemanager shell (dir (search)))
-(allow hwservicemanager shell (file (read map open)))
-(allow hwservicemanager shell (process (getattr)))
 (allow shell hwservicemanager (hwservice_manager (list)))
 (allow shell proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow shell proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
@@ -27868,12 +27354,12 @@
 
 ;;* lmx 551 system/sepolicy/private/shell.te
 
-(neverallow base_typeattr_851 perf_drop_caches_prop (property_service (set)))
+(neverallow base_typeattr_844 perf_drop_caches_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 552 system/sepolicy/private/shell.te
 
-(neverallow base_typeattr_950 perf_drop_caches_prop (file (read)))
+(neverallow base_typeattr_943 perf_drop_caches_prop (file (read)))
 ;;* lme
 
 (allow untrusted_app_all simpleperf_exec (file (read getattr map execute open)))
@@ -27912,23 +27398,23 @@
 (dontaudit su simpleperf_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 23 system/sepolicy/private/simpleperf.te
 
-(neverallow base_typeattr_951 simpleperf_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_944 simpleperf_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow simpleperf appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 23 system/sepolicy/private/simpleperf.te
 
-(neverallow base_typeattr_952 base_typeattr_951 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_945 base_typeattr_944 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 23 system/sepolicy/private/simpleperf.te
 
-(neverallow base_typeattr_912 simpleperf (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_905 simpleperf (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 23 system/sepolicy/private/simpleperf.te
 
-(neverallow base_typeattr_913 simpleperf (process (ptrace)))
+(neverallow base_typeattr_906 simpleperf (process (ptrace)))
 ;;* lme
 
 (allow simpleperf untrusted_app_all (process (ptrace)))
@@ -27981,7 +27467,7 @@
 
 ;;* lmx 66 system/sepolicy/private/simpleperf.te
 
-(neverallow base_typeattr_953 simpleperf (process (ptrace)))
+(neverallow base_typeattr_946 simpleperf (process (ptrace)))
 ;;* lme
 
 (allow shell simpleperf_app_runner_exec (file (read getattr map execute open)))
@@ -28038,17 +27524,11 @@
 (allow slideshow system_suspend_hwservice (hwservice_manager (find)))
 (allow slideshow hwservicemanager (binder (call transfer)))
 (allow hwservicemanager slideshow (binder (call transfer)))
-(allow hwservicemanager slideshow (dir (search)))
-(allow hwservicemanager slideshow (file (read map open)))
-(allow hwservicemanager slideshow (process (getattr)))
 (allow slideshow hwservicemanager_prop (file (read getattr map open)))
 (allow slideshow hidl_manager_hwservice (hwservice_manager (find)))
 (allow slideshow hal_system_suspend_service (service_manager (find)))
 (allow slideshow servicemanager (binder (call transfer)))
 (allow servicemanager slideshow (binder (call transfer)))
-(allow servicemanager slideshow (dir (search)))
-(allow servicemanager slideshow (file (read open)))
-(allow servicemanager slideshow (process (getattr)))
 (allow slideshow device (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow slideshow self (capability (sys_tty_config)))
 (allow slideshow self (cap_userns (sys_tty_config)))
@@ -28069,9 +27549,6 @@
 (allow snapshotctl ctl_gsid_prop (file (read getattr map open)))
 (allow snapshotctl servicemanager (binder (call transfer)))
 (allow servicemanager snapshotctl (binder (call transfer)))
-(allow servicemanager snapshotctl (dir (search)))
-(allow servicemanager snapshotctl (file (read open)))
-(allow servicemanager snapshotctl (process (getattr)))
 (allow snapshotctl gsi_service (service_manager (find)))
 (allow snapshotctl gsid (binder (call transfer)))
 (allow gsid snapshotctl (binder (transfer)))
@@ -28090,9 +27567,6 @@
 (allow snapshotctl self (cap_userns (sys_admin)))
 (allow snapshotctl hwservicemanager (binder (call transfer)))
 (allow hwservicemanager snapshotctl (binder (call transfer)))
-(allow hwservicemanager snapshotctl (dir (search)))
-(allow hwservicemanager snapshotctl (file (read map open)))
-(allow hwservicemanager snapshotctl (process (getattr)))
 (allow snapshotctl statsdw_socket (sock_file (write)))
 (allow snapshotctl statsd (unix_dgram_socket (sendto)))
 (allow snapshotctl proc_bootconfig (file (ioctl read getattr lock map open watch watch_reads)))
@@ -28134,7 +27608,7 @@
 (allow snapuserd tmpfs (dir (read watch)))
 ;;* lmx 56 system/sepolicy/private/snapuserd.te
 
-(neverallow base_typeattr_954 snapuserd_prop (property_service (set)))
+(neverallow base_typeattr_947 snapuserd_prop (property_service (set)))
 ;;* lme
 
 (allow snapuserd metadata_file (dir (search)))
@@ -28148,14 +27622,14 @@
 (allow snapuserd self (io_uring (sqpoll)))
 ;;* lmx 73 system/sepolicy/private/snapuserd.te
 
-(neverallow base_typeattr_955 snapuserd_iouring (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_948 snapuserd_iouring (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (dontaudit snapuserd self (capability (ipc_lock)))
 (dontaudit snapuserd self (cap_userns (ipc_lock)))
 ;;* lmx 84 system/sepolicy/private/snapuserd.te
 
-(neverallow base_typeattr_956 ctl_snapuserd_prop (property_service (set)))
+(neverallow base_typeattr_949 ctl_snapuserd_prop (property_service (set)))
 ;;* lme
 
 (allow shell stats_exec (file (read getattr map execute open)))
@@ -28171,9 +27645,6 @@
 (allow stats adbd (process (sigchld)))
 (allow stats servicemanager (binder (call transfer)))
 (allow servicemanager stats (binder (call transfer)))
-(allow servicemanager stats (dir (search)))
-(allow servicemanager stats (file (read open)))
-(allow servicemanager stats (process (getattr)))
 (allow stats stats_service (service_manager (find)))
 (allow stats statsd (binder (call transfer)))
 (allow statsd stats (binder (transfer)))
@@ -28182,7 +27653,7 @@
 (allow statsd stats_service (service_manager (add find)))
 ;;* lmx 27 system/sepolicy/private/stats.te
 
-(neverallow base_typeattr_957 stats_service (service_manager (add)))
+(neverallow base_typeattr_950 stats_service (service_manager (add)))
 ;;* lme
 
 (allow statsd stats (fd (use)))
@@ -28194,20 +27665,17 @@
 (allow stats_service_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 1 system/sepolicy/private/stats_service_server.te
 
-(neverallow base_typeattr_958 fwk_stats_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_951 fwk_stats_hwservice (hwservice_manager (add)))
 ;;* lme
 
 (allow stats_service_server fwk_stats_service (service_manager (add find)))
 ;;* lmx 2 system/sepolicy/private/stats_service_server.te
 
-(neverallow base_typeattr_958 fwk_stats_service (service_manager (add)))
+(neverallow base_typeattr_951 fwk_stats_service (service_manager (add)))
 ;;* lme
 
 (allow stats_service_server servicemanager (binder (call transfer)))
 (allow servicemanager stats_service_server (binder (call transfer)))
-(allow servicemanager stats_service_server (dir (search)))
-(allow servicemanager stats_service_server (file (read open)))
-(allow servicemanager stats_service_server (process (getattr)))
 (allow init statsd_exec (file (read getattr map execute open)))
 (allow init statsd (process (transition)))
 (allow statsd statsd_exec (file (read getattr map execute open entrypoint)))
@@ -28242,7 +27710,7 @@
 (allow statsd self (io_uring (sqpoll)))
 ;;* lmx 46 system/sepolicy/private/statsd.te
 
-(neverallow base_typeattr_957 statsd_iouring (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_950 statsd_iouring (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (dontaudit statsd self (capability (ipc_lock)))
@@ -28253,9 +27721,6 @@
 (allow statsd ctl_uprobestats_prop (file (read getattr map open)))
 (allow statsd servicemanager (binder (call transfer)))
 (allow servicemanager statsd (binder (call transfer)))
-(allow servicemanager statsd (dir (search)))
-(allow servicemanager statsd (file (read open)))
-(allow servicemanager statsd (process (getattr)))
 (allow statsd domain (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow statsd domain (file (ioctl read getattr lock map open watch watch_reads)))
 (allow statsd domain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
@@ -28318,22 +27783,22 @@
 (allow statsd statsd (unix_dgram_socket (sendto)))
 ;;* lmx 144 system/sepolicy/private/statsd.te
 
-(neverallow base_typeattr_959 stats_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_952 stats_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 ;;* lmx 145 system/sepolicy/private/statsd.te
 
-(neverallow base_typeattr_960 stats_config_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_953 stats_config_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 ;;* lmx 149 system/sepolicy/private/statsd.te
 
-(neverallow base_typeattr_959 stats_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_952 stats_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 ;;* lmx 150 system/sepolicy/private/statsd.te
 
-(neverallow base_typeattr_960 stats_config_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_953 stats_config_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 (allow init storaged_exec (file (read getattr map execute open)))
@@ -28360,14 +27825,11 @@
 (allow storaged storaged_service (service_manager (add find)))
 ;;* lmx 45 system/sepolicy/private/storaged.te
 
-(neverallow base_typeattr_961 storaged_service (service_manager (add)))
+(neverallow base_typeattr_954 storaged_service (service_manager (add)))
 ;;* lme
 
 (allow storaged servicemanager (binder (call transfer)))
 (allow servicemanager storaged (binder (call transfer)))
-(allow servicemanager storaged (dir (search)))
-(allow servicemanager storaged (file (read open)))
-(allow servicemanager storaged (process (getattr)))
 (allow storaged system_server (binder (call transfer)))
 (allow system_server storaged (binder (transfer)))
 (allow storaged system_server (fd (use)))
@@ -28401,9 +27863,6 @@
 (allow surfaceflinger hidl_token_hwservice (hwservice_manager (find)))
 (allow surfaceflinger servicemanager (binder (call transfer)))
 (allow servicemanager surfaceflinger (binder (call transfer)))
-(allow servicemanager surfaceflinger (dir (search)))
-(allow servicemanager surfaceflinger (file (read open)))
-(allow servicemanager surfaceflinger (process (getattr)))
 (allow surfaceflinger binderservicedomain (binder (call transfer)))
 (allow binderservicedomain surfaceflinger (binder (transfer)))
 (allow surfaceflinger binderservicedomain (fd (use)))
@@ -28519,7 +27978,7 @@
 (allow surfaceflinger pdx_display_client_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
 ;;* lmx 130 system/sepolicy/private/surfaceflinger.te
 
-(neverallow base_typeattr_962 pdx_display_client_endpoint_socket_type (unix_stream_socket (listen accept)))
+(neverallow base_typeattr_955 pdx_display_client_endpoint_socket_type (unix_stream_socket (listen accept)))
 ;;* lme
 
 (allow init pdx_display_manager_endpoint_socket_type (unix_stream_socket (create bind)))
@@ -28528,7 +27987,7 @@
 (allow surfaceflinger pdx_display_manager_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
 ;;* lmx 131 system/sepolicy/private/surfaceflinger.te
 
-(neverallow base_typeattr_962 pdx_display_manager_endpoint_socket_type (unix_stream_socket (listen accept)))
+(neverallow base_typeattr_955 pdx_display_manager_endpoint_socket_type (unix_stream_socket (listen accept)))
 ;;* lme
 
 (allow init pdx_display_screenshot_endpoint_socket_type (unix_stream_socket (create bind)))
@@ -28537,7 +27996,7 @@
 (allow surfaceflinger pdx_display_screenshot_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
 ;;* lmx 132 system/sepolicy/private/surfaceflinger.te
 
-(neverallow base_typeattr_962 pdx_display_screenshot_endpoint_socket_type (unix_stream_socket (listen accept)))
+(neverallow base_typeattr_955 pdx_display_screenshot_endpoint_socket_type (unix_stream_socket (listen accept)))
 ;;* lme
 
 (allow init pdx_display_vsync_endpoint_socket_type (unix_stream_socket (create bind)))
@@ -28546,7 +28005,7 @@
 (allow surfaceflinger pdx_display_vsync_channel_socket_type (unix_stream_socket (ioctl read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
 ;;* lmx 133 system/sepolicy/private/surfaceflinger.te
 
-(neverallow base_typeattr_962 pdx_display_vsync_endpoint_socket_type (unix_stream_socket (listen accept)))
+(neverallow base_typeattr_955 pdx_display_vsync_endpoint_socket_type (unix_stream_socket (listen accept)))
 ;;* lme
 
 (allow surfaceflinger pdx_bufferhub_client_endpoint_dir_type (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -28582,23 +28041,23 @@
 (dontaudit su system_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 9 system/sepolicy/private/system_app.te
 
-(neverallow base_typeattr_963 system_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_956 system_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow system_app appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 9 system/sepolicy/private/system_app.te
 
-(neverallow base_typeattr_964 base_typeattr_963 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_957 base_typeattr_956 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 9 system/sepolicy/private/system_app.te
 
-(neverallow base_typeattr_965 system_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_958 system_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 9 system/sepolicy/private/system_app.te
 
-(neverallow base_typeattr_966 system_app (process (ptrace)))
+(neverallow base_typeattr_959 system_app (process (ptrace)))
 ;;* lme
 
 (allow system_app rootfs (dir (getattr)))
@@ -28716,15 +28175,12 @@
 (allow system_app incidentd (fd (use)))
 (allow system_app servicemanager (binder (call transfer)))
 (allow servicemanager system_app (binder (call transfer)))
-(allow servicemanager system_app (dir (search)))
-(allow servicemanager system_app (file (read open)))
-(allow servicemanager system_app (process (getattr)))
 (allow system_app update_engine_stable_service (service_manager (find)))
 (allow system_app update_engine (binder (call transfer)))
 (allow update_engine system_app (binder (transfer)))
 (allow system_app update_engine (fd (use)))
 (allow system_app servicemanager (service_manager (list)))
-(allow system_app base_typeattr_967 (service_manager (find)))
+(allow system_app base_typeattr_960 (service_manager (find)))
 (dontaudit system_app dnsresolver_service (service_manager (find)))
 (dontaudit system_app dumpstate_service (service_manager (find)))
 (dontaudit system_app installd_service (service_manager (find)))
@@ -28768,12 +28224,12 @@
 
 ;;* lmx 199 system/sepolicy/private/system_app.te
 
-(neverallow base_typeattr_968 adaptive_haptics_prop (property_service (set)))
+(neverallow base_typeattr_961 adaptive_haptics_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 201 system/sepolicy/private/system_app.te
 
-(neverallow base_typeattr_968 drm_forcel3_prop (property_service (set)))
+(neverallow base_typeattr_961 drm_forcel3_prop (property_service (set)))
 ;;* lme
 
 (allow system_app vendor_boot_ota_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -28892,9 +28348,6 @@
 (allow system_server app_zygote (unix_stream_socket (read write setopt connectto)))
 (allow system_server servicemanager (binder (call transfer)))
 (allow servicemanager system_server (binder (call transfer)))
-(allow servicemanager system_server (dir (search)))
-(allow servicemanager system_server (file (read open)))
-(allow servicemanager system_server (process (getattr)))
 (allow system_server appdomain (binder (call transfer)))
 (allow appdomain system_server (binder (transfer)))
 (allow system_server appdomain (fd (use)))
@@ -29834,17 +29287,17 @@
 
 ;;* lmx 1365 system/sepolicy/private/system_server.te
 
-(neverallow system_server base_typeattr_969 (file (create unlink link open)))
+(neverallow system_server base_typeattr_962 (file (create unlink link open)))
 ;;* lme
 
 ;;* lmx 1377 system/sepolicy/private/system_server.te
 
-(neverallow system_server base_typeattr_970 (file (execute_no_trans)))
+(neverallow system_server base_typeattr_963 (file (execute_no_trans)))
 ;;* lme
 
 ;;* lmx 1382 system/sepolicy/private/system_server.te
 
-(neverallow system_server base_typeattr_971 (process (transition)))
+(neverallow system_server base_typeattr_964 (process (transition)))
 ;;* lme
 
 ;;* lmx 1383 system/sepolicy/private/system_server.te
@@ -29859,38 +29312,38 @@
 
 ;;* lmx 1389 system/sepolicy/private/system_server.te
 
-(neverallow base_typeattr_972 system_ndebug_socket (sock_file (write open)))
+(neverallow base_typeattr_965 system_ndebug_socket (sock_file (write open)))
 ;;* lme
 
 ;;* lmx 1399 system/sepolicy/private/system_server.te
 
-(neverallow base_typeattr_973 system_unsolzygote_socket (sock_file (write open)))
+(neverallow base_typeattr_966 system_unsolzygote_socket (sock_file (write open)))
 ;;* lme
 
 ;;* lmx 1430 system/sepolicy/private/system_server.te
 
-(neverallow base_typeattr_974 device_config_activity_manager_native_boot_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_input_native_boot_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_netd_native_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_aconfig_flags_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_edgetpu_native_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_media_native_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_nnapi_native_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_runtime_native_boot_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_runtime_native_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_surface_flinger_native_boot_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_core_experiments_team_internal_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_lmkd_native_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_mglru_native_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_mmd_native_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_remote_key_provisioning_native_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_storage_native_boot_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_sys_traced_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_window_manager_native_boot_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_connectivity_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_swcodec_native_prop (property_service (set)))
-(neverallow base_typeattr_974 device_config_tethering_u_or_later_native_prop (property_service (set)))
-(neverallow base_typeattr_974 next_boot_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_activity_manager_native_boot_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_input_native_boot_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_netd_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_aconfig_flags_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_edgetpu_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_media_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_nnapi_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_runtime_native_boot_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_runtime_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_surface_flinger_native_boot_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_core_experiments_team_internal_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_lmkd_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_mglru_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_mmd_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_remote_key_provisioning_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_storage_native_boot_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_sys_traced_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_window_manager_native_boot_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_connectivity_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_swcodec_native_prop (property_service (set)))
+(neverallow base_typeattr_967 device_config_tethering_u_or_later_native_prop (property_service (set)))
+(neverallow base_typeattr_967 next_boot_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 1437 system/sepolicy/private/system_server.te
@@ -29910,12 +29363,12 @@
 
 ;;* lmx 1455 system/sepolicy/private/system_server.te
 
-(neverallow system_server base_typeattr_975 (blk_file (write create setattr relabelfrom append unlink link rename)))
+(neverallow system_server base_typeattr_968 (blk_file (write create setattr relabelfrom append unlink link rename)))
 ;;* lme
 
 ;;* lmx 1456 system/sepolicy/private/system_server.te
 
-(neverallow system_server base_typeattr_976 (blk_file (ioctl read getattr lock map open watch watch_reads)))
+(neverallow system_server base_typeattr_969 (blk_file (ioctl read getattr lock map open watch watch_reads)))
 ;;* lme
 
 ;;* lmx 1464 system/sepolicy/private/system_server.te
@@ -29961,17 +29414,11 @@
 (allow system_server system_suspend_hwservice (hwservice_manager (find)))
 (allow system_server hwservicemanager (binder (call transfer)))
 (allow hwservicemanager system_server (binder (call transfer)))
-(allow hwservicemanager system_server (dir (search)))
-(allow hwservicemanager system_server (file (read map open)))
-(allow hwservicemanager system_server (process (getattr)))
 (allow system_server hwservicemanager_prop (file (read getattr map open)))
 (allow system_server hidl_manager_hwservice (hwservice_manager (find)))
 (allow system_server hal_system_suspend_service (service_manager (find)))
 (allow system_server servicemanager (binder (call transfer)))
 (allow servicemanager system_server (binder (call transfer)))
-(allow servicemanager system_server (dir (search)))
-(allow servicemanager system_server (file (read open)))
-(allow servicemanager system_server (process (getattr)))
 (allow system_server apex_data_file (dir (getattr search)))
 (allow system_server apex_data_file (file (ioctl read getattr lock map open watch watch_reads)))
 (allow system_server vendor_apex_file (dir (getattr search)))
@@ -30091,7 +29538,7 @@
 
 ;;* lmx 1643 system/sepolicy/private/system_server.te
 
-(neverallow base_typeattr_977 sysfs_uhid (file (write create setattr relabelfrom append unlink link rename)))
+(neverallow base_typeattr_970 sysfs_uhid (file (write create setattr relabelfrom append unlink link rename)))
 ;;* lme
 
 ;;* lmx 1649 system/sepolicy/private/system_server.te
@@ -30150,7 +29597,7 @@
 
 ;;* lmx 1720 system/sepolicy/private/system_server.te
 
-(neverallow base_typeattr_480 crashrecovery_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_476 crashrecovery_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 1723 system/sepolicy/private/system_server.te
@@ -30160,7 +29607,7 @@
 
 ;;* lmx 1731 system/sepolicy/private/system_server.te
 
-(neverallow base_typeattr_978 power_debug_prop (property_service (set)))
+(neverallow base_typeattr_971 power_debug_prop (property_service (set)))
 ;;* lme
 
 (typetransition system_server_startup tmpfs file system_server_startup_tmpfs)
@@ -30182,19 +29629,16 @@
 (typetransition init system_suspend_exec process system_suspend)
 (allow system_suspend servicemanager (binder (call transfer)))
 (allow servicemanager system_suspend (binder (call transfer)))
-(allow servicemanager system_suspend (dir (search)))
-(allow servicemanager system_suspend (file (read open)))
-(allow servicemanager system_suspend (process (getattr)))
 (allow system_suspend system_suspend_control_service (service_manager (add find)))
 ;;* lmx 8 system/sepolicy/private/system_suspend.te
 
-(neverallow base_typeattr_979 system_suspend_control_service (service_manager (add)))
+(neverallow base_typeattr_972 system_suspend_control_service (service_manager (add)))
 ;;* lme
 
 (allow system_suspend hal_system_suspend_service (service_manager (add find)))
 ;;* lmx 10 system/sepolicy/private/system_suspend.te
 
-(neverallow base_typeattr_979 hal_system_suspend_service (service_manager (add)))
+(neverallow base_typeattr_972 hal_system_suspend_service (service_manager (add)))
 ;;* lme
 
 (allow system_suspend sysfs_power (file (ioctl read write getattr lock append map open watch watch_reads)))
@@ -30221,31 +29665,28 @@
 (allow init sysfs_sync_on_suspend (file (write lock append map open)))
 ;;* lmx 56 system/sepolicy/private/system_suspend.te
 
-(neverallow base_typeattr_980 system_suspend_control_service (service_manager (find)))
+(neverallow base_typeattr_973 system_suspend_control_service (service_manager (find)))
 ;;* lme
 
 (allow system_suspend_internal_server system_suspend_control_internal_service (service_manager (add find)))
 ;;* lmx 2 system/sepolicy/private/system_suspend_internal_server.te
 
-(neverallow base_typeattr_981 system_suspend_control_internal_service (service_manager (add)))
+(neverallow base_typeattr_974 system_suspend_control_internal_service (service_manager (add)))
 ;;* lme
 
 ;;* lmx 12 system/sepolicy/private/system_suspend_internal_server.te
 
-(neverallow base_typeattr_982 system_suspend_control_internal_service (service_manager (find)))
+(neverallow base_typeattr_975 system_suspend_control_internal_service (service_manager (find)))
 ;;* lme
 
 (allow system_suspend_server hwservicemanager (binder (call transfer)))
 (allow hwservicemanager system_suspend_server (binder (call transfer)))
-(allow hwservicemanager system_suspend_server (dir (search)))
-(allow hwservicemanager system_suspend_server (file (read map open)))
-(allow hwservicemanager system_suspend_server (process (getattr)))
 (allow system_suspend_server hwservicemanager_prop (file (read getattr map open)))
 (allow system_suspend_server system_suspend_hwservice (hwservice_manager (add find)))
 (allow system_suspend_server hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 6 system/sepolicy/private/system_suspend_server.te
 
-(neverallow base_typeattr_983 system_suspend_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_976 system_suspend_hwservice (hwservice_manager (add)))
 ;;* lme
 
 (allow tee fingerprint_vendor_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
@@ -30267,7 +29708,7 @@
 (allow tombstoned anr_data_file (file (create getattr append unlink link open)))
 ;;* lmx 31 system/sepolicy/private/tombstoned.te
 
-(neverallow base_typeattr_984 tombstone_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_977 tombstone_config_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow init toolbox_exec (file (read getattr map execute open)))
@@ -30300,7 +29741,7 @@
 
 ;;* lmx 44 system/sepolicy/private/toolbox.te
 
-(neverallow toolbox base_typeattr_985 (file (entrypoint)))
+(neverallow toolbox base_typeattr_978 (file (entrypoint)))
 ;;* lme
 
 (allow trace_redactor system_server (fd (use)))
@@ -30330,9 +29771,6 @@
 (allow traced tracingproxy_service (service_manager (find)))
 (allow traced servicemanager (binder (call transfer)))
 (allow servicemanager traced (binder (call transfer)))
-(allow servicemanager traced (dir (search)))
-(allow servicemanager traced (file (read open)))
-(allow servicemanager traced (process (getattr)))
 (allow traced system_server (binder (call transfer)))
 (allow system_server traced (binder (transfer)))
 (allow traced system_server (fd (use)))
@@ -30378,7 +29816,7 @@
 
 ;;* lmx 112 system/sepolicy/private/traced.te
 
-(neverallow traced base_typeattr_986 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow traced base_typeattr_979 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 ;;* lmx 113 system/sepolicy/private/traced.te
@@ -30388,7 +29826,7 @@
 
 ;;* lmx 119 system/sepolicy/private/traced.te
 
-(neverallow traced base_typeattr_987 (file (ioctl read create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow traced base_typeattr_980 (file (ioctl read create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 ;;* lmx 122 system/sepolicy/private/traced.te
@@ -30403,7 +29841,7 @@
 
 ;;* lmx 135 system/sepolicy/private/traced.te
 
-(neverallow base_typeattr_988 tracingproxy_service (service_manager (find)))
+(neverallow base_typeattr_981 tracingproxy_service (service_manager (find)))
 ;;* lme
 
 (allow init traced_perf_exec (file (read getattr map execute open)))
@@ -30572,7 +30010,7 @@
 
 ;;* lmx 163 system/sepolicy/private/traced_probes.te
 
-(neverallow traced_probes base_typeattr_989 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow traced_probes base_typeattr_982 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 ;;* lmx 164 system/sepolicy/private/traced_probes.te
@@ -30582,7 +30020,7 @@
 
 ;;* lmx 170 system/sepolicy/private/traced_probes.te
 
-(neverallow traced_probes base_typeattr_990 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow traced_probes base_typeattr_983 (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
 ;;* lme
 
 ;;* lmx 173 system/sepolicy/private/traced_probes.te
@@ -30600,23 +30038,23 @@
 (dontaudit su traceur_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 3 system/sepolicy/private/traceur_app.te
 
-(neverallow base_typeattr_991 traceur_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_984 traceur_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow traceur_app appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 3 system/sepolicy/private/traceur_app.te
 
-(neverallow base_typeattr_992 base_typeattr_991 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_985 base_typeattr_984 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 3 system/sepolicy/private/traceur_app.te
 
-(neverallow base_typeattr_993 traceur_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_986 traceur_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 3 system/sepolicy/private/traceur_app.te
 
-(neverallow base_typeattr_994 traceur_app (process (ptrace)))
+(neverallow base_typeattr_987 traceur_app (process (ptrace)))
 ;;* lme
 
 (allow traceur_app debugfs_tracing (file (ioctl read write getattr lock append map open watch watch_reads)))
@@ -30636,7 +30074,7 @@
 (allow traceur_app debug_prop (file (read getattr map open)))
 (allow traceur_app servicemanager (service_manager (list)))
 (allow traceur_app hwservicemanager (hwservice_manager (list)))
-(allow traceur_app base_typeattr_995 (service_manager (find)))
+(allow traceur_app base_typeattr_988 (service_manager (find)))
 (dontaudit traceur_app service_manager_type (service_manager (find)))
 (dontaudit traceur_app hwservice_manager_type (hwservice_manager (find)))
 (dontaudit traceur_app domain (binder (call)))
@@ -30701,9 +30139,9 @@
 (allow ueventd selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow ueventd selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
 (allow ueventd selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow ueventd base_typeattr_996 (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow ueventd base_typeattr_996 (file (ioctl read getattr lock map open watch watch_reads)))
-(allow ueventd base_typeattr_996 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow ueventd base_typeattr_989 (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow ueventd base_typeattr_989 (file (ioctl read getattr lock map open watch watch_reads)))
+(allow ueventd base_typeattr_989 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
 (allow ueventd apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow ueventd file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
 (allow ueventd self (process (setfscreate)))
@@ -30784,23 +30222,23 @@
 (dontaudit su untrusted_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 13 system/sepolicy/private/untrusted_app.te
 
-(neverallow base_typeattr_997 untrusted_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_990 untrusted_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow untrusted_app appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 13 system/sepolicy/private/untrusted_app.te
 
-(neverallow base_typeattr_998 base_typeattr_997 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_991 base_typeattr_990 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 13 system/sepolicy/private/untrusted_app.te
 
-(neverallow base_typeattr_999 untrusted_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_992 untrusted_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 13 system/sepolicy/private/untrusted_app.te
 
-(neverallow base_typeattr_1000 untrusted_app (process (ptrace)))
+(neverallow base_typeattr_993 untrusted_app (process (ptrace)))
 ;;* lme
 
 (allow untrusted_app sdk_sandbox_data_file (fd (use)))
@@ -30815,23 +30253,23 @@
 (dontaudit su untrusted_app_25_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 13 system/sepolicy/private/untrusted_app_25.te
 
-(neverallow base_typeattr_1001 untrusted_app_25_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_994 untrusted_app_25_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow untrusted_app_25 appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 13 system/sepolicy/private/untrusted_app_25.te
 
-(neverallow base_typeattr_1002 base_typeattr_1001 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_995 base_typeattr_994 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 13 system/sepolicy/private/untrusted_app_25.te
 
-(neverallow base_typeattr_1003 untrusted_app_25 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_996 untrusted_app_25 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 13 system/sepolicy/private/untrusted_app_25.te
 
-(neverallow base_typeattr_1004 untrusted_app_25 (process (ptrace)))
+(neverallow base_typeattr_997 untrusted_app_25 (process (ptrace)))
 ;;* lme
 
 (allow untrusted_app_25 proc_misc (file (ioctl read getattr lock map open watch watch_reads)))
@@ -30856,23 +30294,23 @@
 (dontaudit su untrusted_app_27_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 13 system/sepolicy/private/untrusted_app_27.te
 
-(neverallow base_typeattr_1005 untrusted_app_27_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_998 untrusted_app_27_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow untrusted_app_27 appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 13 system/sepolicy/private/untrusted_app_27.te
 
-(neverallow base_typeattr_1006 base_typeattr_1005 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_999 base_typeattr_998 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 13 system/sepolicy/private/untrusted_app_27.te
 
-(neverallow base_typeattr_1007 untrusted_app_27 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1000 untrusted_app_27 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 13 system/sepolicy/private/untrusted_app_27.te
 
-(neverallow base_typeattr_1008 untrusted_app_27 (process (ptrace)))
+(neverallow base_typeattr_1001 untrusted_app_27 (process (ptrace)))
 ;;* lme
 
 (allow untrusted_app_27 apk_data_file (file (execmod)))
@@ -30895,23 +30333,23 @@
 (dontaudit su untrusted_app_29_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 13 system/sepolicy/private/untrusted_app_29.te
 
-(neverallow base_typeattr_1009 untrusted_app_29_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1002 untrusted_app_29_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow untrusted_app_29 appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 13 system/sepolicy/private/untrusted_app_29.te
 
-(neverallow base_typeattr_1010 base_typeattr_1009 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1003 base_typeattr_1002 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 13 system/sepolicy/private/untrusted_app_29.te
 
-(neverallow base_typeattr_1011 untrusted_app_29 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1004 untrusted_app_29 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 13 system/sepolicy/private/untrusted_app_29.te
 
-(neverallow base_typeattr_1012 untrusted_app_29 (process (ptrace)))
+(neverallow base_typeattr_1005 untrusted_app_29 (process (ptrace)))
 ;;* lme
 
 (allow untrusted_app_29 self (netlink_route_socket (nlmsg_getneigh)))
@@ -30925,23 +30363,23 @@
 (dontaudit su untrusted_app_30_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 15 system/sepolicy/private/untrusted_app_30.te
 
-(neverallow base_typeattr_1013 untrusted_app_30_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1006 untrusted_app_30_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow untrusted_app_30 appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 15 system/sepolicy/private/untrusted_app_30.te
 
-(neverallow base_typeattr_1014 base_typeattr_1013 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1007 base_typeattr_1006 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 15 system/sepolicy/private/untrusted_app_30.te
 
-(neverallow base_typeattr_1015 untrusted_app_30 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1008 untrusted_app_30 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 15 system/sepolicy/private/untrusted_app_30.te
 
-(neverallow base_typeattr_1016 untrusted_app_30 (process (ptrace)))
+(neverallow base_typeattr_1009 untrusted_app_30 (process (ptrace)))
 ;;* lme
 
 (allow untrusted_app_30 self (netlink_route_socket (nlmsg_getneigh)))
@@ -30955,23 +30393,23 @@
 (dontaudit su untrusted_app_32_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 13 system/sepolicy/private/untrusted_app_32.te
 
-(neverallow base_typeattr_1017 untrusted_app_32_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1010 untrusted_app_32_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow untrusted_app_32 appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 13 system/sepolicy/private/untrusted_app_32.te
 
-(neverallow base_typeattr_1018 base_typeattr_1017 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1011 base_typeattr_1010 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 13 system/sepolicy/private/untrusted_app_32.te
 
-(neverallow base_typeattr_1019 untrusted_app_32 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1012 untrusted_app_32 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 13 system/sepolicy/private/untrusted_app_32.te
 
-(neverallow base_typeattr_1020 untrusted_app_32 (process (ptrace)))
+(neverallow base_typeattr_1013 untrusted_app_32 (process (ptrace)))
 ;;* lme
 
 (allow untrusted_app_32 sdk_sandbox_data_file (fd (use)))
@@ -31124,9 +30562,6 @@
 (allow update_engine apexd (fd (use)))
 (allow update_engine servicemanager (binder (call transfer)))
 (allow servicemanager update_engine (binder (call transfer)))
-(allow servicemanager update_engine (dir (search)))
-(allow servicemanager update_engine (file (read open)))
-(allow servicemanager update_engine (process (getattr)))
 (allow update_engine self (process (setsched)))
 (allow update_engine self (capability (fowner sys_admin)))
 (allow update_engine self (cap_userns (fowner sys_admin)))
@@ -31143,17 +30578,11 @@
 (allow update_engine system_suspend_hwservice (hwservice_manager (find)))
 (allow update_engine hwservicemanager (binder (call transfer)))
 (allow hwservicemanager update_engine (binder (call transfer)))
-(allow hwservicemanager update_engine (dir (search)))
-(allow hwservicemanager update_engine (file (read map open)))
-(allow hwservicemanager update_engine (process (getattr)))
 (allow update_engine hwservicemanager_prop (file (read getattr map open)))
 (allow update_engine hidl_manager_hwservice (hwservice_manager (find)))
 (allow update_engine hal_system_suspend_service (service_manager (find)))
 (allow update_engine servicemanager (binder (call transfer)))
 (allow servicemanager update_engine (binder (call transfer)))
-(allow servicemanager update_engine (dir (search)))
-(allow servicemanager update_engine (file (read open)))
-(allow servicemanager update_engine (process (getattr)))
 (dontaudit update_engine kernel (process (setsched)))
 (dontaudit update_engine self (capability (sys_rawio)))
 (dontaudit update_engine self (cap_userns (sys_rawio)))
@@ -31163,19 +30592,16 @@
 (allow update_engine update_engine_log_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
 (allow update_engine servicemanager (binder (call transfer)))
 (allow servicemanager update_engine (binder (call transfer)))
-(allow servicemanager update_engine (dir (search)))
-(allow servicemanager update_engine (file (read open)))
-(allow servicemanager update_engine (process (getattr)))
 (allow update_engine update_engine_service (service_manager (add find)))
 ;;* lmx 72 system/sepolicy/private/update_engine.te
 
-(neverallow base_typeattr_1021 update_engine_service (service_manager (add)))
+(neverallow base_typeattr_1014 update_engine_service (service_manager (add)))
 ;;* lme
 
 (allow update_engine update_engine_stable_service (service_manager (add find)))
 ;;* lmx 73 system/sepolicy/private/update_engine.te
 
-(neverallow base_typeattr_1021 update_engine_stable_service (service_manager (add)))
+(neverallow base_typeattr_1014 update_engine_stable_service (service_manager (add)))
 ;;* lme
 
 (allow update_engine priv_app (binder (call transfer)))
@@ -31305,9 +30731,6 @@
 (allow uprobestats statsd (unix_dgram_socket (sendto)))
 (allow uprobestats servicemanager (binder (call transfer)))
 (allow servicemanager uprobestats (binder (call transfer)))
-(allow servicemanager uprobestats (dir (search)))
-(allow servicemanager uprobestats (file (read open)))
-(allow servicemanager uprobestats (process (getattr)))
 (allow uprobestats activity_service (service_manager (find)))
 (allow uprobestats dynamic_instrumentation_service (service_manager (find)))
 (allow uprobestats system_server (binder (call transfer)))
@@ -31349,9 +30772,6 @@
 (allow vdc kmsg_device (chr_file (write getattr lock append map open)))
 (allow vdc servicemanager (binder (call transfer)))
 (allow servicemanager vdc (binder (call transfer)))
-(allow servicemanager vdc (dir (search)))
-(allow servicemanager vdc (file (read open)))
-(allow servicemanager vdc (process (getattr)))
 (allow vdc vold (binder (call transfer)))
 (allow vold vdc (binder (transfer)))
 (allow vdc vold (fd (use)))
@@ -31365,14 +30785,8 @@
 (allow vehicle_binding_util kmsg_device (chr_file (write getattr lock append map open)))
 (allow vehicle_binding_util hwservicemanager (binder (call transfer)))
 (allow hwservicemanager vehicle_binding_util (binder (call transfer)))
-(allow hwservicemanager vehicle_binding_util (dir (search)))
-(allow hwservicemanager vehicle_binding_util (file (read map open)))
-(allow hwservicemanager vehicle_binding_util (process (getattr)))
 (allow vehicle_binding_util servicemanager (binder (call transfer)))
 (allow servicemanager vehicle_binding_util (binder (call transfer)))
-(allow servicemanager vehicle_binding_util (dir (search)))
-(allow servicemanager vehicle_binding_util (file (read open)))
-(allow servicemanager vehicle_binding_util (process (getattr)))
 (allow vehicle_binding_util vdc_exec (file (read getattr map execute open)))
 (allow vehicle_binding_util vdc (process (transition)))
 (allow vdc vdc_exec (file (read getattr map execute open entrypoint)))
@@ -31390,7 +30804,7 @@
 (allow vendor_init device_config_virtualization_framework_native_prop (file (read getattr map open)))
 (allow vendor_init apex_ready_prop (file (read getattr map open)))
 (allow vendor_init fstype_prop (file (read getattr map open)))
-(allow vendor_init base_typeattr_1022 (chr_file (setattr)))
+(allow vendor_init base_typeattr_1015 (chr_file (setattr)))
 (allow vendor_init init (unix_stream_socket (read write)))
 (allow vendor_init kmsg_device (chr_file (write getattr open)))
 (allow vendor_init device (dir (mounton)))
@@ -31411,29 +30825,29 @@
 (allow vendor_init unencrypted_data_file (file (ioctl read getattr lock map open watch watch_reads)))
 (allowx vendor_init data_file_type (ioctl dir (0x6613 0x6615)))
 (allow vendor_init system_data_file (dir (getattr)))
-(allow vendor_init base_typeattr_1023 (dir (ioctl read write create getattr setattr relabelfrom open add_name remove_name search rmdir)))
+(allow vendor_init base_typeattr_1016 (dir (ioctl read write create getattr setattr relabelfrom open add_name remove_name search rmdir)))
 (allow vendor_init unlabeled (file (getattr relabelfrom)))
 (allow vendor_init unlabeled (dir (getattr relabelfrom)))
 (allow vendor_init unlabeled (lnk_file (getattr relabelfrom)))
 (allow vendor_init unlabeled (sock_file (getattr relabelfrom)))
 (allow vendor_init unlabeled (fifo_file (getattr relabelfrom)))
-(allow vendor_init base_typeattr_1024 (file (read write create getattr setattr relabelfrom map unlink open)))
-(allow vendor_init base_typeattr_1025 (sock_file (read create getattr setattr relabelfrom unlink open)))
-(allow vendor_init base_typeattr_1025 (fifo_file (read create getattr setattr relabelfrom unlink open)))
-(allow vendor_init base_typeattr_1026 (lnk_file (create getattr setattr relabelfrom unlink)))
-(allow vendor_init base_typeattr_1027 (file (relabelto)))
-(allow vendor_init base_typeattr_1027 (dir (relabelto)))
-(allow vendor_init base_typeattr_1027 (lnk_file (relabelto)))
-(allow vendor_init base_typeattr_1027 (chr_file (relabelto)))
-(allow vendor_init base_typeattr_1027 (blk_file (relabelto)))
-(allow vendor_init base_typeattr_1027 (sock_file (relabelto)))
-(allow vendor_init base_typeattr_1027 (fifo_file (relabelto)))
+(allow vendor_init base_typeattr_1017 (file (read write create getattr setattr relabelfrom map unlink open)))
+(allow vendor_init base_typeattr_1018 (sock_file (read create getattr setattr relabelfrom unlink open)))
+(allow vendor_init base_typeattr_1018 (fifo_file (read create getattr setattr relabelfrom unlink open)))
+(allow vendor_init base_typeattr_1019 (lnk_file (create getattr setattr relabelfrom unlink)))
+(allow vendor_init base_typeattr_1020 (file (relabelto)))
+(allow vendor_init base_typeattr_1020 (dir (relabelto)))
+(allow vendor_init base_typeattr_1020 (lnk_file (relabelto)))
+(allow vendor_init base_typeattr_1020 (chr_file (relabelto)))
+(allow vendor_init base_typeattr_1020 (blk_file (relabelto)))
+(allow vendor_init base_typeattr_1020 (sock_file (relabelto)))
+(allow vendor_init base_typeattr_1020 (fifo_file (relabelto)))
 (allow vendor_init dev_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
 (allow vendor_init dev_type (lnk_file (create)))
 (allow vendor_init debugfs_tracing (file (write lock append map open)))
-(allow vendor_init base_typeattr_1028 (file (read setattr map open)))
+(allow vendor_init base_typeattr_1021 (file (read setattr map open)))
 (allow vendor_init tracefs_type (file (read setattr map open)))
-(allow vendor_init base_typeattr_1029 (dir (read setattr open search)))
+(allow vendor_init base_typeattr_1022 (dir (read setattr open search)))
 (allow vendor_init dev_type (blk_file (getattr)))
 (allow vendor_init proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow vendor_init proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
@@ -31444,7 +30858,7 @@
 (allow vendor_init proc_page_cluster (file (write lock append map open)))
 (allow vendor_init sysfs_type (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow vendor_init sysfs_type (lnk_file (read)))
-(allow vendor_init base_typeattr_1030 (file (ioctl read write getattr lock append map open watch watch_reads)))
+(allow vendor_init base_typeattr_1023 (file (ioctl read write getattr lock append map open watch watch_reads)))
 (allow vendor_init self (process (setfscreate)))
 (allow vendor_init vendor_file_type (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow vendor_init vendor_file_type (file (ioctl read getattr lock map open watch watch_reads)))
@@ -31652,68 +31066,68 @@
 (allow vendor_init device_config_vendor_system_native_boot_prop (file (read getattr map open)))
 ;;* lmx 342 system/sepolicy/private/vendor_init.te
 
-(neverallow vendor_init base_typeattr_1031 (socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (tcp_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (udp_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (rawip_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (packet_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (key_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (unix_stream_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (unix_dgram_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_route_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_tcpdiag_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_nflog_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_xfrm_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_selinux_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_audit_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_dnrt_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_kobject_uevent_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (appletalk_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (tun_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_iscsi_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_fib_lookup_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_connector_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_netfilter_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_generic_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_scsitransport_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_rdma_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netlink_crypto_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (sctp_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (icmp_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (ax25_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (ipx_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (netrom_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (atmpvc_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (x25_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (rose_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (decnet_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (atmsvc_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (rds_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (irda_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (pppox_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (llc_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (can_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (tipc_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (bluetooth_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (iucv_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (rxrpc_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (isdn_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (phonet_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (ieee802154_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (caif_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (alg_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (nfc_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (vsock_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (kcm_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (qipcrtr_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (smc_socket (connect sendto)))
-(neverallow vendor_init base_typeattr_1031 (xdp_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (tcp_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (udp_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (rawip_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (packet_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (key_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (unix_stream_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (unix_dgram_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_route_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_tcpdiag_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_nflog_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_xfrm_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_selinux_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_audit_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_dnrt_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_kobject_uevent_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (appletalk_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (tun_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_iscsi_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_fib_lookup_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_connector_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_netfilter_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_generic_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_scsitransport_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_rdma_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netlink_crypto_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (sctp_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (icmp_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (ax25_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (ipx_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (netrom_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (atmpvc_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (x25_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (rose_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (decnet_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (atmsvc_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (rds_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (irda_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (pppox_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (llc_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (can_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (tipc_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (bluetooth_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (iucv_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (rxrpc_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (isdn_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (phonet_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (ieee802154_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (caif_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (alg_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (nfc_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (vsock_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (kcm_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (qipcrtr_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (smc_socket (connect sendto)))
+(neverallow vendor_init base_typeattr_1024 (xdp_socket (connect sendto)))
 ;;* lme
 
 ;;* lmx 342 system/sepolicy/private/vendor_init.te
 
-(neverallow vendor_init base_typeattr_1031 (unix_stream_socket (connectto)))
+(neverallow vendor_init base_typeattr_1024 (unix_stream_socket (connectto)))
 ;;* lme
 
 ;;* lmx 347 system/sepolicy/private/vendor_init.te
@@ -31728,7 +31142,7 @@
 
 ;;* lmx 349 system/sepolicy/private/vendor_init.te
 
-(neverallow vendor_init base_typeattr_765 (file (entrypoint)))
+(neverallow vendor_init base_typeattr_761 (file (entrypoint)))
 ;;* lme
 
 ;;* lmx 352 system/sepolicy/private/vendor_init.te
@@ -31790,7 +31204,7 @@
 (allow vendor_shell input_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
 ;;* lmx 3 system/sepolicy/private/vendor_toolbox.te
 
-(neverallow base_typeattr_1032 vendor_toolbox_exec (file (execute execute_no_trans entrypoint)))
+(neverallow base_typeattr_1025 vendor_toolbox_exec (file (execute execute_no_trans entrypoint)))
 ;;* lme
 
 (allow init vfio_handler_exec (file (read getattr map execute open)))
@@ -31802,14 +31216,11 @@
 (allow vfio_handler vfio_handler_service (service_manager (add find)))
 ;;* lmx 1 system/sepolicy/private/vfio_handler.te
 
-(neverallow base_typeattr_1033 vfio_handler_service (service_manager (add)))
+(neverallow base_typeattr_1026 vfio_handler_service (service_manager (add)))
 ;;* lme
 
 (allow vfio_handler servicemanager (binder (call transfer)))
 (allow servicemanager vfio_handler (binder (call transfer)))
-(allow servicemanager vfio_handler (dir (search)))
-(allow servicemanager vfio_handler (file (read open)))
-(allow servicemanager vfio_handler (process (getattr)))
 (allow vfio_handler vfio_device (chr_file (getattr)))
 (allow vfio_handler vfio_device (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow vfio_handler sysfs (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -31831,9 +31242,6 @@
 (typetransition init virtual_camera_exec process virtual_camera)
 (allow virtual_camera servicemanager (binder (call transfer)))
 (allow servicemanager virtual_camera (binder (call transfer)))
-(allow servicemanager virtual_camera (dir (search)))
-(allow servicemanager virtual_camera (file (read open)))
-(allow servicemanager virtual_camera (process (getattr)))
 (allow virtual_camera cameraserver (binder (call transfer)))
 (allow cameraserver virtual_camera (binder (transfer)))
 (allow virtual_camera cameraserver (fd (use)))
@@ -31846,14 +31254,14 @@
 (allow virtual_camera appdomain (binder (call transfer)))
 (allow appdomain virtual_camera (binder (transfer)))
 (allow virtual_camera appdomain (fd (use)))
-(allow virtual_camera base_typeattr_564 (fd (use)))
+(allow virtual_camera base_typeattr_560 (fd (use)))
 (allow virtual_camera surfaceflinger (binder (call transfer)))
 (allow surfaceflinger virtual_camera (binder (transfer)))
 (allow virtual_camera surfaceflinger (fd (use)))
 (allow virtual_camera virtual_camera_service (service_manager (add find)))
 ;;* lmx 37 system/sepolicy/private/virtual_camera.te
 
-(neverallow base_typeattr_1034 virtual_camera_service (service_manager (add)))
+(neverallow base_typeattr_1027 virtual_camera_service (service_manager (add)))
 ;;* lme
 
 (allow virtual_camera gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
@@ -31899,13 +31307,10 @@
 (typetransition init virtual_touchpad_exec process virtual_touchpad)
 (allow virtual_touchpad servicemanager (binder (call transfer)))
 (allow servicemanager virtual_touchpad (binder (call transfer)))
-(allow servicemanager virtual_touchpad (dir (search)))
-(allow servicemanager virtual_touchpad (file (read open)))
-(allow servicemanager virtual_touchpad (process (getattr)))
 (allow virtual_touchpad virtual_touchpad_service (service_manager (add find)))
 ;;* lmx 7 system/sepolicy/private/virtual_touchpad.te
 
-(neverallow base_typeattr_1035 virtual_touchpad_service (service_manager (add)))
+(neverallow base_typeattr_1028 virtual_touchpad_service (service_manager (add)))
 ;;* lme
 
 (allow virtual_touchpad system_server (binder (call transfer)))
@@ -31918,9 +31323,6 @@
 (allow virtualizationmanager devpts (chr_file (ioctl read write getattr)))
 (allow virtualizationmanager servicemanager (binder (call transfer)))
 (allow servicemanager virtualizationmanager (binder (call transfer)))
-(allow servicemanager virtualizationmanager (dir (search)))
-(allow servicemanager virtualizationmanager (file (read open)))
-(allow servicemanager virtualizationmanager (process (getattr)))
 (allow virtualizationmanager virtualization_service (service_manager (find)))
 (allow virtualizationmanager virtualizationservice (binder (call transfer)))
 (allow virtualizationservice virtualizationmanager (binder (transfer)))
@@ -31957,7 +31359,7 @@
 (allow virtualizationmanager self (vsock_socket (read write create getattr setattr lock append map bind connect listen accept getopt setopt shutdown)))
 ;;* lmx 64 system/sepolicy/private/virtual_touchpad.te
 
-(neverallow base_typeattr_1036 virtualizationmanager (vsock_socket (create bind connect listen accept)))
+(neverallow base_typeattr_1029 virtualizationmanager (vsock_socket (create bind connect listen accept)))
 ;;* lme
 
 (allow virtualizationmanager hypervisor_prop (file (read getattr map open)))
@@ -31965,13 +31367,13 @@
 (dontaudit virtualizationmanager hypervisor_pvmfw_prop (file (read)))
 ;;* lmx 79 system/sepolicy/private/virtual_touchpad.te
 
-(neverallow base_typeattr_1037 hypervisor_pvmfw_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1030 hypervisor_pvmfw_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (dontaudit virtualizationmanager hypervisor_virtualizationmanager_prop (file (read)))
 ;;* lmx 90 system/sepolicy/private/virtual_touchpad.te
 
-(neverallow base_typeattr_1037 hypervisor_virtualizationmanager_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1030 hypervisor_virtualizationmanager_prop (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow virtualizationmanager tombstoned_crash_socket (sock_file (write)))
@@ -32021,19 +31423,16 @@
 (typetransition init virtualizationservice_exec process virtualizationservice)
 (allow virtualizationservice servicemanager (binder (call transfer)))
 (allow servicemanager virtualizationservice (binder (call transfer)))
-(allow servicemanager virtualizationservice (dir (search)))
-(allow servicemanager virtualizationservice (file (read open)))
-(allow servicemanager virtualizationservice (process (getattr)))
 (allow virtualizationservice virtualization_service (service_manager (add find)))
 ;;* lmx 16 system/sepolicy/private/virtualizationservice.te
 
-(neverallow base_typeattr_1038 virtualization_service (service_manager (add)))
+(neverallow base_typeattr_1031 virtualization_service (service_manager (add)))
 ;;* lme
 
 (allow virtualizationservice virtualization_maintenance_service (service_manager (add find)))
 ;;* lmx 17 system/sepolicy/private/virtualizationservice.te
 
-(neverallow base_typeattr_1038 virtualization_maintenance_service (service_manager (add)))
+(neverallow base_typeattr_1031 virtualization_maintenance_service (service_manager (add)))
 ;;* lme
 
 (allow virtualizationservice vfio_handler_service (service_manager (find)))
@@ -32089,7 +31488,7 @@
 (allow virtualizationservice self (vsock_socket (read write create getattr setattr lock append map bind listen accept getopt setopt shutdown)))
 ;;* lmx 91 system/sepolicy/private/virtualizationservice.te
 
-(neverallow base_typeattr_1039 virtualizationservice (vsock_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
+(neverallow base_typeattr_1032 virtualizationservice (vsock_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
 ;;* lme
 
 (allow virtualizationservice property_socket (sock_file (write)))
@@ -32110,24 +31509,24 @@
 (allow virtualizationservice vendor_configs_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
 ;;* lmx 120 system/sepolicy/private/virtualizationservice.te
 
-(neverallow base_typeattr_1040 virtualizationservice_prop (property_service (set)))
+(neverallow base_typeattr_1033 virtualizationservice_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 127 system/sepolicy/private/virtualizationservice.te
 
-(neverallow base_typeattr_1041 virtualizationservice_data_file (file (create open)))
+(neverallow base_typeattr_1034 virtualizationservice_data_file (file (create open)))
 ;;* lme
 
 ;;* lmx 135 system/sepolicy/private/virtualizationservice.te
 
-(neverallow virtualizationservice base_typeattr_1042 (process (setrlimit)))
+(neverallow virtualizationservice base_typeattr_1035 (process (setrlimit)))
 ;;* lme
 
 (allow virtualizationservice tun_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
 (allow virtualizationservice vmnic (fd (use)))
 ;;* lmx 143 system/sepolicy/private/virtualizationservice.te
 
-(neverallow base_typeattr_1043 vfio_handler (binder (call)))
+(neverallow base_typeattr_1036 vfio_handler (binder (call)))
 ;;* lme
 
 (typetransition vmlauncher_app tmpfs file appdomain_tmpfs)
@@ -32135,23 +31534,23 @@
 (dontaudit su vmlauncher_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 4 system/sepolicy/private/vmlauncher_app.te
 
-(neverallow base_typeattr_1044 vmlauncher_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1037 vmlauncher_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow vmlauncher_app appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 4 system/sepolicy/private/vmlauncher_app.te
 
-(neverallow base_typeattr_1045 base_typeattr_1044 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1038 base_typeattr_1037 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/vmlauncher_app.te
 
-(neverallow base_typeattr_1046 vmlauncher_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1039 vmlauncher_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 4 system/sepolicy/private/vmlauncher_app.te
 
-(neverallow base_typeattr_1047 vmlauncher_app (process (ptrace)))
+(neverallow base_typeattr_1040 vmlauncher_app (process (ptrace)))
 ;;* lme
 
 (allow vmlauncher_app app_api_service (service_manager (find)))
@@ -32200,14 +31599,11 @@
 (allow vmnic vmnic_service (service_manager (add find)))
 ;;* lmx 1 system/sepolicy/private/vmnic.te
 
-(neverallow base_typeattr_1048 vmnic_service (service_manager (add)))
+(neverallow base_typeattr_1041 vmnic_service (service_manager (add)))
 ;;* lme
 
 (allow vmnic servicemanager (binder (call transfer)))
 (allow servicemanager vmnic (binder (call transfer)))
-(allow servicemanager vmnic (dir (search)))
-(allow servicemanager vmnic (file (read open)))
-(allow servicemanager vmnic (process (getattr)))
 (allow vmnic self (capability (net_admin)))
 (allow vmnic self (cap_userns (net_admin)))
 (allow vmnic self (tun_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
@@ -32217,7 +31613,7 @@
 (allowx vmnic self (ioctl udp_socket (0x8914)))
 ;;* lmx 1 system/sepolicy/private/vmnic.te
 
-(neverallow base_typeattr_1049 vmnic (binder (call)))
+(neverallow base_typeattr_1042 vmnic (binder (call)))
 ;;* lme
 
 (allow init vold_exec (file (read getattr map execute open)))
@@ -32322,19 +31718,15 @@
 (allow vold keystore_maintenance_service (service_manager (find)))
 (allow vold keystore (keystore2 (early_boot_ended)))
 (allow vold keystore (keystore2 (delete_all_keys)))
-(allow vold storage_area_app_dir (dir (search)))
-(allow vold storage_area_dir (dir (ioctl read getattr open)))
-(allow vold storage_area_key_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
-(allow vold storage_area_key_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
 (allow vold system_userdir_file (dir (write add_name remove_name)))
 (allow vold vendor_userdir_file (dir (write add_name remove_name)))
 (allow vold media_userdir_file (dir (write add_name remove_name)))
 (allow vold cache_file (dir (ioctl read getattr lock open watch watch_reads search)))
 (allow vold cache_file (file (read getattr)))
 (allow vold cache_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow vold base_typeattr_1050 (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow vold base_typeattr_1050 (file (ioctl read getattr lock map open watch watch_reads)))
-(allow vold base_typeattr_1050 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
+(allow vold base_typeattr_1043 (dir (ioctl read getattr lock open watch watch_reads search)))
+(allow vold base_typeattr_1043 (file (ioctl read getattr lock map open watch watch_reads)))
+(allow vold base_typeattr_1043 (lnk_file (ioctl read getattr lock map open watch watch_reads)))
 (allow vold sysfs (file (write lock append map open)))
 (allow vold sysfs_devices_block (file (write lock append map open)))
 (allow vold sysfs_dm (file (write lock append map open)))
@@ -32363,10 +31755,8 @@
 (allowx vold data_file_type (ioctl dir (0x6613 (range 0x6615 0x6618) 0x661a)))
 (allowx vold vold_metadata_file (ioctl file (0x660b)))
 (allowx vold vold_data_file (ioctl file (0x660b)))
-(allowx vold storage_area_key_file (ioctl file (0x660b)))
 (allowx vold vold_metadata_file (ioctl file (0xf514)))
 (allowx vold vold_data_file (ioctl file (0xf514)))
-(allowx vold storage_area_key_file (ioctl file (0xf514)))
 (allow vold self (process (setfscreate)))
 (allow vold system_file (file (getattr map execute execute_no_trans)))
 (allow vold block_device (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
@@ -32459,22 +31849,13 @@
 (allow vold system_suspend_hwservice (hwservice_manager (find)))
 (allow vold hwservicemanager (binder (call transfer)))
 (allow hwservicemanager vold (binder (call transfer)))
-(allow hwservicemanager vold (dir (search)))
-(allow hwservicemanager vold (file (read map open)))
-(allow hwservicemanager vold (process (getattr)))
 (allow vold hwservicemanager_prop (file (read getattr map open)))
 (allow vold hidl_manager_hwservice (hwservice_manager (find)))
 (allow vold hal_system_suspend_service (service_manager (find)))
 (allow vold servicemanager (binder (call transfer)))
 (allow servicemanager vold (binder (call transfer)))
-(allow servicemanager vold (dir (search)))
-(allow servicemanager vold (file (read open)))
-(allow servicemanager vold (process (getattr)))
 (allow vold servicemanager (binder (call transfer)))
 (allow servicemanager vold (binder (call transfer)))
-(allow servicemanager vold (dir (search)))
-(allow servicemanager vold (file (read open)))
-(allow servicemanager vold (process (getattr)))
 (allow vold vold_service (service_manager (add find)))
 ;;* lmx 296 system/sepolicy/private/vold.te
 
@@ -32532,7 +31913,7 @@
 (allow vold vendor_apex_file (file (ioctl read getattr lock map open watch watch_reads)))
 ;;* lmx 388 system/sepolicy/private/vold.te
 
-(neverallow base_typeattr_1051 vold_service (service_manager (find)))
+(neverallow base_typeattr_1044 vold_service (service_manager (find)))
 ;;* lme
 
 ;;* lmx 405 system/sepolicy/private/vold.te
@@ -32544,7 +31925,7 @@
 
 ;;* lmx 414 system/sepolicy/private/vold.te
 
-(neverallowx base_typeattr_1052 data_file_type (ioctl dir (0x6613)))
+(neverallowx base_typeattr_442 data_file_type (ioctl dir (0x6613)))
 ;;* lme
 
 ;;* lmx 420 system/sepolicy/private/vold.te
@@ -32554,55 +31935,55 @@
 
 ;;* lmx 426 system/sepolicy/private/vold.te
 
-(neverallow base_typeattr_1053 vold_data_file (dir (write lock append map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
+(neverallow base_typeattr_1045 vold_data_file (dir (write lock append map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
 ;;* lme
 
 ;;* lmx 433 system/sepolicy/private/vold.te
 
-(neverallow base_typeattr_1054 vold_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_1046 vold_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 ;;* lmx 439 system/sepolicy/private/vold.te
 
-(neverallow base_typeattr_518 vold_metadata_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
+(neverallow base_typeattr_514 vold_metadata_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
 ;;* lme
 
 ;;* lmx 446 system/sepolicy/private/vold.te
 
-(neverallow base_typeattr_1055 vold_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_1055 vold_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1055 vold_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1055 vold_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1047 vold_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_1047 vold_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1047 vold_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1047 vold_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 453 system/sepolicy/private/vold.te
 
-(neverallow base_typeattr_1054 vold_metadata_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_1054 vold_metadata_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1054 vold_metadata_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1054 vold_metadata_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1046 vold_metadata_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_1046 vold_metadata_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1046 vold_metadata_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1046 vold_metadata_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 461 system/sepolicy/private/vold.te
 
-(neverallow base_typeattr_1056 vold_metadata_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_1056 vold_metadata_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1056 vold_metadata_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1056 vold_metadata_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1056 vold_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
-(neverallow base_typeattr_1056 vold_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1056 vold_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
-(neverallow base_typeattr_1056 vold_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1048 vold_metadata_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_1048 vold_metadata_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1048 vold_metadata_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1048 vold_metadata_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1048 vold_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
+(neverallow base_typeattr_1048 vold_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1048 vold_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1048 vold_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 463 system/sepolicy/private/vold.te
 
-(neverallow base_typeattr_518 restorecon_prop (property_service (set)))
+(neverallow base_typeattr_514 restorecon_prop (property_service (set)))
 ;;* lme
 
 ;;* lmx 476 system/sepolicy/private/vold.te
 
-(neverallow vold base_typeattr_1057 (binder (call)))
+(neverallow vold base_typeattr_1049 (binder (call)))
 ;;* lme
 
 ;;* lmx 478 system/sepolicy/private/vold.te
@@ -32660,7 +32041,6 @@
 (allow vold_prepare_subdirs sdk_sandbox_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
 (allow vold_prepare_subdirs rollback_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
 (allow vold_prepare_subdirs checkin_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
-(allow vold_prepare_subdirs storage_area_key_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
 (allow vold_prepare_subdirs apex_data_file_type (file (getattr unlink)))
 (allow vold_prepare_subdirs system_data_file (file (getattr unlink)))
 (allow vold_prepare_subdirs apex_module_data_file (file (getattr unlink)))
@@ -32679,20 +32059,6 @@
 (allow vold_prepare_subdirs mnt_expand_file (dir (search)))
 (allow vold_prepare_subdirs user_profile_data_file (dir (getattr relabelfrom search)))
 (allow vold_prepare_subdirs user_profile_root_file (dir (getattr relabelfrom relabelto search)))
-(allow vold_prepare_subdirs storage_area_app_dir (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink open watch watch_reads add_name remove_name search rmdir)))
-(allow vold_prepare_subdirs storage_area_dir (dir (ioctl read write create getattr setattr lock relabelfrom relabelto unlink open watch watch_reads add_name remove_name search rmdir)))
-(typetransition vold_prepare_subdirs storage_area_app_dir dir storage_area_dir)
-(allow vold_prepare_subdirs selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
-(allow vold_prepare_subdirs selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
-(allow vold_prepare_subdirs selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
-(allow vold_prepare_subdirs selinuxfs (file (write lock append map open)))
-(allow vold_prepare_subdirs kernel (security (check_context)))
-(allowx vold_prepare_subdirs storage_area_dir (ioctl dir (0x6613)))
-;;* lmx 82 system/sepolicy/private/vold_prepare_subdirs.te
-
-(neverallowx vold_prepare_subdirs base_typeattr_1058 (ioctl dir (0x6613)))
-;;* lme
-
 (allow vold_prepare_subdirs apex_tethering_data_file (dir (relabelfrom)))
 (allow vold_prepare_subdirs apex_appsearch_data_file (dir (relabelfrom)))
 (allow vold_prepare_subdirs apex_permission_data_file (dir (relabelfrom)))
@@ -32706,23 +32072,23 @@
 (dontaudit su vzwomatrigger_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 6 system/sepolicy/private/vzwomatrigger_app.te
 
-(neverallow base_typeattr_1059 vzwomatrigger_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1050 vzwomatrigger_app_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow vzwomatrigger_app appdomain_tmpfs (file (read write getattr map execute)))
 ;;* lmx 6 system/sepolicy/private/vzwomatrigger_app.te
 
-(neverallow base_typeattr_1060 base_typeattr_1059 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1051 base_typeattr_1050 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/vzwomatrigger_app.te
 
-(neverallow base_typeattr_1061 vzwomatrigger_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1052 vzwomatrigger_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 ;;* lmx 6 system/sepolicy/private/vzwomatrigger_app.te
 
-(neverallow base_typeattr_1062 vzwomatrigger_app (process (ptrace)))
+(neverallow base_typeattr_1053 vzwomatrigger_app (process (ptrace)))
 ;;* lme
 
 (allow init watchdogd_exec (file (read getattr map execute open)))
@@ -32739,7 +32105,7 @@
 (dontaudit su webview_zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lmx 13 system/sepolicy/private/webview_zygote.te
 
-(neverallow base_typeattr_1063 webview_zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
+(neverallow base_typeattr_1054 webview_zygote_userfaultfd (anon_inode (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
 ;;* lme
 
 (allow webview_zygote apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
@@ -32916,9 +32282,6 @@
 
 (allow wifi_mainline_supplicant servicemanager (binder (call transfer)))
 (allow servicemanager wifi_mainline_supplicant (binder (call transfer)))
-(allow servicemanager wifi_mainline_supplicant (dir (search)))
-(allow servicemanager wifi_mainline_supplicant (file (read open)))
-(allow servicemanager wifi_mainline_supplicant (process (getattr)))
 (allow init wifi_mainline_supplicant_exec (file (read getattr map execute open)))
 (allow init wifi_mainline_supplicant (process (transition)))
 (allow wifi_mainline_supplicant wifi_mainline_supplicant_exec (file (read getattr map execute open entrypoint)))
@@ -32928,7 +32291,7 @@
 (allow wifi_mainline_supplicant wifi_mainline_supplicant_service (service_manager (add find)))
 ;;* lmx 6 system/sepolicy/private/wifi_mainline_supplicant.te
 
-(neverallow base_typeattr_1064 wifi_mainline_supplicant_service (service_manager (add)))
+(neverallow base_typeattr_1055 wifi_mainline_supplicant_service (service_manager (add)))
 ;;* lme
 
 (allow wifi_mainline_supplicant self (capability (net_admin net_raw)))
@@ -32973,9 +32336,6 @@
 (typetransition init wificond_exec process wificond)
 (allow wificond servicemanager (binder (call transfer)))
 (allow servicemanager wificond (binder (call transfer)))
-(allow servicemanager wificond (dir (search)))
-(allow servicemanager wificond (file (read open)))
-(allow servicemanager wificond (process (getattr)))
 (allow wificond system_server (binder (call transfer)))
 (allow system_server wificond (binder (transfer)))
 (allow wificond system_server (fd (use)))
@@ -32985,7 +32345,7 @@
 (allow wificond wifinl80211_service (service_manager (add find)))
 ;;* lmx 17 system/sepolicy/private/wificond.te
 
-(neverallow base_typeattr_1065 wifinl80211_service (service_manager (add)))
+(neverallow base_typeattr_1056 wifinl80211_service (service_manager (add)))
 ;;* lme
 
 (allow wificond self (udp_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
@@ -33002,14 +32362,11 @@
 (allow wificond dumpstate (fifo_file (write)))
 (allow wificond hwservicemanager (binder (call transfer)))
 (allow hwservicemanager wificond (binder (call transfer)))
-(allow hwservicemanager wificond (dir (search)))
-(allow hwservicemanager wificond (file (read map open)))
-(allow hwservicemanager wificond (process (getattr)))
 (allow wificond system_wifi_keystore_hwservice (hwservice_manager (add find)))
 (allow wificond hidl_base_hwservice (hwservice_manager (add)))
 ;;* lmx 42 system/sepolicy/private/wificond.te
 
-(neverallow base_typeattr_1065 system_wifi_keystore_hwservice (hwservice_manager (add)))
+(neverallow base_typeattr_1056 system_wifi_keystore_hwservice (hwservice_manager (add)))
 ;;* lme
 
 (allow wificond keystore_service (service_manager (find)))
@@ -33163,12 +32520,12 @@
 (allow zygote system_font_fallback_file (file (ioctl read getattr lock map open watch watch_reads)))
 ;;* lmx 289 system/sepolicy/private/zygote.te
 
-(neverallow zygote base_typeattr_1066 (process (dyntransition)))
+(neverallow zygote base_typeattr_1057 (process (dyntransition)))
 ;;* lme
 
 ;;* lmx 298 system/sepolicy/private/zygote.te
 
-(neverallow zygote base_typeattr_1067 (file (execute execute_no_trans)))
+(neverallow zygote base_typeattr_1058 (file (execute execute_no_trans)))
 ;;* lme
 
 ;;* lmx 306 system/sepolicy/private/zygote.te
@@ -33231,1232 +32588,1214 @@
 (typetransition bluetooth bluetooth anon_inode "[userfaultfd]" bluetooth_userfaultfd)
 (typetransition artd artd anon_inode "[userfaultfd]" artd_userfaultfd)
 (typetransition app_zygote app_zygote anon_inode "[userfaultfd]" app_zygote_userfaultfd)
-(typeattribute base_typeattr_1067)
-(typeattributeset base_typeattr_1067 (and (data_file_type ) (not (dalvikcache_data_file apex_art_data_file ))))
-(typeattribute base_typeattr_1066)
-(typeattributeset base_typeattr_1066 (not (appdomain app_zygote webview_zygote system_server_startup ) ))
-(typeattribute base_typeattr_1065)
-(typeattributeset base_typeattr_1065 (and (domain ) (not (wificond ))))
-(typeattribute base_typeattr_1064)
-(typeattributeset base_typeattr_1064 (and (domain ) (not (wifi_mainline_supplicant ))))
-(typeattribute base_typeattr_1063)
-(typeattributeset base_typeattr_1063 (and (domain ) (not (webview_zygote ))))
-(typeattribute base_typeattr_1062)
-(typeattributeset base_typeattr_1062 (and (domain ) (not (crash_dump runas_app simpleperf vzwomatrigger_app ))))
-(typeattribute base_typeattr_1061)
-(typeattributeset base_typeattr_1061 (and (appdomain ) (not (runas_app shell simpleperf vzwomatrigger_app ))))
-(typeattribute base_typeattr_1060)
-(typeattributeset base_typeattr_1060 (and (vzwomatrigger_app ) (not (runas_app shell simpleperf ))))
-(typeattribute base_typeattr_1059)
-(typeattributeset base_typeattr_1059 (and (domain ) (not (vzwomatrigger_app ))))
 (typeattribute base_typeattr_1058)
-(typeattributeset base_typeattr_1058 (and (data_file_type ) (not (storage_area_dir ))))
+(typeattributeset base_typeattr_1058 (and (data_file_type ) (not (dalvikcache_data_file apex_art_data_file ))))
 (typeattribute base_typeattr_1057)
-(typeattributeset base_typeattr_1057 (and (domain ) (not (hal_bootctl_server hal_health_storage_server hal_keymaster_server system_suspend_server hwservicemanager keystore servicemanager system_server ))))
+(typeattributeset base_typeattr_1057 (not (appdomain app_zygote webview_zygote system_server_startup ) ))
 (typeattribute base_typeattr_1056)
-(typeattributeset base_typeattr_1056 (and (domain ) (not (init kernel vold vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_1056 (and (domain ) (not (wificond ))))
 (typeattribute base_typeattr_1055)
-(typeattributeset base_typeattr_1055 (and (domain ) (not (kernel vold vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_1055 (and (domain ) (not (wifi_mainline_supplicant ))))
 (typeattribute base_typeattr_1054)
-(typeattributeset base_typeattr_1054 (and (domain ) (not (init vold vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_1054 (and (domain ) (not (webview_zygote ))))
 (typeattribute base_typeattr_1053)
-(typeattributeset base_typeattr_1053 (and (domain ) (not (vold vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_1053 (and (domain ) (not (crash_dump runas_app simpleperf vzwomatrigger_app ))))
 (typeattribute base_typeattr_1052)
-(typeattributeset base_typeattr_1052 (and (domain ) (not (init vendor_init vold vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_1052 (and (appdomain ) (not (runas_app shell simpleperf vzwomatrigger_app ))))
 (typeattribute base_typeattr_1051)
-(typeattributeset base_typeattr_1051 (and (domain ) (not (apexd system_server update_verifier vdc vold gsid ))))
+(typeattributeset base_typeattr_1051 (and (vzwomatrigger_app ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_1050)
-(typeattributeset base_typeattr_1050 (and (sysfs_type ) (not (sysfs_batteryinfo ))))
+(typeattributeset base_typeattr_1050 (and (domain ) (not (vzwomatrigger_app ))))
 (typeattribute base_typeattr_1049)
-(typeattributeset base_typeattr_1049 (and (domain ) (not (servicemanager virtualizationservice ))))
+(typeattributeset base_typeattr_1049 (and (domain ) (not (hal_bootctl_server hal_health_storage_server hal_keymaster_server system_suspend_server hwservicemanager keystore servicemanager system_server ))))
 (typeattribute base_typeattr_1048)
-(typeattributeset base_typeattr_1048 (and (domain ) (not (vmnic ))))
+(typeattributeset base_typeattr_1048 (and (domain ) (not (init kernel vold vold_prepare_subdirs ))))
 (typeattribute base_typeattr_1047)
-(typeattributeset base_typeattr_1047 (and (domain ) (not (crash_dump runas_app simpleperf vmlauncher_app ))))
+(typeattributeset base_typeattr_1047 (and (domain ) (not (kernel vold vold_prepare_subdirs ))))
 (typeattribute base_typeattr_1046)
-(typeattributeset base_typeattr_1046 (and (appdomain ) (not (runas_app shell simpleperf vmlauncher_app ))))
+(typeattributeset base_typeattr_1046 (and (domain ) (not (init vold vold_prepare_subdirs ))))
 (typeattribute base_typeattr_1045)
-(typeattributeset base_typeattr_1045 (and (vmlauncher_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_1045 (and (domain ) (not (vold vold_prepare_subdirs ))))
 (typeattribute base_typeattr_1044)
-(typeattributeset base_typeattr_1044 (and (domain ) (not (vmlauncher_app ))))
+(typeattributeset base_typeattr_1044 (and (domain ) (not (apexd system_server update_verifier vdc vold gsid ))))
 (typeattribute base_typeattr_1043)
-(typeattributeset base_typeattr_1043 (and (domain ) (not (servicemanager virtualizationmanager virtualizationservice ))))
+(typeattributeset base_typeattr_1043 (and (sysfs_type ) (not (sysfs_batteryinfo ))))
 (typeattribute base_typeattr_1042)
-(typeattributeset base_typeattr_1042 (and (domain ) (not (crosvm virtualizationmanager virtualizationservice ))))
+(typeattributeset base_typeattr_1042 (and (domain ) (not (servicemanager virtualizationservice ))))
 (typeattribute base_typeattr_1041)
-(typeattributeset base_typeattr_1041 (and (domain ) (not (init virtualizationmanager virtualizationservice ))))
+(typeattributeset base_typeattr_1041 (and (domain ) (not (vmnic ))))
 (typeattribute base_typeattr_1040)
-(typeattributeset base_typeattr_1040 (and (domain ) (not (init virtualizationservice ))))
+(typeattributeset base_typeattr_1040 (and (domain ) (not (crash_dump runas_app simpleperf vmlauncher_app ))))
 (typeattribute base_typeattr_1039)
-(typeattributeset base_typeattr_1039 (and (domain ) (not (dumpstate virtualizationservice ))))
+(typeattributeset base_typeattr_1039 (and (appdomain ) (not (runas_app shell simpleperf vmlauncher_app ))))
 (typeattribute base_typeattr_1038)
-(typeattributeset base_typeattr_1038 (and (domain ) (not (virtualizationservice ))))
+(typeattributeset base_typeattr_1038 (and (vmlauncher_app ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_1037)
-(typeattributeset base_typeattr_1037 (and (domain ) (not (dumpstate early_virtmgr init ))))
+(typeattributeset base_typeattr_1037 (and (domain ) (not (vmlauncher_app ))))
 (typeattribute base_typeattr_1036)
-(typeattributeset base_typeattr_1036 (and (domain ) (not (virtualizationmanager ))))
+(typeattributeset base_typeattr_1036 (and (domain ) (not (servicemanager virtualizationmanager virtualizationservice ))))
 (typeattribute base_typeattr_1035)
-(typeattributeset base_typeattr_1035 (and (domain ) (not (virtual_touchpad ))))
+(typeattributeset base_typeattr_1035 (and (domain ) (not (crosvm virtualizationmanager virtualizationservice ))))
 (typeattribute base_typeattr_1034)
-(typeattributeset base_typeattr_1034 (and (domain ) (not (virtual_camera ))))
+(typeattributeset base_typeattr_1034 (and (domain ) (not (init virtualizationmanager virtualizationservice ))))
 (typeattribute base_typeattr_1033)
-(typeattributeset base_typeattr_1033 (and (domain ) (not (vfio_handler ))))
+(typeattributeset base_typeattr_1033 (and (domain ) (not (init virtualizationservice ))))
 (typeattribute base_typeattr_1032)
-(typeattributeset base_typeattr_1032 (and (coredomain ) (not (init modprobe ))))
+(typeattributeset base_typeattr_1032 (and (domain ) (not (dumpstate virtualizationservice ))))
 (typeattribute base_typeattr_1031)
-(typeattributeset base_typeattr_1031 (and (domain ) (not (init logd prng_seeder su vendor_init ))))
+(typeattributeset base_typeattr_1031 (and (domain ) (not (virtualizationservice ))))
 (typeattribute base_typeattr_1030)
-(typeattributeset base_typeattr_1030 (and (sysfs_type ) (not (sysfs_usermodehelper ))))
+(typeattributeset base_typeattr_1030 (and (domain ) (not (dumpstate early_virtmgr init ))))
 (typeattribute base_typeattr_1029)
-(typeattributeset base_typeattr_1029 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type sdcard_type rootfs proc_uid_time_in_state proc_uid_concurrent_active_time proc_uid_concurrent_policy_time ))))
+(typeattributeset base_typeattr_1029 (and (domain ) (not (virtualizationmanager ))))
 (typeattribute base_typeattr_1028)
-(typeattributeset base_typeattr_1028 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type debugfs_type sdcard_type keychord_device rootfs proc_kallsyms proc_uid_time_in_state proc_uid_concurrent_active_time proc_uid_concurrent_policy_time ))))
+(typeattributeset base_typeattr_1028 (and (domain ) (not (virtual_touchpad ))))
 (typeattribute base_typeattr_1027)
-(typeattributeset base_typeattr_1027 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file mnt_product_file ))))
+(typeattributeset base_typeattr_1027 (and (domain ) (not (virtual_camera ))))
 (typeattribute base_typeattr_1026)
-(typeattributeset base_typeattr_1026 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file apex_mnt_dir ))))
+(typeattributeset base_typeattr_1026 (and (domain ) (not (vfio_handler ))))
 (typeattribute base_typeattr_1025)
-(typeattributeset base_typeattr_1025 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file ))))
+(typeattributeset base_typeattr_1025 (and (coredomain ) (not (init modprobe ))))
 (typeattribute base_typeattr_1024)
-(typeattributeset base_typeattr_1024 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type debugfs_type gsi_metadata_file_type proc_kallsyms unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file runtime_event_log_tags_file apex_info_file tradeinmode_metadata_file ))))
+(typeattributeset base_typeattr_1024 (and (domain ) (not (init logd prng_seeder su vendor_init ))))
 (typeattribute base_typeattr_1023)
-(typeattributeset base_typeattr_1023 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file mnt_product_file ))))
+(typeattributeset base_typeattr_1023 (and (sysfs_type ) (not (sysfs_usermodehelper ))))
 (typeattribute base_typeattr_1022)
-(typeattributeset base_typeattr_1022 (and (dev_type ) (not (vm_manager_device_type keychord_device hw_random_device port_device lowpan_device ))))
+(typeattributeset base_typeattr_1022 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type sdcard_type rootfs proc_uid_time_in_state proc_uid_concurrent_active_time proc_uid_concurrent_policy_time ))))
 (typeattribute base_typeattr_1021)
-(typeattributeset base_typeattr_1021 (and (domain ) (not (update_engine ))))
+(typeattributeset base_typeattr_1021 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type debugfs_type sdcard_type keychord_device rootfs proc_kallsyms proc_uid_time_in_state proc_uid_concurrent_active_time proc_uid_concurrent_policy_time ))))
 (typeattribute base_typeattr_1020)
-(typeattributeset base_typeattr_1020 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_32 ))))
+(typeattributeset base_typeattr_1020 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file mnt_product_file ))))
 (typeattribute base_typeattr_1019)
-(typeattributeset base_typeattr_1019 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_32 ))))
+(typeattributeset base_typeattr_1019 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file apex_mnt_dir ))))
 (typeattribute base_typeattr_1018)
-(typeattributeset base_typeattr_1018 (and (untrusted_app_32 ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_1018 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file ))))
 (typeattribute base_typeattr_1017)
-(typeattributeset base_typeattr_1017 (and (domain ) (not (untrusted_app_32 ))))
+(typeattributeset base_typeattr_1017 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type debugfs_type gsi_metadata_file_type proc_kallsyms unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file runtime_event_log_tags_file apex_info_file tradeinmode_metadata_file ))))
 (typeattribute base_typeattr_1016)
-(typeattributeset base_typeattr_1016 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_30 ))))
+(typeattributeset base_typeattr_1016 (and (file_type ) (not (bpffs_type exec_type core_data_file_type system_file_type system_dlkm_file_type vendor_file_type gsi_metadata_file_type unlabeled vold_metadata_file password_slot_metadata_file apex_metadata_file ota_metadata_file userspace_reboot_metadata_file aconfig_storage_metadata_file aconfig_storage_flags_metadata_file mnt_product_file ))))
 (typeattribute base_typeattr_1015)
-(typeattributeset base_typeattr_1015 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_30 ))))
+(typeattributeset base_typeattr_1015 (and (dev_type ) (not (vm_manager_device_type keychord_device hw_random_device port_device lowpan_device ))))
 (typeattribute base_typeattr_1014)
-(typeattributeset base_typeattr_1014 (and (untrusted_app_30 ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_1014 (and (domain ) (not (update_engine ))))
 (typeattribute base_typeattr_1013)
-(typeattributeset base_typeattr_1013 (and (domain ) (not (untrusted_app_30 ))))
+(typeattributeset base_typeattr_1013 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_32 ))))
 (typeattribute base_typeattr_1012)
-(typeattributeset base_typeattr_1012 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_29 ))))
+(typeattributeset base_typeattr_1012 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_32 ))))
 (typeattribute base_typeattr_1011)
-(typeattributeset base_typeattr_1011 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_29 ))))
+(typeattributeset base_typeattr_1011 (and (untrusted_app_32 ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_1010)
-(typeattributeset base_typeattr_1010 (and (untrusted_app_29 ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_1010 (and (domain ) (not (untrusted_app_32 ))))
 (typeattribute base_typeattr_1009)
-(typeattributeset base_typeattr_1009 (and (domain ) (not (untrusted_app_29 ))))
+(typeattributeset base_typeattr_1009 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_30 ))))
 (typeattribute base_typeattr_1008)
-(typeattributeset base_typeattr_1008 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_27 ))))
+(typeattributeset base_typeattr_1008 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_30 ))))
 (typeattribute base_typeattr_1007)
-(typeattributeset base_typeattr_1007 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_27 ))))
+(typeattributeset base_typeattr_1007 (and (untrusted_app_30 ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_1006)
-(typeattributeset base_typeattr_1006 (and (untrusted_app_27 ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_1006 (and (domain ) (not (untrusted_app_30 ))))
 (typeattribute base_typeattr_1005)
-(typeattributeset base_typeattr_1005 (and (domain ) (not (untrusted_app_27 ))))
+(typeattributeset base_typeattr_1005 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_29 ))))
 (typeattribute base_typeattr_1004)
-(typeattributeset base_typeattr_1004 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_25 ))))
+(typeattributeset base_typeattr_1004 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_29 ))))
 (typeattribute base_typeattr_1003)
-(typeattributeset base_typeattr_1003 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_25 ))))
+(typeattributeset base_typeattr_1003 (and (untrusted_app_29 ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_1002)
-(typeattributeset base_typeattr_1002 (and (untrusted_app_25 ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_1002 (and (domain ) (not (untrusted_app_29 ))))
 (typeattribute base_typeattr_1001)
-(typeattributeset base_typeattr_1001 (and (domain ) (not (untrusted_app_25 ))))
+(typeattributeset base_typeattr_1001 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_27 ))))
 (typeattribute base_typeattr_1000)
-(typeattributeset base_typeattr_1000 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app ))))
+(typeattributeset base_typeattr_1000 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_27 ))))
 (typeattribute base_typeattr_999)
-(typeattributeset base_typeattr_999 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app ))))
+(typeattributeset base_typeattr_999 (and (untrusted_app_27 ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_998)
-(typeattributeset base_typeattr_998 (and (untrusted_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_998 (and (domain ) (not (untrusted_app_27 ))))
 (typeattribute base_typeattr_997)
-(typeattributeset base_typeattr_997 (and (domain ) (not (untrusted_app ))))
+(typeattributeset base_typeattr_997 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app_25 ))))
 (typeattribute base_typeattr_996)
-(typeattributeset base_typeattr_996 (and (vendor_file_type ) (not (vendor_app_file vendor_overlay_file ))))
+(typeattributeset base_typeattr_996 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app_25 ))))
 (typeattribute base_typeattr_995)
-(typeattributeset base_typeattr_995 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service gatekeeper_service incident_service installd_service lpdump_service mdns_service netd_service virtual_touchpad_service vold_service ))))
+(typeattributeset base_typeattr_995 (and (untrusted_app_25 ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_994)
-(typeattributeset base_typeattr_994 (and (domain ) (not (crash_dump runas_app simpleperf traceur_app ))))
+(typeattributeset base_typeattr_994 (and (domain ) (not (untrusted_app_25 ))))
 (typeattribute base_typeattr_993)
-(typeattributeset base_typeattr_993 (and (appdomain ) (not (runas_app shell simpleperf traceur_app ))))
+(typeattributeset base_typeattr_993 (and (domain ) (not (crash_dump runas_app simpleperf untrusted_app ))))
 (typeattribute base_typeattr_992)
-(typeattributeset base_typeattr_992 (and (traceur_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_992 (and (appdomain ) (not (runas_app shell simpleperf untrusted_app ))))
 (typeattribute base_typeattr_991)
-(typeattributeset base_typeattr_991 (and (domain ) (not (traceur_app ))))
+(typeattributeset base_typeattr_991 (and (untrusted_app ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_990)
-(typeattributeset base_typeattr_990 (and (data_file_type ) (not (packages_list_file game_mode_intervention_list_file ))))
+(typeattributeset base_typeattr_990 (and (domain ) (not (untrusted_app ))))
 (typeattribute base_typeattr_989)
-(typeattributeset base_typeattr_989 (and (data_file_type ) (not (system_data_root_file system_data_file system_userdir_file vendor_data_file vendor_userdir_file apk_data_file dalvikcache_data_file user_profile_root_file user_profile_data_file apex_module_data_file bootstat_data_file media_userdir_file update_engine_data_file update_engine_log_data_file system_app_data_file backup_data_file apex_art_data_file ))))
+(typeattributeset base_typeattr_989 (and (vendor_file_type ) (not (vendor_app_file vendor_overlay_file ))))
 (typeattribute base_typeattr_988)
-(typeattributeset base_typeattr_988 (and (domain ) (not (dumpstate perfetto platform_app shell system_server traced traceur_app ))))
+(typeattributeset base_typeattr_988 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service gatekeeper_service incident_service installd_service lpdump_service mdns_service netd_service virtual_touchpad_service vold_service ))))
 (typeattribute base_typeattr_987)
-(typeattributeset base_typeattr_987 (and (data_file_type ) (not (trace_data_file perfetto_traces_data_file ))))
+(typeattributeset base_typeattr_987 (and (domain ) (not (crash_dump runas_app simpleperf traceur_app ))))
 (typeattribute base_typeattr_986)
-(typeattributeset base_typeattr_986 (and (data_file_type ) (not (system_data_root_file system_data_file system_userdir_file vendor_data_file vendor_userdir_file media_userdir_file perfetto_traces_data_file ))))
+(typeattributeset base_typeattr_986 (and (appdomain ) (not (runas_app shell simpleperf traceur_app ))))
 (typeattribute base_typeattr_985)
-(typeattributeset base_typeattr_985 (and (fs_type file_type ) (not (toolbox_exec ))))
+(typeattributeset base_typeattr_985 (and (traceur_app ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_984)
-(typeattributeset base_typeattr_984 (and (domain ) (not (dumpstate init tombstoned vendor_init ))))
+(typeattributeset base_typeattr_984 (and (domain ) (not (traceur_app ))))
 (typeattribute base_typeattr_983)
-(typeattributeset base_typeattr_983 (and (domain ) (not (system_suspend_server ))))
+(typeattributeset base_typeattr_983 (and (data_file_type ) (not (packages_list_file game_mode_intervention_list_file ))))
 (typeattribute base_typeattr_982)
-(typeattributeset base_typeattr_982 (and (domain ) (not (system_suspend_internal_server atrace dumpstate system_server traced_probes traceur_app ))))
+(typeattributeset base_typeattr_982 (and (data_file_type ) (not (system_data_root_file system_data_file system_userdir_file vendor_data_file vendor_userdir_file apk_data_file dalvikcache_data_file user_profile_root_file user_profile_data_file apex_module_data_file bootstat_data_file media_userdir_file update_engine_data_file update_engine_log_data_file system_app_data_file backup_data_file apex_art_data_file ))))
 (typeattribute base_typeattr_981)
-(typeattributeset base_typeattr_981 (and (domain ) (not (system_suspend_internal_server ))))
+(typeattributeset base_typeattr_981 (and (domain ) (not (dumpstate perfetto platform_app shell system_server traced traceur_app ))))
 (typeattribute base_typeattr_980)
-(typeattributeset base_typeattr_980 (and (domain ) (not (atrace bluetooth dumpstate system_server traceur_app system_suspend ))))
+(typeattributeset base_typeattr_980 (and (data_file_type ) (not (trace_data_file perfetto_traces_data_file ))))
 (typeattribute base_typeattr_979)
-(typeattributeset base_typeattr_979 (and (domain ) (not (system_suspend ))))
+(typeattributeset base_typeattr_979 (and (data_file_type ) (not (system_data_root_file system_data_file system_userdir_file vendor_data_file vendor_userdir_file media_userdir_file perfetto_traces_data_file ))))
 (typeattribute base_typeattr_978)
-(typeattributeset base_typeattr_978 (and (domain ) (not (init shell system_server vendor_init ))))
+(typeattributeset base_typeattr_978 (and (fs_type file_type ) (not (toolbox_exec ))))
 (typeattribute base_typeattr_977)
-(typeattributeset base_typeattr_977 (and (domain ) (not (init system_server ueventd vendor_init ))))
+(typeattributeset base_typeattr_977 (and (domain ) (not (dumpstate init tombstoned vendor_init ))))
 (typeattribute base_typeattr_976)
-(typeattributeset base_typeattr_976 (and (dev_type ) (not (vd_device frp_block_device ))))
+(typeattributeset base_typeattr_976 (and (domain ) (not (system_suspend_server ))))
 (typeattribute base_typeattr_975)
-(typeattributeset base_typeattr_975 (and (dev_type ) (not (frp_block_device ))))
+(typeattributeset base_typeattr_975 (and (domain ) (not (system_suspend_internal_server atrace dumpstate system_server traced_probes traceur_app ))))
 (typeattribute base_typeattr_974)
-(typeattributeset base_typeattr_974 (and (domain ) (not (flags_health_check init system_server ))))
+(typeattributeset base_typeattr_974 (and (domain ) (not (system_suspend_internal_server ))))
 (typeattribute base_typeattr_973)
-(typeattributeset base_typeattr_973 (and (domain ) (not (app_zygote init system_server webview_zygote zygote ))))
+(typeattributeset base_typeattr_973 (and (domain ) (not (atrace bluetooth dumpstate system_server traceur_app system_suspend ))))
 (typeattribute base_typeattr_972)
-(typeattributeset base_typeattr_972 (and (domain ) (not (crash_dump init system_server ))))
+(typeattributeset base_typeattr_972 (and (domain ) (not (system_suspend ))))
 (typeattribute base_typeattr_971)
-(typeattributeset base_typeattr_971 (and (domain ) (not (crash_dump perfetto clatd trace_redactor ))))
+(typeattributeset base_typeattr_971 (and (domain ) (not (init shell system_server vendor_init ))))
 (typeattribute base_typeattr_970)
-(typeattributeset base_typeattr_970 (and (file_type ) (not (logcat_exec toolbox_exec pbtombstone_exec ))))
+(typeattributeset base_typeattr_970 (and (domain ) (not (init system_server ueventd vendor_init ))))
 (typeattribute base_typeattr_969)
-(typeattributeset base_typeattr_969 (and (app_data_file_type ) (not (radio_data_file system_app_data_file ))))
+(typeattributeset base_typeattr_969 (and (dev_type ) (not (vd_device frp_block_device ))))
 (typeattribute base_typeattr_968)
-(typeattributeset base_typeattr_968 (and (domain ) (not (init system_app ))))
+(typeattributeset base_typeattr_968 (and (dev_type ) (not (frp_block_device ))))
 (typeattribute base_typeattr_967)
-(typeattributeset base_typeattr_967 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service dumpstate_service installd_service lpdump_service mdns_service netd_service system_suspend_control_internal_service system_suspend_control_service virtual_touchpad_service vold_service tracingproxy_service ))))
+(typeattributeset base_typeattr_967 (and (domain ) (not (flags_health_check init system_server ))))
 (typeattribute base_typeattr_966)
-(typeattributeset base_typeattr_966 (and (domain ) (not (crash_dump runas_app simpleperf system_app ))))
+(typeattributeset base_typeattr_966 (and (domain ) (not (app_zygote init system_server webview_zygote zygote ))))
 (typeattribute base_typeattr_965)
-(typeattributeset base_typeattr_965 (and (appdomain ) (not (runas_app shell simpleperf system_app ))))
+(typeattributeset base_typeattr_965 (and (domain ) (not (crash_dump init system_server ))))
 (typeattribute base_typeattr_964)
-(typeattributeset base_typeattr_964 (and (system_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_964 (and (domain ) (not (crash_dump perfetto clatd trace_redactor ))))
 (typeattribute base_typeattr_963)
-(typeattributeset base_typeattr_963 (and (domain ) (not (system_app ))))
+(typeattributeset base_typeattr_963 (and (file_type ) (not (logcat_exec toolbox_exec pbtombstone_exec ))))
 (typeattribute base_typeattr_962)
-(typeattributeset base_typeattr_962 (and (domain ) (not (surfaceflinger ))))
+(typeattributeset base_typeattr_962 (and (app_data_file_type ) (not (radio_data_file system_app_data_file ))))
 (typeattribute base_typeattr_961)
-(typeattributeset base_typeattr_961 (and (domain ) (not (storaged ))))
+(typeattributeset base_typeattr_961 (and (domain ) (not (init system_app ))))
 (typeattribute base_typeattr_960)
-(typeattributeset base_typeattr_960 (and (domain ) (not (init statsd system_server vold ))))
+(typeattributeset base_typeattr_960 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service dumpstate_service installd_service lpdump_service mdns_service netd_service system_suspend_control_internal_service system_suspend_control_service virtual_touchpad_service vold_service tracingproxy_service ))))
 (typeattribute base_typeattr_959)
-(typeattributeset base_typeattr_959 (and (domain ) (not (init statsd vold ))))
+(typeattributeset base_typeattr_959 (and (domain ) (not (crash_dump runas_app simpleperf system_app ))))
 (typeattribute base_typeattr_958)
-(typeattributeset base_typeattr_958 (and (domain ) (not (stats_service_server ))))
+(typeattributeset base_typeattr_958 (and (appdomain ) (not (runas_app shell simpleperf system_app ))))
 (typeattribute base_typeattr_957)
-(typeattributeset base_typeattr_957 (and (domain ) (not (statsd ))))
+(typeattributeset base_typeattr_957 (and (system_app ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_956)
-(typeattributeset base_typeattr_956 (and (domain ) (not (fastbootd init recovery shell update_engine snapshotctl ))))
+(typeattributeset base_typeattr_956 (and (domain ) (not (system_app ))))
 (typeattribute base_typeattr_955)
-(typeattributeset base_typeattr_955 (and (domain ) (not (snapuserd ))))
+(typeattributeset base_typeattr_955 (and (domain ) (not (surfaceflinger ))))
 (typeattribute base_typeattr_954)
-(typeattributeset base_typeattr_954 (and (domain ) (not (init snapuserd ))))
+(typeattributeset base_typeattr_954 (and (domain ) (not (storaged ))))
 (typeattribute base_typeattr_953)
-(typeattributeset base_typeattr_953 (and (domain ) (not (crash_dump llkd ))))
+(typeattributeset base_typeattr_953 (and (domain ) (not (init statsd system_server vold ))))
 (typeattribute base_typeattr_952)
-(typeattributeset base_typeattr_952 (and (simpleperf ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_952 (and (domain ) (not (init statsd vold ))))
 (typeattribute base_typeattr_951)
-(typeattributeset base_typeattr_951 (and (domain ) (not (simpleperf ))))
+(typeattributeset base_typeattr_951 (and (domain ) (not (stats_service_server ))))
 (typeattribute base_typeattr_950)
-(typeattributeset base_typeattr_950 (and (domain ) (not (dumpstate init shell ))))
+(typeattributeset base_typeattr_950 (and (domain ) (not (statsd ))))
 (typeattribute base_typeattr_949)
-(typeattributeset base_typeattr_949 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service gatekeeper_service incident_service installd_service mdns_service netd_service system_suspend_control_internal_service system_suspend_control_service virtualization_service virtual_touchpad_service vold_service hal_keymint_service hal_secureclock_service hal_sharedsecret_service ))))
+(typeattributeset base_typeattr_949 (and (domain ) (not (fastbootd init recovery shell update_engine snapshotctl ))))
 (typeattribute base_typeattr_948)
-(typeattributeset base_typeattr_948 (and (domain ) (not (crash_dump runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_948 (and (domain ) (not (snapuserd ))))
 (typeattribute base_typeattr_947)
-(typeattributeset base_typeattr_947 (and (shell ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_947 (and (domain ) (not (init snapuserd ))))
 (typeattribute base_typeattr_946)
-(typeattributeset base_typeattr_946 (and (domain ) (not (shell ))))
+(typeattributeset base_typeattr_946 (and (domain ) (not (crash_dump llkd ))))
 (typeattribute base_typeattr_945)
-(typeattributeset base_typeattr_945 (and (domain ) (not (crash_dump runas_app shared_relro simpleperf ))))
+(typeattributeset base_typeattr_945 (and (simpleperf ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_944)
-(typeattributeset base_typeattr_944 (and (appdomain ) (not (runas_app shared_relro shell simpleperf ))))
+(typeattributeset base_typeattr_944 (and (domain ) (not (simpleperf ))))
 (typeattribute base_typeattr_943)
-(typeattributeset base_typeattr_943 (and (shared_relro ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_943 (and (domain ) (not (dumpstate init shell ))))
 (typeattribute base_typeattr_942)
-(typeattributeset base_typeattr_942 (and (domain ) (not (shared_relro ))))
+(typeattributeset base_typeattr_942 (and (service_manager_type ) (not (apex_service default_android_service dnsresolver_service gatekeeper_service incident_service installd_service mdns_service netd_service system_suspend_control_internal_service system_suspend_control_service virtualization_service virtual_touchpad_service vold_service hal_keymint_service hal_secureclock_service hal_sharedsecret_service ))))
 (typeattribute base_typeattr_941)
-(typeattributeset base_typeattr_941 (and (fs_type file_type ) (not (sgdisk_exec ))))
+(typeattributeset base_typeattr_941 (and (domain ) (not (crash_dump runas_app shell simpleperf ))))
 (typeattribute base_typeattr_940)
-(typeattributeset base_typeattr_940 (and (domain ) (not (servicemanager ))))
+(typeattributeset base_typeattr_940 (and (shell ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_939)
-(typeattributeset base_typeattr_939 (and (domain ) (not (hwservicemanager init vendor_init vndservicemanager ))))
+(typeattributeset base_typeattr_939 (and (domain ) (not (shell ))))
 (typeattribute base_typeattr_938)
-(typeattributeset base_typeattr_938 (not (service_manager_type vndservice_manager_type ) ))
+(typeattributeset base_typeattr_938 (and (domain ) (not (crash_dump runas_app shared_relro simpleperf ))))
 (typeattribute base_typeattr_937)
-(typeattributeset base_typeattr_937 (and (domain ) (not (sensor_service_server ))))
+(typeattributeset base_typeattr_937 (and (appdomain ) (not (runas_app shared_relro shell simpleperf ))))
 (typeattribute base_typeattr_936)
-(typeattributeset base_typeattr_936 (and (domain ) (not (crash_dump runas_app secure_element simpleperf ))))
+(typeattributeset base_typeattr_936 (and (shared_relro ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_935)
-(typeattributeset base_typeattr_935 (and (appdomain ) (not (runas_app secure_element shell simpleperf ))))
+(typeattributeset base_typeattr_935 (and (domain ) (not (shared_relro ))))
 (typeattribute base_typeattr_934)
-(typeattributeset base_typeattr_934 (and (secure_element ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_934 (and (fs_type file_type ) (not (sgdisk_exec ))))
 (typeattribute base_typeattr_933)
-(typeattributeset base_typeattr_933 (and (domain ) (not (secure_element ))))
+(typeattributeset base_typeattr_933 (and (domain ) (not (servicemanager ))))
 (typeattribute base_typeattr_932)
-(typeattributeset base_typeattr_932 (and (domain ) (not (crash_dump runas_app simpleperf sdk_sandbox_next ))))
+(typeattributeset base_typeattr_932 (and (domain ) (not (hwservicemanager init vendor_init vndservicemanager ))))
 (typeattribute base_typeattr_931)
-(typeattributeset base_typeattr_931 (and (appdomain ) (not (runas_app shell simpleperf sdk_sandbox_next ))))
+(typeattributeset base_typeattr_931 (not (service_manager_type vndservice_manager_type ) ))
 (typeattribute base_typeattr_930)
-(typeattributeset base_typeattr_930 (and (sdk_sandbox_next ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_930 (and (domain ) (not (sensor_service_server ))))
 (typeattribute base_typeattr_929)
-(typeattributeset base_typeattr_929 (and (domain ) (not (sdk_sandbox_next ))))
+(typeattributeset base_typeattr_929 (and (domain ) (not (crash_dump runas_app secure_element simpleperf ))))
 (typeattribute base_typeattr_928)
-(typeattributeset base_typeattr_928 (and (property_type ) (not (system_property_type ))))
+(typeattributeset base_typeattr_928 (and (appdomain ) (not (runas_app secure_element shell simpleperf ))))
 (typeattribute base_typeattr_927)
-(typeattributeset base_typeattr_927 (and (domain ) (not (crash_dump runas_app simpleperf sdk_sandbox_audit ))))
+(typeattributeset base_typeattr_927 (and (secure_element ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_926)
-(typeattributeset base_typeattr_926 (and (appdomain ) (not (runas_app shell simpleperf sdk_sandbox_audit ))))
+(typeattributeset base_typeattr_926 (and (domain ) (not (secure_element ))))
 (typeattribute base_typeattr_925)
-(typeattributeset base_typeattr_925 (and (sdk_sandbox_audit ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_925 (and (domain ) (not (crash_dump runas_app simpleperf sdk_sandbox_next ))))
 (typeattribute base_typeattr_924)
-(typeattributeset base_typeattr_924 (and (domain ) (not (sdk_sandbox_audit ))))
+(typeattributeset base_typeattr_924 (and (appdomain ) (not (runas_app shell simpleperf sdk_sandbox_next ))))
 (typeattribute base_typeattr_923)
-(typeattributeset base_typeattr_923 (and (domain ) (not (adbd sdk_sandbox_all ))))
+(typeattributeset base_typeattr_923 (and (sdk_sandbox_next ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_922)
-(typeattributeset base_typeattr_922 (and (domain ) (not (adbd heapprofd logd netd prng_seeder tombstoned traced traced_perf sdk_sandbox_all ))))
+(typeattributeset base_typeattr_922 (and (domain ) (not (sdk_sandbox_next ))))
 (typeattribute base_typeattr_921)
-(typeattributeset base_typeattr_921 (and (domain ) (not (init installd system_server vold_prepare_subdirs zygote sdk_sandbox_all ))))
+(typeattributeset base_typeattr_921 (and (property_type ) (not (system_property_type ))))
 (typeattribute base_typeattr_920)
-(typeattributeset base_typeattr_920 (and (domain ) (not (init installd system_server vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_920 (and (domain ) (not (crash_dump runas_app simpleperf sdk_sandbox_audit ))))
 (typeattribute base_typeattr_919)
-(typeattributeset base_typeattr_919 (and (app_data_file_type ) (not (shell_data_file radio_data_file sdk_sandbox_data_file ))))
+(typeattributeset base_typeattr_919 (and (appdomain ) (not (runas_app shell simpleperf sdk_sandbox_audit ))))
 (typeattribute base_typeattr_918)
-(typeattributeset base_typeattr_918 (and (domain ) (not (crash_dump runas_app simpleperf sdk_sandbox_34 ))))
+(typeattributeset base_typeattr_918 (and (sdk_sandbox_audit ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_917)
-(typeattributeset base_typeattr_917 (and (appdomain ) (not (runas_app shell simpleperf sdk_sandbox_34 ))))
+(typeattributeset base_typeattr_917 (and (domain ) (not (sdk_sandbox_audit ))))
 (typeattribute base_typeattr_916)
-(typeattributeset base_typeattr_916 (and (sdk_sandbox_34 ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_916 (and (domain ) (not (adbd sdk_sandbox_all ))))
 (typeattribute base_typeattr_915)
-(typeattributeset base_typeattr_915 (and (domain ) (not (sdk_sandbox_34 ))))
+(typeattributeset base_typeattr_915 (and (domain ) (not (adbd heapprofd logd netd prng_seeder tombstoned traced traced_perf sdk_sandbox_all ))))
 (typeattribute base_typeattr_914)
-(typeattributeset base_typeattr_914 (and (domain ) (not (scheduler_service_server ))))
+(typeattributeset base_typeattr_914 (and (domain ) (not (init installd system_server vold_prepare_subdirs zygote sdk_sandbox_all ))))
 (typeattribute base_typeattr_913)
-(typeattributeset base_typeattr_913 (and (domain ) (not (crash_dump runas_app simpleperf ))))
+(typeattributeset base_typeattr_913 (and (domain ) (not (init installd system_server vold_prepare_subdirs ))))
 (typeattribute base_typeattr_912)
-(typeattributeset base_typeattr_912 (and (appdomain ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_912 (and (app_data_file_type ) (not (shell_data_file radio_data_file sdk_sandbox_data_file ))))
 (typeattribute base_typeattr_911)
-(typeattributeset base_typeattr_911 (and (runas_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_911 (and (domain ) (not (crash_dump runas_app simpleperf sdk_sandbox_34 ))))
 (typeattribute base_typeattr_910)
-(typeattributeset base_typeattr_910 (and (domain ) (not (runas_app ))))
+(typeattributeset base_typeattr_910 (and (appdomain ) (not (runas_app shell simpleperf sdk_sandbox_34 ))))
 (typeattribute base_typeattr_909)
-(typeattributeset base_typeattr_909 (and (appdomain ) (not (system_app ))))
+(typeattributeset base_typeattr_909 (and (sdk_sandbox_34 ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_908)
-(typeattributeset base_typeattr_908 (and (domain ) (not (crash_dump rkpdapp runas_app simpleperf ))))
+(typeattributeset base_typeattr_908 (and (domain ) (not (sdk_sandbox_34 ))))
 (typeattribute base_typeattr_907)
-(typeattributeset base_typeattr_907 (and (appdomain ) (not (rkpdapp runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_907 (and (domain ) (not (scheduler_service_server ))))
 (typeattribute base_typeattr_906)
-(typeattributeset base_typeattr_906 (and (rkpdapp ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_906 (and (domain ) (not (crash_dump runas_app simpleperf ))))
 (typeattribute base_typeattr_905)
-(typeattributeset base_typeattr_905 (and (domain ) (not (rkpdapp ))))
+(typeattributeset base_typeattr_905 (and (appdomain ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_904)
-(typeattributeset base_typeattr_904 (and (domain ) (not (rkpd ))))
+(typeattributeset base_typeattr_904 (and (runas_app ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_903)
-(typeattributeset base_typeattr_903 (and (domain ) (not (rkp_cert_processor ))))
+(typeattributeset base_typeattr_903 (and (domain ) (not (runas_app ))))
 (typeattribute base_typeattr_902)
-(typeattributeset base_typeattr_902 (and (domain ) (not (remote_provisioning_service_server ))))
+(typeattributeset base_typeattr_902 (and (appdomain ) (not (system_app ))))
 (typeattribute base_typeattr_901)
-(typeattributeset base_typeattr_901 (and (file_type ) (not (recovery_data_file ))))
+(typeattributeset base_typeattr_901 (and (domain ) (not (crash_dump rkpdapp runas_app simpleperf ))))
 (typeattribute base_typeattr_900)
-(typeattributeset base_typeattr_900 (and (data_file_type ) (not (cache_file cache_recovery_file ))))
+(typeattributeset base_typeattr_900 (and (appdomain ) (not (rkpdapp runas_app shell simpleperf ))))
 (typeattribute base_typeattr_899)
-(typeattributeset base_typeattr_899 (and (domain ) (not (init radio ))))
+(typeattributeset base_typeattr_899 (and (rkpdapp ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_898)
-(typeattributeset base_typeattr_898 (and (domain ) (not (crash_dump radio runas_app simpleperf ))))
+(typeattributeset base_typeattr_898 (and (domain ) (not (rkpdapp ))))
 (typeattribute base_typeattr_897)
-(typeattributeset base_typeattr_897 (and (appdomain ) (not (radio runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_897 (and (domain ) (not (rkpd ))))
 (typeattribute base_typeattr_896)
-(typeattributeset base_typeattr_896 (and (radio ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_896 (and (domain ) (not (rkp_cert_processor ))))
 (typeattribute base_typeattr_895)
-(typeattributeset base_typeattr_895 (and (domain ) (not (radio ))))
+(typeattributeset base_typeattr_895 (and (domain ) (not (remote_provisioning_service_server ))))
 (typeattribute base_typeattr_894)
-(typeattributeset base_typeattr_894 (and (appdomain ) (not (system_app device_as_webcam ))))
+(typeattributeset base_typeattr_894 (and (file_type ) (not (recovery_data_file ))))
 (typeattribute base_typeattr_893)
-(typeattributeset base_typeattr_893 (and (domain ) (not (dumpstate init profcollectd ))))
+(typeattributeset base_typeattr_893 (and (data_file_type ) (not (cache_file cache_recovery_file ))))
 (typeattribute base_typeattr_892)
-(typeattributeset base_typeattr_892 (and (domain ) (not (coredomain apexd dumpstate vendor_init ))))
+(typeattributeset base_typeattr_892 (and (domain ) (not (init radio ))))
 (typeattribute base_typeattr_891)
-(typeattributeset base_typeattr_891 (and (domain ) (not (coredomain apexd dumpstate init ))))
+(typeattributeset base_typeattr_891 (and (domain ) (not (crash_dump radio runas_app simpleperf ))))
 (typeattribute base_typeattr_890)
-(typeattributeset base_typeattr_890 (and (domain ) (not (init keystore rkpdapp shell system_server ))))
+(typeattributeset base_typeattr_890 (and (appdomain ) (not (radio runas_app shell simpleperf ))))
 (typeattribute base_typeattr_889)
-(typeattributeset base_typeattr_889 (and (domain ) (not (hal_dumpstate_server dumpstate init ))))
+(typeattributeset base_typeattr_889 (and (radio ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_888)
-(typeattributeset base_typeattr_888 (and (domain ) (not (appdomain dumpstate init vendor_init ))))
+(typeattributeset base_typeattr_888 (and (domain ) (not (radio ))))
 (typeattribute base_typeattr_887)
-(typeattributeset base_typeattr_887 (and (domain ) (not (dumpstate init system_app vendor_init ))))
+(typeattributeset base_typeattr_887 (and (appdomain ) (not (system_app device_as_webcam ))))
 (typeattribute base_typeattr_886)
-(typeattributeset base_typeattr_886 (and (domain ) (not (init surfaceflinger ))))
+(typeattributeset base_typeattr_886 (and (domain ) (not (dumpstate init profcollectd ))))
 (typeattribute base_typeattr_885)
-(typeattributeset base_typeattr_885 (and (domain ) (not (appdomain hal_telephony_server init radio ))))
+(typeattributeset base_typeattr_885 (and (domain ) (not (coredomain apexd dumpstate vendor_init ))))
 (typeattribute base_typeattr_884)
-(typeattributeset base_typeattr_884 (and (domain ) (not (init shell kcmdlinectrl ))))
+(typeattributeset base_typeattr_884 (and (domain ) (not (coredomain apexd dumpstate init ))))
 (typeattribute base_typeattr_883)
-(typeattributeset base_typeattr_883 (and (domain ) (not (init shell system_app system_server mtectrl ))))
+(typeattributeset base_typeattr_883 (and (domain ) (not (init keystore rkpdapp shell system_server ))))
 (typeattribute base_typeattr_882)
-(typeattributeset base_typeattr_882 (and (domain ) (not (adbd init adbd_tradeinmode ))))
+(typeattributeset base_typeattr_882 (and (domain ) (not (hal_dumpstate_server dumpstate init ))))
 (typeattribute base_typeattr_881)
-(typeattributeset base_typeattr_881 (and (domain ) (not (adbd init system_server vendor_init adbd_tradeinmode ))))
+(typeattributeset base_typeattr_881 (and (domain ) (not (appdomain dumpstate init vendor_init ))))
 (typeattribute base_typeattr_880)
-(typeattributeset base_typeattr_880 (and (property_type ) (not (extended_core_property_type system_property_type ))))
+(typeattributeset base_typeattr_880 (and (domain ) (not (dumpstate init system_app vendor_init ))))
 (typeattribute base_typeattr_879)
-(typeattributeset base_typeattr_879 (and (coredomain ) (not (system_writes_vendor_properties_violators init ))))
+(typeattributeset base_typeattr_879 (and (domain ) (not (init surfaceflinger ))))
 (typeattribute base_typeattr_878)
-(typeattributeset base_typeattr_878 (and (domain ) (not (appdomain coredomain hal_power_server vendor_init ))))
+(typeattributeset base_typeattr_878 (and (domain ) (not (appdomain hal_telephony_server init radio ))))
 (typeattribute base_typeattr_877)
-(typeattributeset base_typeattr_877 (and (core_property_type extended_core_property_type dalvik_config_prop_type exported3_system_prop systemsound_config_prop ) (not (dalvik_dynamic_config_prop debug_prop logd_prop nfc_prop powerctl_prop radio_prop ))))
+(typeattributeset base_typeattr_877 (and (domain ) (not (init shell kcmdlinectrl ))))
 (typeattribute base_typeattr_876)
-(typeattributeset base_typeattr_876 (and (domain ) (not (hal_wifi_server dumpstate init vendor_init wificond ))))
+(typeattributeset base_typeattr_876 (and (domain ) (not (init shell system_app system_server mtectrl ))))
 (typeattribute base_typeattr_875)
-(typeattributeset base_typeattr_875 (and (domain ) (not (coredomain hal_wifi_server wificond ))))
+(typeattributeset base_typeattr_875 (and (domain ) (not (adbd init adbd_tradeinmode ))))
 (typeattribute base_typeattr_874)
-(typeattributeset base_typeattr_874 (and (domain ) (not (coredomain hal_camera_server cameraserver vendor_init ))))
+(typeattributeset base_typeattr_874 (and (domain ) (not (adbd init system_server vendor_init adbd_tradeinmode ))))
 (typeattribute base_typeattr_873)
-(typeattributeset base_typeattr_873 (and (domain ) (not (coredomain hal_bluetooth_server bluetooth vendor_init ))))
+(typeattributeset base_typeattr_873 (and (property_type ) (not (extended_core_property_type system_property_type ))))
 (typeattribute base_typeattr_872)
-(typeattributeset base_typeattr_872 (and (domain ) (not (coredomain hal_bluetooth_server bluetooth ))))
+(typeattributeset base_typeattr_872 (and (coredomain ) (not (system_writes_vendor_properties_violators init ))))
 (typeattribute base_typeattr_871)
-(typeattributeset base_typeattr_871 (and (domain ) (not (appdomain coredomain hal_telephony_server ))))
+(typeattributeset base_typeattr_871 (and (domain ) (not (appdomain coredomain hal_power_server vendor_init ))))
 (typeattribute base_typeattr_870)
-(typeattributeset base_typeattr_870 (and (domain ) (not (appdomain coredomain hal_telephony_server vendor_init ))))
+(typeattributeset base_typeattr_870 (and (core_property_type extended_core_property_type dalvik_config_prop_type exported3_system_prop systemsound_config_prop ) (not (dalvik_dynamic_config_prop debug_prop logd_prop nfc_prop powerctl_prop radio_prop ))))
 (typeattribute base_typeattr_869)
-(typeattributeset base_typeattr_869 (and (domain ) (not (appdomain coredomain hal_nfc_server ))))
+(typeattributeset base_typeattr_869 (and (domain ) (not (hal_wifi_server dumpstate init vendor_init wificond ))))
 (typeattribute base_typeattr_868)
-(typeattributeset base_typeattr_868 (and (core_property_type extended_core_property_type exported3_system_prop exported_dumpstate_prop exported_config_prop exported_default_prop exported_system_prop usb_control_prop ) (not (nfc_prop powerctl_prop radio_prop ))))
+(typeattributeset base_typeattr_868 (and (domain ) (not (coredomain hal_wifi_server wificond ))))
 (typeattribute base_typeattr_867)
-(typeattributeset base_typeattr_867 (and (domain ) (not (appdomain coredomain vendor_init ))))
+(typeattributeset base_typeattr_867 (and (domain ) (not (coredomain hal_camera_server cameraserver vendor_init ))))
 (typeattribute base_typeattr_866)
-(typeattributeset base_typeattr_866 (and (domain ) (not (init misctrl ))))
+(typeattributeset base_typeattr_866 (and (domain ) (not (coredomain hal_bluetooth_server bluetooth vendor_init ))))
 (typeattribute base_typeattr_865)
-(typeattributeset base_typeattr_865 (and (domain ) (not (crash_dump dumpstate init statsd misctrl ))))
+(typeattributeset base_typeattr_865 (and (domain ) (not (coredomain hal_bluetooth_server bluetooth ))))
 (typeattribute base_typeattr_864)
-(typeattributeset base_typeattr_864 (and (domain ) (not (dumpstate init ))))
+(typeattributeset base_typeattr_864 (and (domain ) (not (appdomain coredomain hal_telephony_server ))))
 (typeattribute base_typeattr_863)
-(typeattributeset base_typeattr_863 (and (domain ) (not (extra_free_kbytes init ))))
+(typeattributeset base_typeattr_863 (and (domain ) (not (appdomain coredomain hal_telephony_server vendor_init ))))
 (typeattribute base_typeattr_862)
-(typeattributeset base_typeattr_862 (and (core_property_type ) (not (fingerprint_prop restorecon_prop usb_prop config_prop cppreopt_prop dalvik_prop debuggerd_prop dhcp_prop dumpstate_prop net_radio_prop pan_result_prop persist_debug_prop shell_prop vold_prop audio_prop debug_prop logd_prop nfc_prop ota_prop powerctl_prop radio_prop system_prop ))))
+(typeattributeset base_typeattr_862 (and (domain ) (not (appdomain coredomain hal_nfc_server ))))
 (typeattribute base_typeattr_861)
-(typeattributeset base_typeattr_861 (and (vendor_property_type ) (not (vendor_public_property_type ))))
+(typeattributeset base_typeattr_861 (and (core_property_type extended_core_property_type exported3_system_prop exported_dumpstate_prop exported_config_prop exported_default_prop exported_system_prop usb_control_prop ) (not (nfc_prop powerctl_prop radio_prop ))))
 (typeattribute base_typeattr_860)
-(typeattributeset base_typeattr_860 (and (vendor_property_type vendor_internal_property_type ) (not (vendor_restricted_property_type vendor_public_property_type ))))
+(typeattributeset base_typeattr_860 (and (domain ) (not (appdomain coredomain vendor_init ))))
 (typeattribute base_typeattr_859)
-(typeattributeset base_typeattr_859 (and (system_property_type ) (not (system_public_property_type ))))
+(typeattributeset base_typeattr_859 (and (domain ) (not (init misctrl ))))
 (typeattribute base_typeattr_858)
-(typeattributeset base_typeattr_858 (and (system_property_type system_internal_property_type ) (not (system_restricted_property_type system_public_property_type ))))
+(typeattributeset base_typeattr_858 (and (domain ) (not (crash_dump dumpstate init statsd misctrl ))))
 (typeattribute base_typeattr_857)
-(typeattributeset base_typeattr_857 (and (property_type ) (not (system_property_type vendor_property_type ))))
+(typeattributeset base_typeattr_857 (and (domain ) (not (dumpstate init ))))
 (typeattribute base_typeattr_856)
-(typeattributeset base_typeattr_856 (and (app_data_file_type ) (not (privapp_data_file ))))
+(typeattributeset base_typeattr_856 (and (domain ) (not (extra_free_kbytes init ))))
 (typeattribute base_typeattr_855)
-(typeattributeset base_typeattr_855 (and (domain ) (not (crash_dump priv_app runas_app simpleperf ))))
+(typeattributeset base_typeattr_855 (and (core_property_type ) (not (fingerprint_prop restorecon_prop usb_prop config_prop cppreopt_prop dalvik_prop debuggerd_prop dhcp_prop dumpstate_prop net_radio_prop pan_result_prop persist_debug_prop shell_prop vold_prop audio_prop debug_prop logd_prop nfc_prop ota_prop powerctl_prop radio_prop system_prop ))))
 (typeattribute base_typeattr_854)
-(typeattributeset base_typeattr_854 (and (appdomain ) (not (priv_app runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_854 (and (vendor_property_type ) (not (vendor_public_property_type ))))
 (typeattribute base_typeattr_853)
-(typeattributeset base_typeattr_853 (and (priv_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_853 (and (vendor_property_type vendor_internal_property_type ) (not (vendor_restricted_property_type vendor_public_property_type ))))
 (typeattribute base_typeattr_852)
-(typeattributeset base_typeattr_852 (and (domain ) (not (priv_app ))))
+(typeattributeset base_typeattr_852 (and (system_property_type ) (not (system_public_property_type ))))
 (typeattribute base_typeattr_851)
-(typeattributeset base_typeattr_851 (and (domain ) (not (init shell ))))
+(typeattributeset base_typeattr_851 (and (system_property_type system_internal_property_type ) (not (system_restricted_property_type system_public_property_type ))))
 (typeattribute base_typeattr_850)
-(typeattributeset base_typeattr_850 (and (domain ) (not (recovery update_engine ))))
+(typeattributeset base_typeattr_850 (and (property_type ) (not (system_property_type vendor_property_type ))))
 (typeattribute base_typeattr_849)
-(typeattributeset base_typeattr_849 (and (domain ) (not (crash_dump platform_app runas_app simpleperf ))))
+(typeattributeset base_typeattr_849 (and (app_data_file_type ) (not (privapp_data_file ))))
 (typeattribute base_typeattr_848)
-(typeattributeset base_typeattr_848 (and (appdomain ) (not (platform_app runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_848 (and (domain ) (not (crash_dump priv_app runas_app simpleperf ))))
 (typeattribute base_typeattr_847)
-(typeattributeset base_typeattr_847 (and (platform_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_847 (and (appdomain ) (not (priv_app runas_app shell simpleperf ))))
 (typeattribute base_typeattr_846)
-(typeattributeset base_typeattr_846 (and (domain ) (not (platform_app ))))
+(typeattributeset base_typeattr_846 (and (priv_app ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_845)
-(typeattributeset base_typeattr_845 (and (domain ) (not (crash_dump runas_app simpleperf permissioncontroller_app ))))
+(typeattributeset base_typeattr_845 (and (domain ) (not (priv_app ))))
 (typeattribute base_typeattr_844)
-(typeattributeset base_typeattr_844 (and (appdomain ) (not (runas_app shell simpleperf permissioncontroller_app ))))
+(typeattributeset base_typeattr_844 (and (domain ) (not (init shell ))))
 (typeattribute base_typeattr_843)
-(typeattributeset base_typeattr_843 (and (permissioncontroller_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_843 (and (domain ) (not (recovery update_engine ))))
 (typeattribute base_typeattr_842)
-(typeattributeset base_typeattr_842 (and (domain ) (not (permissioncontroller_app ))))
+(typeattributeset base_typeattr_842 (and (domain ) (not (crash_dump platform_app runas_app simpleperf ))))
 (typeattribute base_typeattr_841)
-(typeattributeset base_typeattr_841 (and (domain ) (not (performanced ))))
+(typeattributeset base_typeattr_841 (and (appdomain ) (not (platform_app runas_app shell simpleperf ))))
 (typeattribute base_typeattr_840)
-(typeattributeset base_typeattr_840 (and (data_file_type ) (not (perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file ))))
+(typeattributeset base_typeattr_840 (and (platform_app ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_839)
-(typeattributeset base_typeattr_839 (and (system_data_file ) (not (perfetto_traces_data_file perfetto_traces_profiling_data_file ))))
+(typeattributeset base_typeattr_839 (and (domain ) (not (platform_app ))))
 (typeattribute base_typeattr_838)
-(typeattributeset base_typeattr_838 (and (data_file_type ) (not (system_data_root_file system_data_file system_userdir_file vendor_data_file vendor_userdir_file media_userdir_file perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file ))))
+(typeattributeset base_typeattr_838 (and (domain ) (not (crash_dump runas_app simpleperf permissioncontroller_app ))))
 (typeattribute base_typeattr_837)
-(typeattributeset base_typeattr_837 (and (domain ) (not (adbd incidentd init perfetto shell traced trace_redactor ))))
+(typeattributeset base_typeattr_837 (and (appdomain ) (not (runas_app shell simpleperf permissioncontroller_app ))))
 (typeattribute base_typeattr_836)
-(typeattributeset base_typeattr_836 (and (domain ) (not (adbd dumpstate incidentd init perfetto priv_app shell system_server traced trace_redactor ))))
+(typeattributeset base_typeattr_836 (and (permissioncontroller_app ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_835)
-(typeattributeset base_typeattr_835 (and (domain ) (not (init vendor_init ot_daemon ))))
+(typeattributeset base_typeattr_835 (and (domain ) (not (permissioncontroller_app ))))
 (typeattribute base_typeattr_834)
-(typeattributeset base_typeattr_834 (and (domain ) (not (ot_daemon ))))
+(typeattributeset base_typeattr_834 (and (domain ) (not (performanced ))))
 (typeattribute base_typeattr_833)
-(typeattributeset base_typeattr_833 (and (domain ) (not (init odsign ))))
+(typeattributeset base_typeattr_833 (and (data_file_type ) (not (perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file ))))
 (typeattribute base_typeattr_832)
-(typeattributeset base_typeattr_832 (and (domain ) (not (init system_server odrefresh ))))
+(typeattributeset base_typeattr_832 (and (system_data_file ) (not (perfetto_traces_data_file perfetto_traces_profiling_data_file ))))
 (typeattribute base_typeattr_831)
-(typeattributeset base_typeattr_831 (and (domain ) (not (artd init system_server odrefresh ))))
+(typeattributeset base_typeattr_831 (and (data_file_type ) (not (system_data_root_file system_data_file system_userdir_file vendor_data_file vendor_userdir_file media_userdir_file perfetto_traces_data_file perfetto_traces_bugreport_data_file perfetto_traces_profiling_data_file perfetto_configs_data_file ))))
 (typeattribute base_typeattr_830)
-(typeattributeset base_typeattr_830 (and (domain ) (not (init compos_fd_server odrefresh ))))
+(typeattributeset base_typeattr_830 (and (domain ) (not (adbd incidentd init perfetto shell traced trace_redactor ))))
 (typeattribute base_typeattr_829)
-(typeattributeset base_typeattr_829 (and (domain ) (not (odrefresh ))))
+(typeattributeset base_typeattr_829 (and (domain ) (not (adbd dumpstate incidentd init perfetto priv_app shell system_server traced trace_redactor ))))
 (typeattribute base_typeattr_828)
-(typeattributeset base_typeattr_828 (and (domain ) (not (crash_dump nfc runas_app simpleperf ))))
+(typeattributeset base_typeattr_828 (and (domain ) (not (init vendor_init ot_daemon ))))
 (typeattribute base_typeattr_827)
-(typeattributeset base_typeattr_827 (and (appdomain ) (not (nfc runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_827 (and (domain ) (not (ot_daemon ))))
 (typeattribute base_typeattr_826)
-(typeattributeset base_typeattr_826 (and (nfc ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_826 (and (domain ) (not (init odsign ))))
 (typeattribute base_typeattr_825)
-(typeattributeset base_typeattr_825 (and (domain ) (not (nfc ))))
+(typeattributeset base_typeattr_825 (and (domain ) (not (init system_server odrefresh ))))
 (typeattribute base_typeattr_824)
-(typeattributeset base_typeattr_824 (and (domain ) (not (crash_dump network_stack runas_app simpleperf ))))
+(typeattributeset base_typeattr_824 (and (domain ) (not (artd init system_server odrefresh ))))
 (typeattribute base_typeattr_823)
-(typeattributeset base_typeattr_823 (and (appdomain ) (not (network_stack runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_823 (and (domain ) (not (init compos_fd_server odrefresh ))))
 (typeattribute base_typeattr_822)
-(typeattributeset base_typeattr_822 (and (network_stack ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_822 (and (domain ) (not (odrefresh ))))
 (typeattribute base_typeattr_821)
-(typeattributeset base_typeattr_821 (and (domain ) (not (network_stack ))))
+(typeattributeset base_typeattr_821 (and (domain ) (not (crash_dump nfc runas_app simpleperf ))))
 (typeattribute base_typeattr_820)
-(typeattributeset base_typeattr_820 (and (domain ) (not (init netd ))))
+(typeattributeset base_typeattr_820 (and (appdomain ) (not (nfc runas_app shell simpleperf ))))
 (typeattribute base_typeattr_819)
-(typeattributeset base_typeattr_819 (and (domain ) (not (dumpstate init netd ))))
+(typeattributeset base_typeattr_819 (and (nfc ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_818)
-(typeattributeset base_typeattr_818 (and (domain ) (not (dumpstate netd netutils_wrapper network_stack system_server ))))
+(typeattributeset base_typeattr_818 (and (domain ) (not (nfc ))))
 (typeattribute base_typeattr_817)
-(typeattributeset base_typeattr_817 (and (domain ) (not (netd ))))
+(typeattributeset base_typeattr_817 (and (domain ) (not (crash_dump network_stack runas_app simpleperf ))))
 (typeattribute base_typeattr_816)
-(typeattributeset base_typeattr_816 (and (netdomain ) (not (untrusted_app_all ephemeral_app mediaprovider priv_app sdk_sandbox_all ))))
+(typeattributeset base_typeattr_816 (and (appdomain ) (not (network_stack runas_app shell simpleperf ))))
 (typeattribute base_typeattr_815)
-(typeattributeset base_typeattr_815 (and (netdomain ) (not (ephemeral_app sdk_sandbox_all ))))
+(typeattributeset base_typeattr_815 (and (network_stack ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_814)
-(typeattributeset base_typeattr_814 (and (domain ) (not (mmd ))))
+(typeattributeset base_typeattr_814 (and (domain ) (not (network_stack ))))
 (typeattribute base_typeattr_813)
-(typeattributeset base_typeattr_813 (and (mlstrustedsubject ) (not (adbd artd installd runas system_server vold vold_prepare_subdirs zygote ))))
+(typeattributeset base_typeattr_813 (and (domain ) (not (init netd ))))
 (typeattribute base_typeattr_812)
-(typeattributeset base_typeattr_812 (and (mlstrustedsubject ) (not (adbd artd installd runas system_server zygote ))))
+(typeattributeset base_typeattr_812 (and (domain ) (not (dumpstate init netd ))))
 (typeattribute base_typeattr_811)
-(typeattributeset base_typeattr_811 (and (mlstrustedsubject ) (not (artd installd vold vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_811 (and (domain ) (not (dumpstate netd netutils_wrapper network_stack system_server ))))
 (typeattribute base_typeattr_810)
-(typeattributeset base_typeattr_810 (and (mlstrustedsubject ) (not (artd installd ))))
+(typeattributeset base_typeattr_810 (and (domain ) (not (netd ))))
 (typeattribute base_typeattr_809)
-(typeattributeset base_typeattr_809 (and (domain ) (not (microfuchsiad ))))
+(typeattributeset base_typeattr_809 (and (netdomain ) (not (untrusted_app_all ephemeral_app mediaprovider priv_app sdk_sandbox_all ))))
 (typeattribute base_typeattr_808)
-(typeattributeset base_typeattr_808 (and (domain ) (not (mediatuner ))))
+(typeattributeset base_typeattr_808 (and (netdomain ) (not (ephemeral_app sdk_sandbox_all ))))
 (typeattribute base_typeattr_807)
-(typeattributeset base_typeattr_807 (and (domain ) (not (mediatranscoding ))))
+(typeattributeset base_typeattr_807 (and (domain ) (not (mmd ))))
 (typeattribute base_typeattr_806)
-(typeattributeset base_typeattr_806 (and (domain ) (not (mediaserver ))))
+(typeattributeset base_typeattr_806 (and (mlstrustedsubject ) (not (adbd artd installd runas system_server zygote ))))
 (typeattribute base_typeattr_805)
-(typeattributeset base_typeattr_805 (and (domain ) (not (crash_dump runas_app simpleperf mediaprovider_app ))))
+(typeattributeset base_typeattr_805 (and (mlstrustedsubject ) (not (artd installd ))))
 (typeattribute base_typeattr_804)
-(typeattributeset base_typeattr_804 (and (appdomain ) (not (runas_app shell simpleperf mediaprovider_app ))))
+(typeattributeset base_typeattr_804 (and (domain ) (not (mediatuner ))))
 (typeattribute base_typeattr_803)
-(typeattributeset base_typeattr_803 (and (mediaprovider_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_803 (and (domain ) (not (mediatranscoding ))))
 (typeattribute base_typeattr_802)
-(typeattributeset base_typeattr_802 (and (domain ) (not (mediaprovider_app ))))
+(typeattributeset base_typeattr_802 (and (domain ) (not (mediaserver ))))
 (typeattribute base_typeattr_801)
-(typeattributeset base_typeattr_801 (and (domain ) (not (crash_dump mediaprovider runas_app simpleperf ))))
+(typeattributeset base_typeattr_801 (and (domain ) (not (crash_dump runas_app simpleperf mediaprovider_app ))))
 (typeattribute base_typeattr_800)
-(typeattributeset base_typeattr_800 (and (appdomain ) (not (mediaprovider runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_800 (and (appdomain ) (not (runas_app shell simpleperf mediaprovider_app ))))
 (typeattribute base_typeattr_799)
-(typeattributeset base_typeattr_799 (and (mediaprovider ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_799 (and (mediaprovider_app ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_798)
-(typeattributeset base_typeattr_798 (and (domain ) (not (mediaprovider ))))
+(typeattributeset base_typeattr_798 (and (domain ) (not (mediaprovider_app ))))
 (typeattribute base_typeattr_797)
-(typeattributeset base_typeattr_797 (and (domain ) (not (mediametrics ))))
+(typeattributeset base_typeattr_797 (and (domain ) (not (crash_dump mediaprovider runas_app simpleperf ))))
 (typeattribute base_typeattr_796)
-(typeattributeset base_typeattr_796 (and (domain ) (not (mediaextractor ))))
+(typeattributeset base_typeattr_796 (and (appdomain ) (not (mediaprovider runas_app shell simpleperf ))))
 (typeattribute base_typeattr_795)
-(typeattributeset base_typeattr_795 (and (domain ) (not (mediadrmserver ))))
+(typeattributeset base_typeattr_795 (and (mediaprovider ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_794)
-(typeattributeset base_typeattr_794 (and (domain ) (not (dumpstate servicemanager shell lpdumpd ))))
+(typeattributeset base_typeattr_794 (and (domain ) (not (mediaprovider ))))
 (typeattribute base_typeattr_793)
-(typeattributeset base_typeattr_793 (and (domain ) (not (dumpstate shell lpdumpd ))))
+(typeattributeset base_typeattr_793 (and (domain ) (not (mediametrics ))))
 (typeattribute base_typeattr_792)
-(typeattributeset base_typeattr_792 (and (domain ) (not (lpdumpd ))))
+(typeattributeset base_typeattr_792 (and (domain ) (not (mediaextractor ))))
 (typeattribute base_typeattr_791)
-(typeattributeset base_typeattr_791 (and (domain ) (not (dumpstate incidentd init ))))
+(typeattributeset base_typeattr_791 (and (domain ) (not (mediadrmserver ))))
 (typeattribute base_typeattr_790)
-(typeattributeset base_typeattr_790 (and (domain ) (not (init logd ))))
+(typeattributeset base_typeattr_790 (and (domain ) (not (dumpstate servicemanager shell lpdumpd ))))
 (typeattribute base_typeattr_789)
-(typeattributeset base_typeattr_789 (and (app_data_file_type system_data_file packages_list_file ) (not (shell_data_file ))))
+(typeattributeset base_typeattr_789 (and (domain ) (not (dumpstate shell lpdumpd ))))
 (typeattribute base_typeattr_788)
-(typeattributeset base_typeattr_788 (and (domain ) (not (logd ))))
+(typeattributeset base_typeattr_788 (and (domain ) (not (lpdumpd ))))
 (typeattribute base_typeattr_787)
-(typeattributeset base_typeattr_787 (and (appdomain ) (not (bluetooth platform_app priv_app radio shell system_app ))))
+(typeattributeset base_typeattr_787 (and (domain ) (not (dumpstate incidentd init ))))
 (typeattribute base_typeattr_786)
-(typeattributeset base_typeattr_786 (and (domain ) (not (appdomain bootstat dumpstate init logd servicemanager surfaceflinger system_server zygote ))))
+(typeattributeset base_typeattr_786 (and (domain ) (not (init logd ))))
 (typeattribute base_typeattr_785)
-(typeattributeset base_typeattr_785 (and (file_type ) (not (runtime_event_log_tags_file shell_data_file ))))
+(typeattributeset base_typeattr_785 (and (app_data_file_type system_data_file packages_list_file ) (not (shell_data_file ))))
 (typeattribute base_typeattr_784)
-(typeattributeset base_typeattr_784 (and (domain ) (not (init lmkd vendor_init ))))
+(typeattributeset base_typeattr_784 (and (domain ) (not (logd ))))
 (typeattribute base_typeattr_783)
-(typeattributeset base_typeattr_783 (and (domain ) (not (init dexopt_chroot_setup linkerconfig otapreopt_chroot ))))
+(typeattributeset base_typeattr_783 (and (appdomain ) (not (bluetooth platform_app priv_app radio shell system_app ))))
 (typeattribute base_typeattr_782)
-(typeattributeset base_typeattr_782 (and (domain ) (not (init keystore ))))
+(typeattributeset base_typeattr_782 (and (domain ) (not (appdomain bootstat dumpstate init logd servicemanager surfaceflinger system_server zygote ))))
 (typeattribute base_typeattr_781)
-(typeattributeset base_typeattr_781 (and (domain ) (not (keystore ))))
+(typeattributeset base_typeattr_781 (and (file_type ) (not (runtime_event_log_tags_file shell_data_file ))))
 (typeattribute base_typeattr_780)
-(typeattributeset base_typeattr_780 (and (domain ) (not (crash_dump isolated_compute_app runas_app simpleperf ))))
+(typeattributeset base_typeattr_780 (and (domain ) (not (init lmkd vendor_init ))))
 (typeattribute base_typeattr_779)
-(typeattributeset base_typeattr_779 (and (appdomain ) (not (isolated_compute_app runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_779 (and (domain ) (not (init dexopt_chroot_setup linkerconfig otapreopt_chroot ))))
 (typeattribute base_typeattr_778)
-(typeattributeset base_typeattr_778 (and (isolated_compute_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_778 (and (domain ) (not (init keystore ))))
 (typeattribute base_typeattr_777)
-(typeattributeset base_typeattr_777 (and (domain ) (not (isolated_compute_app ))))
+(typeattributeset base_typeattr_777 (and (domain ) (not (keystore ))))
 (typeattribute base_typeattr_776)
-(typeattributeset base_typeattr_776 (and (sysfs_type ) (not (sysfs_transparent_hugepage sysfs_usb sysfs_fs_fuse_features sysfs_fs_incfs_features sysfs_devices_system_cpu sysfs_pgsize_migration ))))
+(typeattributeset base_typeattr_776 (and (domain ) (not (crash_dump isolated_compute_app runas_app simpleperf ))))
 (typeattribute base_typeattr_775)
-(typeattributeset base_typeattr_775 (and (service_manager_type ) (not (activity_service display_service webviewupdate_service ))))
+(typeattributeset base_typeattr_775 (and (appdomain ) (not (isolated_compute_app runas_app shell simpleperf ))))
 (typeattribute base_typeattr_774)
-(typeattributeset base_typeattr_774 (and (isolated_app_all ) (not (isolated_compute_app ))))
+(typeattributeset base_typeattr_774 (and (isolated_compute_app ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_773)
-(typeattributeset base_typeattr_773 (and (domain ) (not (crash_dump isolated_app runas_app simpleperf ))))
+(typeattributeset base_typeattr_773 (and (domain ) (not (isolated_compute_app ))))
 (typeattribute base_typeattr_772)
-(typeattributeset base_typeattr_772 (and (appdomain ) (not (isolated_app runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_772 (and (sysfs_type ) (not (sysfs_transparent_hugepage sysfs_usb sysfs_fs_fuse_features sysfs_fs_incfs_features sysfs_devices_system_cpu sysfs_pgsize_migration ))))
 (typeattribute base_typeattr_771)
-(typeattributeset base_typeattr_771 (and (isolated_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_771 (and (service_manager_type ) (not (activity_service display_service webviewupdate_service ))))
 (typeattribute base_typeattr_770)
-(typeattributeset base_typeattr_770 (and (domain ) (not (servicemanager system_server ))))
+(typeattributeset base_typeattr_770 (and (isolated_app_all ) (not (isolated_compute_app ))))
 (typeattribute base_typeattr_769)
-(typeattributeset base_typeattr_769 (and (domain ) (not (dumpstate servicemanager system_server ))))
+(typeattributeset base_typeattr_769 (and (domain ) (not (crash_dump isolated_app runas_app simpleperf ))))
 (typeattribute base_typeattr_768)
-(typeattributeset base_typeattr_768 (and (domain ) (not (dumpstate installd system_server ))))
+(typeattributeset base_typeattr_768 (and (appdomain ) (not (isolated_app runas_app shell simpleperf ))))
 (typeattribute base_typeattr_767)
-(typeattributeset base_typeattr_767 (and (domain ) (not (installd ))))
+(typeattributeset base_typeattr_767 (and (isolated_app ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_766)
-(typeattributeset base_typeattr_766 (and (domain ) (not (init toolbox vendor_init vold ))))
+(typeattributeset base_typeattr_766 (and (domain ) (not (servicemanager system_server ))))
 (typeattribute base_typeattr_765)
-(typeattributeset base_typeattr_765 (and (fs_type file_type ) (not (init_exec ))))
+(typeattributeset base_typeattr_765 (and (domain ) (not (dumpstate servicemanager system_server ))))
 (typeattribute base_typeattr_764)
-(typeattributeset base_typeattr_764 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type sdcard_type rootfs ))))
+(typeattributeset base_typeattr_764 (and (domain ) (not (dumpstate installd system_server ))))
 (typeattribute base_typeattr_763)
-(typeattributeset base_typeattr_763 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type proc_type sysfs_type debugfs_type sdcard_type keychord_device rootfs ))))
+(typeattributeset base_typeattr_763 (and (domain ) (not (installd ))))
 (typeattribute base_typeattr_762)
-(typeattributeset base_typeattr_762 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type app_data_file privapp_data_file vm_data_file storage_area_app_dir storage_area_dir storage_area_content_file ))))
+(typeattributeset base_typeattr_762 (and (domain ) (not (init toolbox vendor_init vold ))))
 (typeattribute base_typeattr_761)
-(typeattributeset base_typeattr_761 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type shell_data_file nativetest_data_file apex_mnt_dir credstore_data_file keystore_data_file vold_data_file gsi_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file storage_area_app_dir storage_area_dir storage_area_content_file ))))
+(typeattributeset base_typeattr_761 (and (fs_type file_type ) (not (init_exec ))))
 (typeattribute base_typeattr_760)
-(typeattributeset base_typeattr_760 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type shell_data_file nativetest_data_file credstore_data_file keystore_data_file vold_data_file gsi_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file storage_area_app_dir storage_area_dir storage_area_content_file ))))
+(typeattributeset base_typeattr_760 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type sdcard_type rootfs ))))
 (typeattribute base_typeattr_759)
-(typeattributeset base_typeattr_759 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type debugfs_type runtime_event_log_tags_file shell_data_file nativetest_data_file apex_info_file credstore_data_file keystore_data_file vold_data_file gsi_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file storage_area_app_dir storage_area_dir storage_area_content_file ))))
+(typeattributeset base_typeattr_759 (and (fs_type ) (not (bpffs_type contextmount_type fusefs_type proc_type sysfs_type debugfs_type sdcard_type keychord_device rootfs ))))
 (typeattribute base_typeattr_758)
-(typeattributeset base_typeattr_758 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type system_userdir_file vendor_userdir_file shell_data_file nativetest_data_file credstore_data_file keystore_data_file media_userdir_file vold_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file storage_area_app_dir storage_area_dir storage_area_content_file ))))
+(typeattributeset base_typeattr_758 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type app_data_file privapp_data_file vm_data_file ))))
 (typeattribute base_typeattr_757)
-(typeattributeset base_typeattr_757 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type nativetest_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file storage_area_app_dir storage_area_dir storage_area_content_file ))))
+(typeattributeset base_typeattr_757 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type shell_data_file nativetest_data_file apex_mnt_dir credstore_data_file keystore_data_file vold_data_file gsi_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file ))))
 (typeattribute base_typeattr_756)
-(typeattributeset base_typeattr_756 (and (fs_type ) (not (debugfs_type ))))
+(typeattributeset base_typeattr_756 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type shell_data_file nativetest_data_file credstore_data_file keystore_data_file vold_data_file gsi_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file ))))
 (typeattribute base_typeattr_755)
-(typeattributeset base_typeattr_755 (and (dev_type ) (not (vm_manager_device_type keychord_device hw_random_device port_device ))))
+(typeattributeset base_typeattr_755 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type debugfs_type runtime_event_log_tags_file shell_data_file nativetest_data_file apex_info_file credstore_data_file keystore_data_file vold_data_file gsi_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file ))))
 (typeattribute base_typeattr_754)
-(typeattributeset base_typeattr_754 (and (domain ) (not (incidentd init system_server vold ))))
+(typeattributeset base_typeattr_754 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type system_userdir_file vendor_userdir_file shell_data_file nativetest_data_file credstore_data_file keystore_data_file media_userdir_file vold_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file ))))
 (typeattribute base_typeattr_753)
-(typeattributeset base_typeattr_753 (and (domain ) (not (incidentd init vold ))))
+(typeattributeset base_typeattr_753 (and (file_type ) (not (bpffs_type exec_type system_file_type system_dlkm_file_type vendor_file_type nativetest_data_file app_data_file privapp_data_file system_app_data_file misc_logd_file vm_data_file ))))
 (typeattribute base_typeattr_752)
-(typeattributeset base_typeattr_752 (and (system_server_service app_api_service system_api_service ) (not (tracingproxy_service ))))
+(typeattributeset base_typeattr_752 (and (fs_type ) (not (debugfs_type ))))
 (typeattribute base_typeattr_751)
-(typeattributeset base_typeattr_751 (and (domain ) (not (incidentd ))))
+(typeattributeset base_typeattr_751 (and (dev_type ) (not (vm_manager_device_type keychord_device hw_random_device port_device ))))
 (typeattribute base_typeattr_750)
-(typeattributeset base_typeattr_750 (and (domain ) (not (incident_helper incidentd shell ))))
+(typeattributeset base_typeattr_750 (and (domain ) (not (incidentd init system_server vold ))))
 (typeattribute base_typeattr_749)
-(typeattributeset base_typeattr_749 (and (domain ) (not (dumpstate incident shell su ))))
+(typeattributeset base_typeattr_749 (and (domain ) (not (incidentd init vold ))))
 (typeattribute base_typeattr_748)
-(typeattributeset base_typeattr_748 (and (domain ) (not (idmap ))))
+(typeattributeset base_typeattr_748 (and (system_server_service app_api_service system_api_service ) (not (tracingproxy_service ))))
 (typeattribute base_typeattr_747)
-(typeattributeset base_typeattr_747 (and (domain ) (not (hwservicemanager ))))
+(typeattributeset base_typeattr_747 (and (domain ) (not (incidentd ))))
 (typeattribute base_typeattr_746)
-(typeattributeset base_typeattr_746 (not (hwservice_manager_type ) ))
+(typeattributeset base_typeattr_746 (and (domain ) (not (incident_helper incidentd shell ))))
 (typeattribute base_typeattr_745)
-(typeattributeset base_typeattr_745 (and (vendor_file_type ) (not (vndk_sp_file ))))
+(typeattributeset base_typeattr_745 (and (domain ) (not (dumpstate incident shell su ))))
 (typeattribute base_typeattr_744)
-(typeattributeset base_typeattr_744 (and (domain ) (not (hal_wifi_supplicant_client hal_wifi_supplicant_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_744 (and (domain ) (not (idmap ))))
 (typeattribute base_typeattr_743)
-(typeattributeset base_typeattr_743 (and (domain ) (not (hal_wifi_supplicant_client hal_wifi_supplicant_server ))))
+(typeattributeset base_typeattr_743 (and (domain ) (not (hwservicemanager ))))
 (typeattribute base_typeattr_742)
-(typeattributeset base_typeattr_742 (and (domain ) (not (hal_wifi_supplicant_server ))))
+(typeattributeset base_typeattr_742 (not (hwservice_manager_type ) ))
 (typeattribute base_typeattr_741)
-(typeattributeset base_typeattr_741 (and (domain ) (not (hal_wifi_hostapd_client hal_wifi_hostapd_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_741 (and (vendor_file_type ) (not (vndk_sp_file ))))
 (typeattribute base_typeattr_740)
-(typeattributeset base_typeattr_740 (and (domain ) (not (hal_wifi_hostapd_client hal_wifi_hostapd_server ))))
+(typeattributeset base_typeattr_740 (and (domain ) (not (hal_wifi_supplicant_client hal_wifi_supplicant_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_739)
-(typeattributeset base_typeattr_739 (and (domain ) (not (hal_wifi_hostapd_server ))))
+(typeattributeset base_typeattr_739 (and (domain ) (not (hal_wifi_supplicant_client hal_wifi_supplicant_server ))))
 (typeattribute base_typeattr_738)
-(typeattributeset base_typeattr_738 (and (domain ) (not (hal_wifi_client hal_wifi_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_738 (and (domain ) (not (hal_wifi_supplicant_server ))))
 (typeattribute base_typeattr_737)
-(typeattributeset base_typeattr_737 (and (domain ) (not (hal_wifi_client hal_wifi_server ))))
+(typeattributeset base_typeattr_737 (and (domain ) (not (hal_wifi_hostapd_client hal_wifi_hostapd_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_736)
-(typeattributeset base_typeattr_736 (and (domain ) (not (hal_wifi_server ))))
+(typeattributeset base_typeattr_736 (and (domain ) (not (hal_wifi_hostapd_client hal_wifi_hostapd_server ))))
 (typeattribute base_typeattr_735)
-(typeattributeset base_typeattr_735 (and (domain ) (not (hal_weaver_client hal_weaver_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_735 (and (domain ) (not (hal_wifi_hostapd_server ))))
 (typeattribute base_typeattr_734)
-(typeattributeset base_typeattr_734 (and (domain ) (not (hal_weaver_client hal_weaver_server ))))
+(typeattributeset base_typeattr_734 (and (domain ) (not (hal_wifi_client hal_wifi_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_733)
-(typeattributeset base_typeattr_733 (and (domain ) (not (hal_weaver_server ))))
+(typeattributeset base_typeattr_733 (and (domain ) (not (hal_wifi_client hal_wifi_server ))))
 (typeattribute base_typeattr_732)
-(typeattributeset base_typeattr_732 (and (domain ) (not (hal_vr_client hal_vr_server ))))
+(typeattributeset base_typeattr_732 (and (domain ) (not (hal_wifi_server ))))
 (typeattribute base_typeattr_731)
-(typeattributeset base_typeattr_731 (and (domain ) (not (hal_vr_server ))))
+(typeattributeset base_typeattr_731 (and (domain ) (not (hal_weaver_client hal_weaver_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_730)
-(typeattributeset base_typeattr_730 (and (domain ) (not (hal_vm_capabilities_client hal_vm_capabilities_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_730 (and (domain ) (not (hal_weaver_client hal_weaver_server ))))
 (typeattribute base_typeattr_729)
-(typeattributeset base_typeattr_729 (and (domain ) (not (hal_vm_capabilities_server ))))
+(typeattributeset base_typeattr_729 (and (domain ) (not (hal_weaver_server ))))
 (typeattribute base_typeattr_728)
-(typeattributeset base_typeattr_728 (and (domain ) (not (hal_vibrator_client hal_vibrator_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_728 (and (domain ) (not (hal_vr_client hal_vr_server ))))
 (typeattribute base_typeattr_727)
-(typeattributeset base_typeattr_727 (and (domain ) (not (hal_vibrator_client hal_vibrator_server ))))
+(typeattributeset base_typeattr_727 (and (domain ) (not (hal_vr_server ))))
 (typeattribute base_typeattr_726)
-(typeattributeset base_typeattr_726 (and (domain ) (not (hal_vibrator_server ))))
+(typeattributeset base_typeattr_726 (and (domain ) (not (hal_vm_capabilities_client hal_vm_capabilities_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_725)
-(typeattributeset base_typeattr_725 (and (domain ) (not (hal_vehicle_client hal_vehicle_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_725 (and (domain ) (not (hal_vm_capabilities_server ))))
 (typeattribute base_typeattr_724)
-(typeattributeset base_typeattr_724 (and (domain ) (not (hal_vehicle_client hal_vehicle_server ))))
+(typeattributeset base_typeattr_724 (and (domain ) (not (hal_vibrator_client hal_vibrator_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_723)
-(typeattributeset base_typeattr_723 (and (domain ) (not (hal_vehicle_server ))))
+(typeattributeset base_typeattr_723 (and (domain ) (not (hal_vibrator_client hal_vibrator_server ))))
 (typeattribute base_typeattr_722)
-(typeattributeset base_typeattr_722 (and (domain ) (not (hal_uwb_client hal_uwb_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_722 (and (domain ) (not (hal_vibrator_server ))))
 (typeattribute base_typeattr_721)
-(typeattributeset base_typeattr_721 (and (domain ) (not (hal_uwb_server ))))
+(typeattributeset base_typeattr_721 (and (domain ) (not (hal_vehicle_client hal_vehicle_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_720)
-(typeattributeset base_typeattr_720 (and (domain ) (not (hal_usb_gadget_client hal_usb_gadget_server ))))
+(typeattributeset base_typeattr_720 (and (domain ) (not (hal_vehicle_client hal_vehicle_server ))))
 (typeattribute base_typeattr_719)
-(typeattributeset base_typeattr_719 (and (domain ) (not (hal_usb_gadget_client hal_usb_gadget_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_719 (and (domain ) (not (hal_vehicle_server ))))
 (typeattribute base_typeattr_718)
-(typeattributeset base_typeattr_718 (and (domain ) (not (hal_usb_gadget_server ))))
+(typeattributeset base_typeattr_718 (and (domain ) (not (hal_uwb_client hal_uwb_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_717)
-(typeattributeset base_typeattr_717 (and (domain ) (not (hal_usb_client hal_usb_server ))))
+(typeattributeset base_typeattr_717 (and (domain ) (not (hal_uwb_server ))))
 (typeattribute base_typeattr_716)
-(typeattributeset base_typeattr_716 (and (domain ) (not (hal_usb_client hal_usb_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_716 (and (domain ) (not (hal_usb_gadget_client hal_usb_gadget_server ))))
 (typeattribute base_typeattr_715)
-(typeattributeset base_typeattr_715 (and (domain ) (not (hal_usb_server ))))
+(typeattributeset base_typeattr_715 (and (domain ) (not (hal_usb_gadget_client hal_usb_gadget_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_714)
-(typeattributeset base_typeattr_714 (and (domain ) (not (hal_tv_tuner_client hal_tv_tuner_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_714 (and (domain ) (not (hal_usb_gadget_server ))))
 (typeattribute base_typeattr_713)
-(typeattributeset base_typeattr_713 (and (domain ) (not (hal_tv_tuner_client hal_tv_tuner_server ))))
+(typeattributeset base_typeattr_713 (and (domain ) (not (hal_usb_client hal_usb_server ))))
 (typeattribute base_typeattr_712)
-(typeattributeset base_typeattr_712 (and (domain ) (not (hal_tv_tuner_server ))))
+(typeattributeset base_typeattr_712 (and (domain ) (not (hal_usb_client hal_usb_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_711)
-(typeattributeset base_typeattr_711 (and (domain ) (not (hal_tv_input_client hal_tv_input_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_711 (and (domain ) (not (hal_usb_server ))))
 (typeattribute base_typeattr_710)
-(typeattributeset base_typeattr_710 (and (domain ) (not (hal_tv_input_client hal_tv_input_server ))))
+(typeattributeset base_typeattr_710 (and (domain ) (not (hal_tv_tuner_client hal_tv_tuner_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_709)
-(typeattributeset base_typeattr_709 (and (domain ) (not (hal_tv_input_server ))))
+(typeattributeset base_typeattr_709 (and (domain ) (not (hal_tv_tuner_client hal_tv_tuner_server ))))
 (typeattribute base_typeattr_708)
-(typeattributeset base_typeattr_708 (and (domain ) (not (hal_tv_hdmi_earc_client hal_tv_hdmi_earc_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_708 (and (domain ) (not (hal_tv_tuner_server ))))
 (typeattribute base_typeattr_707)
-(typeattributeset base_typeattr_707 (and (domain ) (not (hal_tv_hdmi_earc_server ))))
+(typeattributeset base_typeattr_707 (and (domain ) (not (hal_tv_input_client hal_tv_input_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_706)
-(typeattributeset base_typeattr_706 (and (domain ) (not (hal_tv_hdmi_connection_client hal_tv_hdmi_connection_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_706 (and (domain ) (not (hal_tv_input_client hal_tv_input_server ))))
 (typeattribute base_typeattr_705)
-(typeattributeset base_typeattr_705 (and (domain ) (not (hal_tv_hdmi_connection_server ))))
+(typeattributeset base_typeattr_705 (and (domain ) (not (hal_tv_input_server ))))
 (typeattribute base_typeattr_704)
-(typeattributeset base_typeattr_704 (and (domain ) (not (hal_tv_hdmi_cec_client hal_tv_hdmi_cec_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_704 (and (domain ) (not (hal_tv_hdmi_earc_client hal_tv_hdmi_earc_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_703)
-(typeattributeset base_typeattr_703 (and (domain ) (not (hal_tv_hdmi_cec_server ))))
+(typeattributeset base_typeattr_703 (and (domain ) (not (hal_tv_hdmi_earc_server ))))
 (typeattribute base_typeattr_702)
-(typeattributeset base_typeattr_702 (and (domain ) (not (hal_tv_cec_client hal_tv_cec_server ))))
+(typeattributeset base_typeattr_702 (and (domain ) (not (hal_tv_hdmi_connection_client hal_tv_hdmi_connection_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_701)
-(typeattributeset base_typeattr_701 (and (domain ) (not (hal_tv_cec_server ))))
+(typeattributeset base_typeattr_701 (and (domain ) (not (hal_tv_hdmi_connection_server ))))
 (typeattribute base_typeattr_700)
-(typeattributeset base_typeattr_700 (and (domain ) (not (hal_threadnetwork_client hal_threadnetwork_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_700 (and (domain ) (not (hal_tv_hdmi_cec_client hal_tv_hdmi_cec_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_699)
-(typeattributeset base_typeattr_699 (and (domain ) (not (hal_threadnetwork_server ))))
+(typeattributeset base_typeattr_699 (and (domain ) (not (hal_tv_hdmi_cec_server ))))
 (typeattribute base_typeattr_698)
-(typeattributeset base_typeattr_698 (and (domain ) (not (hal_thermal_client hal_thermal_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_698 (and (domain ) (not (hal_tv_cec_client hal_tv_cec_server ))))
 (typeattribute base_typeattr_697)
-(typeattributeset base_typeattr_697 (and (domain ) (not (hal_thermal_client hal_thermal_server ))))
+(typeattributeset base_typeattr_697 (and (domain ) (not (hal_tv_cec_server ))))
 (typeattribute base_typeattr_696)
-(typeattributeset base_typeattr_696 (and (domain ) (not (hal_thermal_server ))))
+(typeattributeset base_typeattr_696 (and (domain ) (not (hal_threadnetwork_client hal_threadnetwork_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_695)
-(typeattributeset base_typeattr_695 (and (domain ) (not (hal_tetheroffload_client hal_tetheroffload_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_695 (and (domain ) (not (hal_threadnetwork_server ))))
 (typeattribute base_typeattr_694)
-(typeattributeset base_typeattr_694 (and (domain ) (not (hal_tetheroffload_client hal_tetheroffload_server ))))
+(typeattributeset base_typeattr_694 (and (domain ) (not (hal_thermal_client hal_thermal_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_693)
-(typeattributeset base_typeattr_693 (and (domain ) (not (hal_tetheroffload_server ))))
+(typeattributeset base_typeattr_693 (and (domain ) (not (hal_thermal_client hal_thermal_server ))))
 (typeattribute base_typeattr_692)
-(typeattributeset base_typeattr_692 (and (domain ) (not (hal_telephony_client hal_telephony_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_692 (and (domain ) (not (hal_thermal_server ))))
 (typeattribute base_typeattr_691)
-(typeattributeset base_typeattr_691 (and (domain ) (not (hal_telephony_client hal_telephony_server ))))
+(typeattributeset base_typeattr_691 (and (domain ) (not (hal_tetheroffload_client hal_tetheroffload_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_690)
-(typeattributeset base_typeattr_690 (and (domain ) (not (hal_telephony_server ))))
+(typeattributeset base_typeattr_690 (and (domain ) (not (hal_tetheroffload_client hal_tetheroffload_server ))))
 (typeattribute base_typeattr_689)
-(typeattributeset base_typeattr_689 (and (domain ) (not (hal_sensors_client hal_sensors_server ))))
+(typeattributeset base_typeattr_689 (and (domain ) (not (hal_tetheroffload_server ))))
 (typeattribute base_typeattr_688)
-(typeattributeset base_typeattr_688 (and (domain ) (not (hal_sensors_server ))))
+(typeattributeset base_typeattr_688 (and (domain ) (not (hal_telephony_client hal_telephony_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_687)
-(typeattributeset base_typeattr_687 (and (domain ) (not (hal_secure_element_client hal_secure_element_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_687 (and (domain ) (not (hal_telephony_client hal_telephony_server ))))
 (typeattribute base_typeattr_686)
-(typeattributeset base_typeattr_686 (and (domain ) (not (hal_secure_element_client hal_secure_element_server ))))
+(typeattributeset base_typeattr_686 (and (domain ) (not (hal_telephony_server ))))
 (typeattribute base_typeattr_685)
-(typeattributeset base_typeattr_685 (and (domain ) (not (hal_secure_element_server ))))
+(typeattributeset base_typeattr_685 (and (domain ) (not (hal_sensors_client hal_sensors_server ))))
 (typeattribute base_typeattr_684)
-(typeattributeset base_typeattr_684 (and (domain ) (not (hal_secretkeeper_client hal_secretkeeper_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_684 (and (domain ) (not (hal_sensors_server ))))
 (typeattribute base_typeattr_683)
-(typeattributeset base_typeattr_683 (and (domain ) (not (hal_secretkeeper_server ))))
+(typeattributeset base_typeattr_683 (and (domain ) (not (hal_secure_element_client hal_secure_element_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_682)
-(typeattributeset base_typeattr_682 (and (domain ) (not (hal_remotelyprovisionedcomponent_avf_client hal_remotelyprovisionedcomponent_avf_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_682 (and (domain ) (not (hal_secure_element_client hal_secure_element_server ))))
 (typeattribute base_typeattr_681)
-(typeattributeset base_typeattr_681 (and (domain ) (not (hal_remotelyprovisionedcomponent_avf_server ))))
+(typeattributeset base_typeattr_681 (and (domain ) (not (hal_secure_element_server ))))
 (typeattribute base_typeattr_680)
-(typeattributeset base_typeattr_680 (and (domain ) (not (hal_remoteaccess_client hal_remoteaccess_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_680 (and (domain ) (not (hal_secretkeeper_client hal_secretkeeper_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_679)
-(typeattributeset base_typeattr_679 (and (domain ) (not (hal_remoteaccess_server ))))
+(typeattributeset base_typeattr_679 (and (domain ) (not (hal_secretkeeper_server ))))
 (typeattribute base_typeattr_678)
-(typeattributeset base_typeattr_678 (and (domain ) (not (hal_rebootescrow_client hal_rebootescrow_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_678 (and (domain ) (not (hal_remotelyprovisionedcomponent_avf_client hal_remotelyprovisionedcomponent_avf_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_677)
-(typeattributeset base_typeattr_677 (and (domain ) (not (hal_rebootescrow_server ))))
+(typeattributeset base_typeattr_677 (and (domain ) (not (hal_remotelyprovisionedcomponent_avf_server ))))
 (typeattribute base_typeattr_676)
-(typeattributeset base_typeattr_676 (and (domain ) (not (hal_power_stats_client hal_power_stats_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_676 (and (domain ) (not (hal_remoteaccess_client hal_remoteaccess_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_675)
-(typeattributeset base_typeattr_675 (and (domain ) (not (hal_power_stats_client hal_power_stats_server ))))
+(typeattributeset base_typeattr_675 (and (domain ) (not (hal_remoteaccess_server ))))
 (typeattribute base_typeattr_674)
-(typeattributeset base_typeattr_674 (and (domain ) (not (hal_power_stats_server ))))
+(typeattributeset base_typeattr_674 (and (domain ) (not (hal_rebootescrow_client hal_rebootescrow_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_673)
-(typeattributeset base_typeattr_673 (and (domain ) (not (hal_power_client hal_power_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_673 (and (domain ) (not (hal_rebootescrow_server ))))
 (typeattribute base_typeattr_672)
-(typeattributeset base_typeattr_672 (and (domain ) (not (hal_power_client hal_power_server ))))
+(typeattributeset base_typeattr_672 (and (domain ) (not (hal_power_stats_client hal_power_stats_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_671)
-(typeattributeset base_typeattr_671 (and (domain ) (not (hal_power_server ))))
+(typeattributeset base_typeattr_671 (and (domain ) (not (hal_power_stats_client hal_power_stats_server ))))
 (typeattribute base_typeattr_670)
-(typeattributeset base_typeattr_670 (and (domain ) (not (hal_omx_client hal_omx_server ))))
+(typeattributeset base_typeattr_670 (and (domain ) (not (hal_power_stats_server ))))
 (typeattribute base_typeattr_669)
-(typeattributeset base_typeattr_669 (and (domain ) (not (hal_omx_server ))))
+(typeattributeset base_typeattr_669 (and (domain ) (not (hal_power_client hal_power_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_668)
-(typeattributeset base_typeattr_668 (and (domain ) (not (hal_oemlock_client hal_oemlock_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_668 (and (domain ) (not (hal_power_client hal_power_server ))))
 (typeattribute base_typeattr_667)
-(typeattributeset base_typeattr_667 (and (domain ) (not (hal_oemlock_client hal_oemlock_server ))))
+(typeattributeset base_typeattr_667 (and (domain ) (not (hal_power_server ))))
 (typeattribute base_typeattr_666)
-(typeattributeset base_typeattr_666 (and (domain ) (not (hal_oemlock_server ))))
+(typeattributeset base_typeattr_666 (and (domain ) (not (hal_omx_client hal_omx_server ))))
 (typeattribute base_typeattr_665)
-(typeattributeset base_typeattr_665 (and (domain ) (not (hal_nlinterceptor_client hal_nlinterceptor_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_665 (and (domain ) (not (hal_omx_server ))))
 (typeattribute base_typeattr_664)
-(typeattributeset base_typeattr_664 (and (domain ) (not (hal_nlinterceptor_server ))))
+(typeattributeset base_typeattr_664 (and (domain ) (not (hal_oemlock_client hal_oemlock_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_663)
-(typeattributeset base_typeattr_663 (and (domain ) (not (hal_nfc_client hal_nfc_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_663 (and (domain ) (not (hal_oemlock_client hal_oemlock_server ))))
 (typeattribute base_typeattr_662)
-(typeattributeset base_typeattr_662 (and (domain ) (not (hal_nfc_client hal_nfc_server ))))
+(typeattributeset base_typeattr_662 (and (domain ) (not (hal_oemlock_server ))))
 (typeattribute base_typeattr_661)
-(typeattributeset base_typeattr_661 (and (domain ) (not (hal_nfc_server ))))
+(typeattributeset base_typeattr_661 (and (domain ) (not (hal_nlinterceptor_client hal_nlinterceptor_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_660)
-(typeattributeset base_typeattr_660 (and (fs_type file_type ) (not (shell_exec toolbox_exec ))))
+(typeattributeset base_typeattr_660 (and (domain ) (not (hal_nlinterceptor_server ))))
 (typeattribute base_typeattr_659)
-(typeattributeset base_typeattr_659 (and (halserverdomain ) (not (hal_dumpstate_server hal_telephony_server ))))
+(typeattributeset base_typeattr_659 (and (domain ) (not (hal_nfc_client hal_nfc_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_658)
-(typeattributeset base_typeattr_658 (and (halserverdomain ) (not (hal_automotive_socket_exemption hal_bluetooth_server hal_can_controller_server hal_nlinterceptor_server hal_telephony_server hal_tetheroffload_server hal_tv_tuner_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server ))))
+(typeattributeset base_typeattr_658 (and (domain ) (not (hal_nfc_client hal_nfc_server ))))
 (typeattribute base_typeattr_657)
-(typeattributeset base_typeattr_657 (and (halserverdomain ) (not (hal_automotive_socket_exemption hal_bluetooth_server hal_can_controller_server hal_nlinterceptor_server hal_telephony_server hal_tetheroffload_server hal_tv_tuner_server hal_uwb_server hal_uwb_vendor_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server ))))
+(typeattributeset base_typeattr_657 (and (domain ) (not (hal_nfc_server ))))
 (typeattribute base_typeattr_656)
-(typeattributeset base_typeattr_656 (and (halserverdomain ) (not (hal_bluetooth_server hal_can_controller_server hal_nlinterceptor_server hal_telephony_server hal_tv_tuner_server hal_uwb_server hal_uwb_vendor_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server ))))
+(typeattributeset base_typeattr_656 (and (fs_type file_type ) (not (shell_exec toolbox_exec ))))
 (typeattribute base_typeattr_655)
-(typeattributeset base_typeattr_655 (and (domain ) (not (hal_neuralnetworks_client hal_neuralnetworks_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_655 (and (halserverdomain ) (not (hal_dumpstate_server hal_telephony_server ))))
 (typeattribute base_typeattr_654)
-(typeattributeset base_typeattr_654 (and (domain ) (not (hal_neuralnetworks_client hal_neuralnetworks_server ))))
+(typeattributeset base_typeattr_654 (and (halserverdomain ) (not (hal_automotive_socket_exemption hal_bluetooth_server hal_can_controller_server hal_nlinterceptor_server hal_telephony_server hal_tetheroffload_server hal_tv_tuner_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server ))))
 (typeattribute base_typeattr_653)
-(typeattributeset base_typeattr_653 (and (domain ) (not (hal_neuralnetworks_server ))))
+(typeattributeset base_typeattr_653 (and (halserverdomain ) (not (hal_automotive_socket_exemption hal_bluetooth_server hal_can_controller_server hal_nlinterceptor_server hal_telephony_server hal_tetheroffload_server hal_tv_tuner_server hal_uwb_server hal_uwb_vendor_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server ))))
 (typeattribute base_typeattr_652)
-(typeattributeset base_typeattr_652 (and (domain ) (not (hal_memtrack_client hal_memtrack_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_652 (and (halserverdomain ) (not (hal_bluetooth_server hal_can_controller_server hal_nlinterceptor_server hal_telephony_server hal_tv_tuner_server hal_uwb_server hal_uwb_vendor_server hal_wifi_server hal_wifi_hostapd_server hal_wifi_supplicant_server ))))
 (typeattribute base_typeattr_651)
-(typeattributeset base_typeattr_651 (and (domain ) (not (hal_memtrack_client hal_memtrack_server ))))
+(typeattributeset base_typeattr_651 (and (domain ) (not (hal_neuralnetworks_client hal_neuralnetworks_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_650)
-(typeattributeset base_typeattr_650 (and (domain ) (not (hal_memtrack_server ))))
+(typeattributeset base_typeattr_650 (and (domain ) (not (hal_neuralnetworks_client hal_neuralnetworks_server ))))
 (typeattribute base_typeattr_649)
-(typeattributeset base_typeattr_649 (and (domain ) (not (hal_mediaquality_client hal_mediaquality_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_649 (and (domain ) (not (hal_neuralnetworks_server ))))
 (typeattribute base_typeattr_648)
-(typeattributeset base_typeattr_648 (and (domain ) (not (hal_mediaquality_server ))))
+(typeattributeset base_typeattr_648 (and (domain ) (not (hal_memtrack_client hal_memtrack_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_647)
-(typeattributeset base_typeattr_647 (and (domain ) (not (hal_macsec_client hal_macsec_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_647 (and (domain ) (not (hal_memtrack_client hal_memtrack_server ))))
 (typeattribute base_typeattr_646)
-(typeattributeset base_typeattr_646 (and (domain ) (not (hal_macsec_server ))))
+(typeattributeset base_typeattr_646 (and (domain ) (not (hal_memtrack_server ))))
 (typeattribute base_typeattr_645)
-(typeattributeset base_typeattr_645 (and (domain ) (not (hal_lowpan_server init ueventd ))))
+(typeattributeset base_typeattr_645 (and (domain ) (not (hal_mediaquality_client hal_mediaquality_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_644)
-(typeattributeset base_typeattr_644 (and (domain ) (not (hal_lowpan_client hal_lowpan_server ))))
+(typeattributeset base_typeattr_644 (and (domain ) (not (hal_mediaquality_server ))))
 (typeattribute base_typeattr_643)
-(typeattributeset base_typeattr_643 (and (domain ) (not (hal_lowpan_server ))))
+(typeattributeset base_typeattr_643 (and (domain ) (not (hal_macsec_client hal_macsec_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_642)
-(typeattributeset base_typeattr_642 (and (domain ) (not (hal_light_client hal_light_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_642 (and (domain ) (not (hal_macsec_server ))))
 (typeattribute base_typeattr_641)
-(typeattributeset base_typeattr_641 (and (domain ) (not (hal_light_client hal_light_server ))))
+(typeattributeset base_typeattr_641 (and (domain ) (not (hal_lowpan_server init ueventd ))))
 (typeattribute base_typeattr_640)
-(typeattributeset base_typeattr_640 (and (domain ) (not (hal_light_server ))))
+(typeattributeset base_typeattr_640 (and (domain ) (not (hal_lowpan_client hal_lowpan_server ))))
 (typeattribute base_typeattr_639)
-(typeattributeset base_typeattr_639 (and (hal_keymint_server ) (not (coredomain ))))
+(typeattributeset base_typeattr_639 (and (domain ) (not (hal_lowpan_server ))))
 (typeattribute base_typeattr_638)
-(typeattributeset base_typeattr_638 (and (domain ) (not (hal_keymint_client hal_keymint_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_638 (and (domain ) (not (hal_light_client hal_light_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_637)
-(typeattributeset base_typeattr_637 (and (domain ) (not (hal_keymint_server ))))
+(typeattributeset base_typeattr_637 (and (domain ) (not (hal_light_client hal_light_server ))))
 (typeattribute base_typeattr_636)
-(typeattributeset base_typeattr_636 (and (domain ) (not (hal_keymaster_client hal_keymaster_server ))))
+(typeattributeset base_typeattr_636 (and (domain ) (not (hal_light_server ))))
 (typeattribute base_typeattr_635)
-(typeattributeset base_typeattr_635 (and (domain ) (not (hal_keymaster_server ))))
+(typeattributeset base_typeattr_635 (and (hal_keymint_server ) (not (coredomain ))))
 (typeattribute base_typeattr_634)
-(typeattributeset base_typeattr_634 (and (domain ) (not (hal_ivn_client hal_ivn_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_634 (and (domain ) (not (hal_keymint_client hal_keymint_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_633)
-(typeattributeset base_typeattr_633 (and (domain ) (not (hal_ivn_server ))))
+(typeattributeset base_typeattr_633 (and (domain ) (not (hal_keymint_server ))))
 (typeattribute base_typeattr_632)
-(typeattributeset base_typeattr_632 (and (domain ) (not (hal_ir_client hal_ir_server ))))
+(typeattributeset base_typeattr_632 (and (domain ) (not (hal_keymaster_client hal_keymaster_server ))))
 (typeattribute base_typeattr_631)
-(typeattributeset base_typeattr_631 (and (domain ) (not (hal_ir_client hal_ir_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_631 (and (domain ) (not (hal_keymaster_server ))))
 (typeattribute base_typeattr_630)
-(typeattributeset base_typeattr_630 (and (domain ) (not (hal_ir_server ))))
+(typeattributeset base_typeattr_630 (and (domain ) (not (hal_ivn_client hal_ivn_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_629)
-(typeattributeset base_typeattr_629 (and (domain ) (not (hal_input_processor_client hal_input_processor_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_629 (and (domain ) (not (hal_ivn_server ))))
 (typeattribute base_typeattr_628)
-(typeattributeset base_typeattr_628 (and (domain ) (not (hal_input_processor_server ))))
+(typeattributeset base_typeattr_628 (and (domain ) (not (hal_ir_client hal_ir_server ))))
 (typeattribute base_typeattr_627)
-(typeattributeset base_typeattr_627 (and (domain ) (not (hal_input_classifier_client hal_input_classifier_server ))))
+(typeattributeset base_typeattr_627 (and (domain ) (not (hal_ir_client hal_ir_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_626)
-(typeattributeset base_typeattr_626 (and (domain ) (not (hal_input_classifier_server ))))
+(typeattributeset base_typeattr_626 (and (domain ) (not (hal_ir_server ))))
 (typeattribute base_typeattr_625)
-(typeattributeset base_typeattr_625 (and (domain ) (not (hal_identity_client hal_identity_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_625 (and (domain ) (not (hal_input_processor_client hal_input_processor_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_624)
-(typeattributeset base_typeattr_624 (and (domain ) (not (hal_identity_server ))))
+(typeattributeset base_typeattr_624 (and (domain ) (not (hal_input_processor_server ))))
 (typeattribute base_typeattr_623)
-(typeattributeset base_typeattr_623 (and (domain ) (not (hal_health_storage_client hal_health_storage_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_623 (and (domain ) (not (hal_input_classifier_client hal_input_classifier_server ))))
 (typeattribute base_typeattr_622)
-(typeattributeset base_typeattr_622 (and (domain ) (not (hal_health_storage_client hal_health_storage_server ))))
+(typeattributeset base_typeattr_622 (and (domain ) (not (hal_input_classifier_server ))))
 (typeattribute base_typeattr_621)
-(typeattributeset base_typeattr_621 (and (domain ) (not (hal_health_storage_server ))))
+(typeattributeset base_typeattr_621 (and (domain ) (not (hal_identity_client hal_identity_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_620)
-(typeattributeset base_typeattr_620 (and (domain ) (not (hal_health_client hal_health_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_620 (and (domain ) (not (hal_identity_server ))))
 (typeattribute base_typeattr_619)
-(typeattributeset base_typeattr_619 (and (domain ) (not (hal_health_client hal_health_server ))))
+(typeattributeset base_typeattr_619 (and (domain ) (not (hal_health_storage_client hal_health_storage_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_618)
-(typeattributeset base_typeattr_618 (and (domain ) (not (hal_health_server ))))
+(typeattributeset base_typeattr_618 (and (domain ) (not (hal_health_storage_client hal_health_storage_server ))))
 (typeattribute base_typeattr_617)
-(typeattributeset base_typeattr_617 (and (domain ) (not (hal_graphics_composer_client hal_graphics_composer_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_617 (and (domain ) (not (hal_health_storage_server ))))
 (typeattribute base_typeattr_616)
-(typeattributeset base_typeattr_616 (and (domain ) (not (hal_graphics_composer_client hal_graphics_composer_server ))))
+(typeattributeset base_typeattr_616 (and (domain ) (not (hal_health_client hal_health_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_615)
-(typeattributeset base_typeattr_615 (and (domain ) (not (hal_graphics_composer_server ))))
+(typeattributeset base_typeattr_615 (and (domain ) (not (hal_health_client hal_health_server ))))
 (typeattribute base_typeattr_614)
-(typeattributeset base_typeattr_614 (and (domain ) (not (hal_graphics_allocator_client hal_graphics_allocator_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_614 (and (domain ) (not (hal_health_server ))))
 (typeattribute base_typeattr_613)
-(typeattributeset base_typeattr_613 (and (domain ) (not (hal_graphics_allocator_client hal_graphics_allocator_server ))))
+(typeattributeset base_typeattr_613 (and (domain ) (not (hal_graphics_composer_client hal_graphics_composer_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_612)
-(typeattributeset base_typeattr_612 (and (domain ) (not (hal_graphics_allocator_server ))))
+(typeattributeset base_typeattr_612 (and (domain ) (not (hal_graphics_composer_client hal_graphics_composer_server ))))
 (typeattribute base_typeattr_611)
-(typeattributeset base_typeattr_611 (and (domain ) (not (hal_gnss_client hal_gnss_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_611 (and (domain ) (not (hal_graphics_composer_server ))))
 (typeattribute base_typeattr_610)
-(typeattributeset base_typeattr_610 (and (domain ) (not (hal_gnss_client hal_gnss_server ))))
+(typeattributeset base_typeattr_610 (and (domain ) (not (hal_graphics_allocator_client hal_graphics_allocator_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_609)
-(typeattributeset base_typeattr_609 (and (domain ) (not (hal_gnss_server ))))
+(typeattributeset base_typeattr_609 (and (domain ) (not (hal_graphics_allocator_client hal_graphics_allocator_server ))))
 (typeattribute base_typeattr_608)
-(typeattributeset base_typeattr_608 (and (domain ) (not (hal_gatekeeper_client hal_gatekeeper_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_608 (and (domain ) (not (hal_graphics_allocator_server ))))
 (typeattribute base_typeattr_607)
-(typeattributeset base_typeattr_607 (and (domain ) (not (hal_gatekeeper_client hal_gatekeeper_server ))))
+(typeattributeset base_typeattr_607 (and (domain ) (not (hal_gnss_client hal_gnss_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_606)
-(typeattributeset base_typeattr_606 (and (domain ) (not (hal_gatekeeper_server ))))
+(typeattributeset base_typeattr_606 (and (domain ) (not (hal_gnss_client hal_gnss_server ))))
 (typeattribute base_typeattr_605)
-(typeattributeset base_typeattr_605 (and (hal_fingerprint ) (not (coredomain ))))
+(typeattributeset base_typeattr_605 (and (domain ) (not (hal_gnss_server ))))
 (typeattribute base_typeattr_604)
-(typeattributeset base_typeattr_604 (and (domain ) (not (hal_fingerprint_client hal_fingerprint_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_604 (and (domain ) (not (hal_gatekeeper_client hal_gatekeeper_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_603)
-(typeattributeset base_typeattr_603 (and (domain ) (not (hal_fingerprint_client hal_fingerprint_server ))))
+(typeattributeset base_typeattr_603 (and (domain ) (not (hal_gatekeeper_client hal_gatekeeper_server ))))
 (typeattribute base_typeattr_602)
-(typeattributeset base_typeattr_602 (and (domain ) (not (hal_fingerprint_server ))))
+(typeattributeset base_typeattr_602 (and (domain ) (not (hal_gatekeeper_server ))))
 (typeattribute base_typeattr_601)
-(typeattributeset base_typeattr_601 (and (domain ) (not (hal_fastboot_client hal_fastboot_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_601 (and (hal_fingerprint ) (not (coredomain ))))
 (typeattribute base_typeattr_600)
-(typeattributeset base_typeattr_600 (and (domain ) (not (hal_fastboot_server ))))
+(typeattributeset base_typeattr_600 (and (domain ) (not (hal_fingerprint_client hal_fingerprint_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_599)
-(typeattributeset base_typeattr_599 (and (hal_face ) (not (coredomain ))))
+(typeattributeset base_typeattr_599 (and (domain ) (not (hal_fingerprint_client hal_fingerprint_server ))))
 (typeattribute base_typeattr_598)
-(typeattributeset base_typeattr_598 (and (domain ) (not (hal_face_client hal_face_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_598 (and (domain ) (not (hal_fingerprint_server ))))
 (typeattribute base_typeattr_597)
-(typeattributeset base_typeattr_597 (and (domain ) (not (hal_face_client hal_face_server ))))
+(typeattributeset base_typeattr_597 (and (domain ) (not (hal_fastboot_client hal_fastboot_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_596)
-(typeattributeset base_typeattr_596 (and (domain ) (not (hal_face_server ))))
+(typeattributeset base_typeattr_596 (and (domain ) (not (hal_fastboot_server ))))
 (typeattribute base_typeattr_595)
-(typeattributeset base_typeattr_595 (and (domain ) (not (hal_evs_client hal_evs_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_595 (and (hal_face ) (not (coredomain ))))
 (typeattribute base_typeattr_594)
-(typeattributeset base_typeattr_594 (and (domain ) (not (hal_evs_server ))))
+(typeattributeset base_typeattr_594 (and (domain ) (not (hal_face_client hal_face_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_593)
-(typeattributeset base_typeattr_593 (and (domain ) (not (hal_evs_server evsmanagerd ))))
+(typeattributeset base_typeattr_593 (and (domain ) (not (hal_face_client hal_face_server ))))
 (typeattribute base_typeattr_592)
-(typeattributeset base_typeattr_592 (and (domain ) (not (hal_dumpstate_client hal_dumpstate_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_592 (and (domain ) (not (hal_face_server ))))
 (typeattribute base_typeattr_591)
-(typeattributeset base_typeattr_591 (and (domain ) (not (hal_dumpstate_client hal_dumpstate_server ))))
+(typeattributeset base_typeattr_591 (and (domain ) (not (hal_evs_client hal_evs_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_590)
-(typeattributeset base_typeattr_590 (and (domain ) (not (hal_dumpstate_server ))))
+(typeattributeset base_typeattr_590 (and (domain ) (not (hal_evs_server ))))
 (typeattribute base_typeattr_589)
-(typeattributeset base_typeattr_589 (and (domain ) (not (hal_drm_client hal_drm_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_589 (and (domain ) (not (hal_evs_server evsmanagerd ))))
 (typeattribute base_typeattr_588)
-(typeattributeset base_typeattr_588 (and (domain ) (not (hal_drm_client hal_drm_server ))))
+(typeattributeset base_typeattr_588 (and (domain ) (not (hal_dumpstate_client hal_dumpstate_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_587)
-(typeattributeset base_typeattr_587 (and (domain ) (not (hal_drm_server ))))
+(typeattributeset base_typeattr_587 (and (domain ) (not (hal_dumpstate_client hal_dumpstate_server ))))
 (typeattribute base_typeattr_586)
-(typeattributeset base_typeattr_586 (and (domain ) (not (hal_contexthub_client hal_contexthub_server ))))
+(typeattributeset base_typeattr_586 (and (domain ) (not (hal_dumpstate_server ))))
 (typeattribute base_typeattr_585)
-(typeattributeset base_typeattr_585 (and (domain ) (not (hal_contexthub_server ))))
+(typeattributeset base_typeattr_585 (and (domain ) (not (hal_drm_client hal_drm_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_584)
-(typeattributeset base_typeattr_584 (and (domain ) (not (hal_confirmationui_client hal_confirmationui_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_584 (and (domain ) (not (hal_drm_client hal_drm_server ))))
 (typeattribute base_typeattr_583)
-(typeattributeset base_typeattr_583 (and (domain ) (not (hal_confirmationui_client hal_confirmationui_server ))))
+(typeattributeset base_typeattr_583 (and (domain ) (not (hal_drm_server ))))
 (typeattribute base_typeattr_582)
-(typeattributeset base_typeattr_582 (and (domain ) (not (hal_confirmationui_server ))))
+(typeattributeset base_typeattr_582 (and (domain ) (not (hal_contexthub_client hal_contexthub_server ))))
 (typeattribute base_typeattr_581)
-(typeattributeset base_typeattr_581 (and (data_file_type ) (not (anr_data_file tombstone_data_file ))))
+(typeattributeset base_typeattr_581 (and (domain ) (not (hal_contexthub_server ))))
 (typeattribute base_typeattr_580)
-(typeattributeset base_typeattr_580 (and (domain ) (not (hal_configstore_server logd prng_seeder tombstoned ))))
+(typeattributeset base_typeattr_580 (and (domain ) (not (hal_confirmationui_client hal_confirmationui_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_579)
-(typeattributeset base_typeattr_579 (and (domain ) (not (hal_configstore_client hal_configstore_server ))))
+(typeattributeset base_typeattr_579 (and (domain ) (not (hal_confirmationui_client hal_confirmationui_server ))))
 (typeattribute base_typeattr_578)
-(typeattributeset base_typeattr_578 (and (domain ) (not (hal_configstore_server ))))
+(typeattributeset base_typeattr_578 (and (domain ) (not (hal_confirmationui_server ))))
 (typeattribute base_typeattr_577)
-(typeattributeset base_typeattr_577 (and (hal_codec2_client ) (not (isolated_app_all ))))
+(typeattributeset base_typeattr_577 (and (data_file_type ) (not (anr_data_file tombstone_data_file ))))
 (typeattribute base_typeattr_576)
-(typeattributeset base_typeattr_576 (and (domain ) (not (hal_codec2_client hal_codec2_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_576 (and (domain ) (not (hal_configstore_server logd prng_seeder tombstoned ))))
 (typeattribute base_typeattr_575)
-(typeattributeset base_typeattr_575 (and (domain ) (not (hal_codec2_client hal_codec2_server ))))
+(typeattributeset base_typeattr_575 (and (domain ) (not (hal_configstore_client hal_configstore_server ))))
 (typeattribute base_typeattr_574)
-(typeattributeset base_typeattr_574 (and (domain ) (not (hal_codec2_server ))))
+(typeattributeset base_typeattr_574 (and (domain ) (not (hal_configstore_server ))))
 (typeattribute base_typeattr_573)
-(typeattributeset base_typeattr_573 (and (domain ) (not (hal_cas_client hal_cas_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_573 (and (hal_codec2_client ) (not (isolated_app_all ))))
 (typeattribute base_typeattr_572)
-(typeattributeset base_typeattr_572 (and (domain ) (not (hal_cas_client hal_cas_server ))))
+(typeattributeset base_typeattr_572 (and (domain ) (not (hal_codec2_client hal_codec2_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_571)
-(typeattributeset base_typeattr_571 (and (domain ) (not (hal_cas_server ))))
+(typeattributeset base_typeattr_571 (and (domain ) (not (hal_codec2_client hal_codec2_server ))))
 (typeattribute base_typeattr_570)
-(typeattributeset base_typeattr_570 (and (domain ) (not (hal_can_controller_client hal_can_controller_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_570 (and (domain ) (not (hal_codec2_server ))))
 (typeattribute base_typeattr_569)
-(typeattributeset base_typeattr_569 (and (domain ) (not (hal_can_bus_client hal_can_bus_server ))))
+(typeattributeset base_typeattr_569 (and (domain ) (not (hal_cas_client hal_cas_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_568)
-(typeattributeset base_typeattr_568 (and (domain ) (not (hal_can_bus_server ))))
+(typeattributeset base_typeattr_568 (and (domain ) (not (hal_cas_client hal_cas_server ))))
 (typeattribute base_typeattr_567)
-(typeattributeset base_typeattr_567 (and (domain ) (not (hal_can_controller_client hal_can_controller_server ))))
+(typeattributeset base_typeattr_567 (and (domain ) (not (hal_cas_server ))))
 (typeattribute base_typeattr_566)
-(typeattributeset base_typeattr_566 (and (domain ) (not (hal_can_controller_server ))))
+(typeattributeset base_typeattr_566 (and (domain ) (not (hal_can_controller_client hal_can_controller_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_565)
-(typeattributeset base_typeattr_565 (and (halserverdomain ) (not (hal_camera_server ))))
+(typeattributeset base_typeattr_565 (and (domain ) (not (hal_can_bus_client hal_can_bus_server ))))
 (typeattribute base_typeattr_564)
-(typeattributeset base_typeattr_564 (and (appdomain ) (not (isolated_app ))))
+(typeattributeset base_typeattr_564 (and (domain ) (not (hal_can_bus_server ))))
 (typeattribute base_typeattr_563)
-(typeattributeset base_typeattr_563 (and (domain ) (not (hal_camera_client hal_camera_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_563 (and (domain ) (not (hal_can_controller_client hal_can_controller_server ))))
 (typeattribute base_typeattr_562)
-(typeattributeset base_typeattr_562 (and (domain ) (not (hal_camera_client hal_camera_server ))))
+(typeattributeset base_typeattr_562 (and (domain ) (not (hal_can_controller_server ))))
 (typeattribute base_typeattr_561)
-(typeattributeset base_typeattr_561 (and (domain ) (not (hal_camera_server ))))
+(typeattributeset base_typeattr_561 (and (halserverdomain ) (not (hal_camera_server ))))
 (typeattribute base_typeattr_560)
-(typeattributeset base_typeattr_560 (and (domain ) (not (hal_broadcastradio_client hal_broadcastradio_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_560 (and (appdomain ) (not (isolated_app ))))
 (typeattribute base_typeattr_559)
-(typeattributeset base_typeattr_559 (and (domain ) (not (hal_broadcastradio_client hal_broadcastradio_server ))))
+(typeattributeset base_typeattr_559 (and (domain ) (not (hal_camera_client hal_camera_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_558)
-(typeattributeset base_typeattr_558 (and (domain ) (not (hal_broadcastradio_server ))))
+(typeattributeset base_typeattr_558 (and (domain ) (not (hal_camera_client hal_camera_server ))))
 (typeattribute base_typeattr_557)
-(typeattributeset base_typeattr_557 (and (domain ) (not (hal_bootctl_client hal_bootctl_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_557 (and (domain ) (not (hal_camera_server ))))
 (typeattribute base_typeattr_556)
-(typeattributeset base_typeattr_556 (and (domain ) (not (hal_bootctl_client hal_bootctl_server ))))
+(typeattributeset base_typeattr_556 (and (domain ) (not (hal_broadcastradio_client hal_broadcastradio_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_555)
-(typeattributeset base_typeattr_555 (and (domain ) (not (hal_bootctl_server ))))
+(typeattributeset base_typeattr_555 (and (domain ) (not (hal_broadcastradio_client hal_broadcastradio_server ))))
 (typeattribute base_typeattr_554)
-(typeattributeset base_typeattr_554 (and (domain ) (not (hal_bluetooth_client hal_bluetooth_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_554 (and (domain ) (not (hal_broadcastradio_server ))))
 (typeattribute base_typeattr_553)
-(typeattributeset base_typeattr_553 (and (domain ) (not (hal_bluetooth_client hal_bluetooth_server ))))
+(typeattributeset base_typeattr_553 (and (domain ) (not (hal_bootctl_client hal_bootctl_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_552)
-(typeattributeset base_typeattr_552 (and (domain ) (not (hal_bluetooth_server ))))
+(typeattributeset base_typeattr_552 (and (domain ) (not (hal_bootctl_client hal_bootctl_server ))))
 (typeattribute base_typeattr_551)
-(typeattributeset base_typeattr_551 (and (domain ) (not (hal_authsecret_client hal_authsecret_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_551 (and (domain ) (not (hal_bootctl_server ))))
 (typeattribute base_typeattr_550)
-(typeattributeset base_typeattr_550 (and (domain ) (not (hal_authsecret_client hal_authsecret_server ))))
+(typeattributeset base_typeattr_550 (and (domain ) (not (hal_bluetooth_client hal_bluetooth_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_549)
-(typeattributeset base_typeattr_549 (and (domain ) (not (hal_authsecret_server ))))
+(typeattributeset base_typeattr_549 (and (domain ) (not (hal_bluetooth_client hal_bluetooth_server ))))
 (typeattribute base_typeattr_548)
-(typeattributeset base_typeattr_548 (and (domain ) (not (hal_authgraph_client hal_authgraph_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_548 (and (domain ) (not (hal_bluetooth_server ))))
 (typeattribute base_typeattr_547)
-(typeattributeset base_typeattr_547 (and (domain ) (not (hal_authgraph_server ))))
+(typeattributeset base_typeattr_547 (and (domain ) (not (hal_authsecret_client hal_authsecret_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_546)
-(typeattributeset base_typeattr_546 (and (domain ) (not (hal_audiocontrol_client hal_audiocontrol_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_546 (and (domain ) (not (hal_authsecret_client hal_authsecret_server ))))
 (typeattribute base_typeattr_545)
-(typeattributeset base_typeattr_545 (and (domain ) (not (hal_audiocontrol_client hal_audiocontrol_server ))))
+(typeattributeset base_typeattr_545 (and (domain ) (not (hal_authsecret_server ))))
 (typeattribute base_typeattr_544)
-(typeattributeset base_typeattr_544 (and (domain ) (not (hal_audiocontrol_server ))))
+(typeattributeset base_typeattr_544 (and (domain ) (not (hal_authgraph_client hal_authgraph_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_543)
-(typeattributeset base_typeattr_543 (and (halserverdomain ) (not (hal_audio_server hal_omx_server ))))
+(typeattributeset base_typeattr_543 (and (domain ) (not (hal_authgraph_server ))))
 (typeattribute base_typeattr_542)
-(typeattributeset base_typeattr_542 (and (domain ) (not (hal_audio_client hal_audio_server atrace shell system_app traceur_app ))))
+(typeattributeset base_typeattr_542 (and (domain ) (not (hal_audiocontrol_client hal_audiocontrol_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_541)
-(typeattributeset base_typeattr_541 (and (domain ) (not (hal_audio_client hal_audio_server ))))
+(typeattributeset base_typeattr_541 (and (domain ) (not (hal_audiocontrol_client hal_audiocontrol_server ))))
 (typeattribute base_typeattr_540)
-(typeattributeset base_typeattr_540 (and (domain ) (not (hal_audio_server ))))
+(typeattributeset base_typeattr_540 (and (domain ) (not (hal_audiocontrol_server ))))
 (typeattribute base_typeattr_539)
-(typeattributeset base_typeattr_539 (and (domain ) (not (hal_atrace_client hal_atrace_server ))))
+(typeattributeset base_typeattr_539 (and (halserverdomain ) (not (hal_audio_server hal_omx_server ))))
 (typeattribute base_typeattr_538)
-(typeattributeset base_typeattr_538 (and (domain ) (not (hal_atrace_server ))))
+(typeattributeset base_typeattr_538 (and (domain ) (not (hal_audio_client hal_audio_server atrace shell system_app traceur_app ))))
 (typeattribute base_typeattr_537)
-(typeattributeset base_typeattr_537 (and (domain ) (not (hal_allocator_client hal_allocator_server ))))
+(typeattributeset base_typeattr_537 (and (domain ) (not (hal_audio_client hal_audio_server ))))
 (typeattribute base_typeattr_536)
-(typeattributeset base_typeattr_536 (and (domain ) (not (hal_allocator_server ))))
+(typeattributeset base_typeattr_536 (and (domain ) (not (hal_audio_server ))))
 (typeattribute base_typeattr_535)
-(typeattributeset base_typeattr_535 (and (domain ) (not (init gsid ))))
+(typeattributeset base_typeattr_535 (and (domain ) (not (hal_atrace_client hal_atrace_server ))))
 (typeattribute base_typeattr_534)
-(typeattributeset base_typeattr_534 (and (gsi_metadata_file_type ) (not (gsi_public_metadata_file ))))
+(typeattributeset base_typeattr_534 (and (domain ) (not (hal_atrace_server ))))
 (typeattribute base_typeattr_533)
-(typeattributeset base_typeattr_533 (and (domain ) (not (fastbootd init gsid ))))
+(typeattributeset base_typeattr_533 (and (domain ) (not (hal_allocator_client hal_allocator_server ))))
 (typeattribute base_typeattr_532)
-(typeattributeset base_typeattr_532 (and (domain ) (not (update_engine_common fastbootd init recovery gsid ))))
+(typeattributeset base_typeattr_532 (and (domain ) (not (hal_allocator_server ))))
 (typeattribute base_typeattr_531)
-(typeattributeset base_typeattr_531 (and (domain ) (not (gsid ))))
+(typeattributeset base_typeattr_531 (and (domain ) (not (init gsid ))))
 (typeattribute base_typeattr_530)
-(typeattributeset base_typeattr_530 (and (domain ) (not (gpuservice init vendor_init ))))
+(typeattributeset base_typeattr_530 (and (gsi_metadata_file_type ) (not (gsi_public_metadata_file ))))
 (typeattribute base_typeattr_529)
-(typeattributeset base_typeattr_529 (and (domain ) (not (gpuservice ))))
+(typeattributeset base_typeattr_529 (and (domain ) (not (fastbootd init gsid ))))
 (typeattribute base_typeattr_528)
-(typeattributeset base_typeattr_528 (and (domain ) (not (dumpstate gmscore_app init vendor_init ))))
+(typeattributeset base_typeattr_528 (and (domain ) (not (update_engine_common fastbootd init recovery gsid ))))
 (typeattribute base_typeattr_527)
-(typeattributeset base_typeattr_527 (and (domain ) (not (crash_dump gmscore_app runas_app simpleperf ))))
+(typeattributeset base_typeattr_527 (and (domain ) (not (gsid ))))
 (typeattribute base_typeattr_526)
-(typeattributeset base_typeattr_526 (and (appdomain ) (not (gmscore_app runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_526 (and (domain ) (not (gpuservice init vendor_init ))))
 (typeattribute base_typeattr_525)
-(typeattributeset base_typeattr_525 (and (gmscore_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_525 (and (domain ) (not (gpuservice ))))
 (typeattribute base_typeattr_524)
-(typeattributeset base_typeattr_524 (and (domain ) (not (gmscore_app ))))
+(typeattributeset base_typeattr_524 (and (domain ) (not (dumpstate gmscore_app init vendor_init ))))
 (typeattribute base_typeattr_523)
-(typeattributeset base_typeattr_523 (and (domain ) (not (gatekeeperd ))))
+(typeattributeset base_typeattr_523 (and (domain ) (not (crash_dump gmscore_app runas_app simpleperf ))))
 (typeattribute base_typeattr_522)
-(typeattributeset base_typeattr_522 (and (fs_type file_type ) (not (fuseblkd_untrusted_exec ))))
+(typeattributeset base_typeattr_522 (and (appdomain ) (not (gmscore_app runas_app shell simpleperf ))))
 (typeattribute base_typeattr_521)
-(typeattributeset base_typeattr_521 (and (fs_type file_type ) (not (fuseblkd_exec ))))
+(typeattributeset base_typeattr_521 (and (gmscore_app ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_520)
-(typeattributeset base_typeattr_520 (and (domain ) (not (fuseblkd_untrusted ))))
+(typeattributeset base_typeattr_520 (and (domain ) (not (gmscore_app ))))
 (typeattribute base_typeattr_519)
-(typeattributeset base_typeattr_519 (and (fs_type file_type ) (not (fsck_exec ))))
+(typeattributeset base_typeattr_519 (and (domain ) (not (gatekeeperd ))))
 (typeattribute base_typeattr_518)
-(typeattributeset base_typeattr_518 (and (domain ) (not (init vold ))))
+(typeattributeset base_typeattr_518 (and (fs_type file_type ) (not (fuseblkd_untrusted_exec ))))
 (typeattribute base_typeattr_517)
-(typeattributeset base_typeattr_517 (and (domain ) (not (flags_health_check init ))))
+(typeattributeset base_typeattr_517 (and (fs_type file_type ) (not (fuseblkd_exec ))))
 (typeattribute base_typeattr_516)
-(typeattributeset base_typeattr_516 (and (domain ) (not (fingerprintd ))))
+(typeattributeset base_typeattr_516 (and (domain ) (not (fuseblkd_untrusted ))))
 (typeattribute base_typeattr_515)
-(typeattributeset base_typeattr_515 (and (domain ) (not (fastbootd ))))
+(typeattributeset base_typeattr_515 (and (fs_type file_type ) (not (fsck_exec ))))
 (typeattribute base_typeattr_514)
-(typeattributeset base_typeattr_514 (and (domain ) (not (evsmanagerd ))))
+(typeattributeset base_typeattr_514 (and (domain ) (not (init vold ))))
 (typeattribute base_typeattr_513)
-(typeattributeset base_typeattr_513 (and (domain ) (not (crash_dump ephemeral_app runas_app simpleperf ))))
+(typeattributeset base_typeattr_513 (and (domain ) (not (flags_health_check init ))))
 (typeattribute base_typeattr_512)
-(typeattributeset base_typeattr_512 (and (appdomain ) (not (ephemeral_app runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_512 (and (domain ) (not (fingerprintd ))))
 (typeattribute base_typeattr_511)
-(typeattributeset base_typeattr_511 (and (ephemeral_app ) (not (runas_app shell simpleperf ))))
+(typeattributeset base_typeattr_511 (and (domain ) (not (fastbootd ))))
 (typeattribute base_typeattr_510)
-(typeattributeset base_typeattr_510 (and (domain ) (not (ephemeral_app ))))
+(typeattributeset base_typeattr_510 (and (domain ) (not (evsmanagerd ))))
 (typeattribute base_typeattr_509)
-(typeattributeset base_typeattr_509 (and (domain ) (not (early_virtmgr ))))
+(typeattributeset base_typeattr_509 (and (domain ) (not (crash_dump ephemeral_app runas_app simpleperf ))))
 (typeattribute base_typeattr_508)
-(typeattributeset base_typeattr_508 (and (domain ) (not (crosvm early_virtmgr ))))
+(typeattributeset base_typeattr_508 (and (appdomain ) (not (ephemeral_app runas_app shell simpleperf ))))
 (typeattribute base_typeattr_507)
-(typeattributeset base_typeattr_507 (and (domain ) (not (crosvm early_virtmgr init ))))
+(typeattributeset base_typeattr_507 (and (ephemeral_app ) (not (runas_app shell simpleperf ))))
 (typeattribute base_typeattr_506)
-(typeattributeset base_typeattr_506 (and (domain ) (not (apexd dumpstate init system_server vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_506 (and (domain ) (not (ephemeral_app ))))
 (typeattribute base_typeattr_505)
-(typeattributeset base_typeattr_505 (and (domain ) (not (dumpstate shell system_server traceur_app ))))
+(typeattributeset base_typeattr_505 (and (domain ) (not (early_virtmgr ))))
 (typeattribute base_typeattr_504)
-(typeattributeset base_typeattr_504 (and (domain ) (not (dumpstate ))))
+(typeattributeset base_typeattr_504 (and (domain ) (not (crosvm early_virtmgr ))))
 (typeattribute base_typeattr_503)
-(typeattributeset base_typeattr_503 (and (service_manager_type ) (not (hal_service_type apex_service default_android_service dumpstate_service fwk_vold_service gatekeeper_service virtual_touchpad_service vold_service ))))
+(typeattributeset base_typeattr_503 (and (domain ) (not (crosvm early_virtmgr init ))))
 (typeattribute base_typeattr_502)
-(typeattributeset base_typeattr_502 (and (domain ) (not (drmserver ))))
+(typeattributeset base_typeattr_502 (and (domain ) (not (apexd dumpstate init system_server vold_prepare_subdirs ))))
 (typeattribute base_typeattr_501)
-(typeattributeset base_typeattr_501 (and (domain ) (not (unconstrained_vsock_violators early_virtmgr virtualizationmanager adbd_common compos_fd_server hal_keymint_system virtualizationservice vmlauncher_app ))))
+(typeattributeset base_typeattr_501 (and (domain ) (not (dumpstate shell system_server traceur_app ))))
 (typeattribute base_typeattr_500)
-(typeattributeset base_typeattr_500 (and (domain ) (not (init ueventd vendor_init ))))
+(typeattributeset base_typeattr_500 (and (domain ) (not (dumpstate ))))
 (typeattribute base_typeattr_499)
-(typeattributeset base_typeattr_499 (and (domain ) (not (init zygote dexopt_chroot_setup ))))
+(typeattributeset base_typeattr_499 (and (service_manager_type ) (not (hal_service_type apex_service default_android_service dumpstate_service fwk_vold_service gatekeeper_service virtual_touchpad_service vold_service ))))
 (typeattribute base_typeattr_498)
-(typeattributeset base_typeattr_498 (and (domain ) (not (init dexopt_chroot_setup ))))
+(typeattributeset base_typeattr_498 (and (domain ) (not (drmserver ))))
 (typeattribute base_typeattr_497)
-(typeattributeset base_typeattr_497 (and (domain ) (not (gmscore_app init vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_497 (and (domain ) (not (unconstrained_vsock_violators early_virtmgr virtualizationmanager adbd_common compos_fd_server hal_keymint_system virtualizationservice vmlauncher_app ))))
 (typeattribute base_typeattr_496)
-(typeattributeset base_typeattr_496 (and (domain ) (not (appdomain artd installd system_server traced_probes ))))
+(typeattributeset base_typeattr_496 (and (domain ) (not (init ueventd vendor_init ))))
 (typeattribute base_typeattr_495)
-(typeattributeset base_typeattr_495 (and (domain ) (not (appdomain adbd artd dumpstate init installd simpleperf_app_runner system_server ))))
+(typeattributeset base_typeattr_495 (and (domain ) (not (init zygote dexopt_chroot_setup ))))
 (typeattribute base_typeattr_494)
-(typeattributeset base_typeattr_494 (and (domain ) (not (adbd artd dumpstate init installd shell vold ))))
+(typeattributeset base_typeattr_494 (and (domain ) (not (init dexopt_chroot_setup ))))
 (typeattribute base_typeattr_493)
-(typeattributeset base_typeattr_493 (and (domain ) (not (appdomain adbd artd dumpstate installd ))))
+(typeattributeset base_typeattr_493 (and (domain ) (not (gmscore_app init vold_prepare_subdirs ))))
 (typeattribute base_typeattr_492)
-(typeattributeset base_typeattr_492 (and (domain ) (not (init kernel vendor_modprobe uprobestats ))))
+(typeattributeset base_typeattr_492 (and (domain ) (not (appdomain artd installd system_server traced_probes ))))
 (typeattribute base_typeattr_491)
-(typeattributeset base_typeattr_491 (and (domain ) (not (ueventd vendor_init ))))
+(typeattributeset base_typeattr_491 (and (domain ) (not (appdomain adbd artd dumpstate init installd simpleperf_app_runner system_server ))))
 (typeattribute base_typeattr_490)
-(typeattributeset base_typeattr_490 (and (debugfs_type ) (not (tracefs_type ))))
+(typeattributeset base_typeattr_490 (and (domain ) (not (adbd artd dumpstate init installd shell vold ))))
 (typeattribute base_typeattr_489)
-(typeattributeset base_typeattr_489 (and (domain ) (not (vendor_modprobe ))))
+(typeattributeset base_typeattr_489 (and (domain ) (not (appdomain adbd artd dumpstate installd ))))
 (typeattribute base_typeattr_488)
-(typeattributeset base_typeattr_488 (and (domain ) (not (init traced_perf traced_probes ))))
+(typeattributeset base_typeattr_488 (and (domain ) (not (init kernel vendor_modprobe uprobestats ))))
 (typeattribute base_typeattr_487)
-(typeattributeset base_typeattr_487 (and (domain ) (not (init dexopt_chroot_setup otapreopt_chroot ))))
+(typeattributeset base_typeattr_487 (and (domain ) (not (ueventd vendor_init ))))
 (typeattribute base_typeattr_486)
-(typeattributeset base_typeattr_486 (and (vendor_file_type ) (not (vendor_cgroup_desc_file vendor_task_profiles_file vendor_app_file vendor_configs_file same_process_hal_file vndk_sp_file vendor_framework_file vendor_overlay_file vendor_public_lib_file vendor_public_framework_file vendor_microdroid_file vendor_boot_ota_file vendor_keylayout_file vendor_keychars_file vendor_idc_file vendor_uuid_mapping_config_file vendor_apex_file vendor_apex_metadata_file vendor_service_contexts_file vendor_aconfig_storage_file ))))
+(typeattributeset base_typeattr_486 (and (debugfs_type ) (not (tracefs_type ))))
 (typeattribute base_typeattr_485)
-(typeattributeset base_typeattr_485 (and (coredomain ) (not (system_executes_vendor_violators crash_dump crosvm heapprofd init kernel shell traced_perf ueventd vold ))))
+(typeattributeset base_typeattr_485 (and (domain ) (not (vendor_modprobe ))))
 (typeattribute base_typeattr_484)
-(typeattributeset base_typeattr_484 (and (coredomain ) (not (heapprofd init logd mdnsd netd prng_seeder tombstoned traced traced_perf ))))
+(typeattributeset base_typeattr_484 (and (domain ) (not (init traced_perf traced_probes ))))
 (typeattribute base_typeattr_483)
-(typeattributeset base_typeattr_483 (and (domain ) (not (appdomain coredomain socket_between_core_and_vendor_violators ))))
+(typeattributeset base_typeattr_483 (and (domain ) (not (init dexopt_chroot_setup otapreopt_chroot ))))
 (typeattribute base_typeattr_482)
-(typeattributeset base_typeattr_482 (and (coredomain ) (not (appdomain bootanim crash_dump heapprofd init kernel traced_perf ueventd ))))
+(typeattributeset base_typeattr_482 (and (vendor_file_type ) (not (vendor_cgroup_desc_file vendor_task_profiles_file vendor_app_file vendor_configs_file same_process_hal_file vndk_sp_file vendor_framework_file vendor_overlay_file vendor_public_lib_file vendor_public_framework_file vendor_microdroid_file vendor_boot_ota_file vendor_keylayout_file vendor_keychars_file vendor_idc_file vendor_uuid_mapping_config_file vendor_apex_file vendor_apex_metadata_file vendor_service_contexts_file vendor_aconfig_storage_file ))))
 (typeattribute base_typeattr_481)
-(typeattributeset base_typeattr_481 (and (domain ) (not (init vendor_init art_boot ))))
+(typeattributeset base_typeattr_481 (and (coredomain ) (not (system_executes_vendor_violators crash_dump crosvm heapprofd init kernel shell traced_perf ueventd vold ))))
 (typeattribute base_typeattr_480)
-(typeattributeset base_typeattr_480 (and (domain ) (not (dumpstate init system_server ))))
+(typeattributeset base_typeattr_480 (and (coredomain ) (not (heapprofd init logd mdnsd netd prng_seeder tombstoned traced traced_perf ))))
 (typeattribute base_typeattr_479)
-(typeattributeset base_typeattr_479 (and (domain ) (not (fsck init installd zygote ))))
+(typeattributeset base_typeattr_479 (and (domain ) (not (appdomain coredomain socket_between_core_and_vendor_violators ))))
 (typeattribute base_typeattr_478)
-(typeattributeset base_typeattr_478 (and (domain ) (not (hal_bootctl_server fastbootd init kernel recovery tee ueventd uncrypt gsid ))))
+(typeattributeset base_typeattr_478 (and (coredomain ) (not (appdomain bootanim crash_dump heapprofd init kernel traced_perf ueventd ))))
 (typeattribute base_typeattr_477)
-(typeattributeset base_typeattr_477 (and (debugfs_type ) (not (debugfs_tracing_debug ))))
+(typeattributeset base_typeattr_477 (and (domain ) (not (init vendor_init art_boot ))))
 (typeattribute base_typeattr_476)
-(typeattributeset base_typeattr_476 (and (fs_type ) (not (fusefs_type sdcard_type ))))
+(typeattributeset base_typeattr_476 (and (domain ) (not (dumpstate init system_server ))))
 (typeattribute base_typeattr_475)
-(typeattributeset base_typeattr_475 (and (domain ) (not (apexd init kernel recovery update_engine vold zygote dexopt_chroot_setup otapreopt_chroot ))))
+(typeattributeset base_typeattr_475 (and (domain ) (not (fsck init installd zygote ))))
 (typeattribute base_typeattr_474)
-(typeattributeset base_typeattr_474 (not (apexd artd dnsmasq dumpstate heapprofd init installd lmkd netd recovery rss_hwm_reset sdcardd tee traced_perf traced_probes ueventd uncrypt vendor_init vold vold_prepare_subdirs zygote migrate_legacy_obb_data postinstall_dexopt ) ))
+(typeattributeset base_typeattr_474 (and (domain ) (not (hal_bootctl_server fastbootd init kernel recovery tee ueventd uncrypt gsid ))))
 (typeattribute base_typeattr_473)
-(typeattributeset base_typeattr_473 (not (apexd artd dnsmasq dumpstate init installd lmkd netd recovery rss_hwm_reset sdcardd tee ueventd uncrypt vendor_init vold vold_prepare_subdirs zygote migrate_legacy_obb_data postinstall_dexopt ) ))
+(typeattributeset base_typeattr_473 (and (debugfs_type ) (not (debugfs_tracing_debug ))))
 (typeattribute base_typeattr_472)
-(typeattributeset base_typeattr_472 (and (domain ) (not (apexd init vold_prepare_subdirs compos_fd_server composd odrefresh odsign ))))
+(typeattributeset base_typeattr_472 (and (fs_type ) (not (fusefs_type sdcard_type ))))
 (typeattribute base_typeattr_471)
-(typeattributeset base_typeattr_471 (and (domain ) (not (artd init installd zygote cppreopts dex2oat otapreopt_slot postinstall_dexopt ))))
+(typeattributeset base_typeattr_471 (and (domain ) (not (apexd init kernel recovery update_engine vold zygote dexopt_chroot_setup otapreopt_chroot ))))
 (typeattribute base_typeattr_470)
-(typeattributeset base_typeattr_470 (and (file_type ) (not (exec_type system_file_type vendor_file_type system_lib_file system_bootstrap_lib_file system_linker_exec postinstall_file ))))
+(typeattributeset base_typeattr_470 (not (apexd artd dnsmasq dumpstate heapprofd init installd lmkd netd recovery rss_hwm_reset sdcardd tee traced_perf traced_probes ueventd uncrypt vendor_init vold vold_prepare_subdirs zygote migrate_legacy_obb_data postinstall_dexopt ) ))
 (typeattribute base_typeattr_469)
-(typeattributeset base_typeattr_469 (and (domain ) (not (appdomain app_zygote shell webview_zygote zygote system_server_startup ))))
+(typeattributeset base_typeattr_469 (not (apexd artd dnsmasq dumpstate init installd lmkd netd recovery rss_hwm_reset sdcardd tee ueventd uncrypt vendor_init vold vold_prepare_subdirs zygote migrate_legacy_obb_data postinstall_dexopt ) ))
 (typeattribute base_typeattr_468)
-(typeattributeset base_typeattr_468 (and (fs_type ) (not (rootfs ))))
+(typeattributeset base_typeattr_468 (and (domain ) (not (apexd init vold_prepare_subdirs compos_fd_server composd odrefresh odsign ))))
 (typeattribute base_typeattr_467)
-(typeattributeset base_typeattr_467 (and (domain ) (not (appdomain bootanim recovery ))))
+(typeattributeset base_typeattr_467 (and (domain ) (not (artd init installd zygote cppreopts dex2oat otapreopt_slot postinstall_dexopt ))))
 (typeattribute base_typeattr_466)
-(typeattributeset base_typeattr_466 (and (domain ) (not (apexd init installd system_server update_provider ))))
+(typeattributeset base_typeattr_466 (and (file_type ) (not (exec_type system_file_type vendor_file_type system_lib_file system_bootstrap_lib_file system_linker_exec postinstall_file ))))
 (typeattribute base_typeattr_465)
-(typeattributeset base_typeattr_465 (and (domain ) (not (init installd system_server update_provider ))))
+(typeattributeset base_typeattr_465 (and (domain ) (not (appdomain app_zygote shell webview_zygote zygote system_server_startup ))))
 (typeattribute base_typeattr_464)
-(typeattributeset base_typeattr_464 (and (domain ) (not (adbd apexd crosvm init installd kernel priv_app shell system_app system_server virtualizationmanager update_provider ))))
+(typeattributeset base_typeattr_464 (and (fs_type ) (not (rootfs ))))
 (typeattribute base_typeattr_463)
-(typeattributeset base_typeattr_463 (and (domain ) (not (apexd init installd priv_app system_server virtualizationmanager update_provider ))))
+(typeattributeset base_typeattr_463 (and (domain ) (not (appdomain bootanim recovery ))))
 (typeattribute base_typeattr_462)
-(typeattributeset base_typeattr_462 (and (domain ) (not (artd installd ))))
+(typeattributeset base_typeattr_462 (and (domain ) (not (apexd init installd system_server update_provider ))))
 (typeattribute base_typeattr_461)
-(typeattributeset base_typeattr_461 (and (domain ) (not (appdomain app_zygote artd installd rs ))))
+(typeattributeset base_typeattr_461 (and (domain ) (not (init installd system_server update_provider ))))
 (typeattribute base_typeattr_460)
-(typeattributeset base_typeattr_460 (and (domain ) (not (appdomain artd installd rs vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_460 (and (domain ) (not (adbd apexd crosvm init installd kernel priv_app shell system_app system_server virtualizationmanager update_provider ))))
 (typeattribute base_typeattr_459)
-(typeattributeset base_typeattr_459 (and (domain ) (not (appdomain artd installd rs ))))
+(typeattributeset base_typeattr_459 (and (domain ) (not (apexd init installd priv_app system_server virtualizationmanager update_provider ))))
 (typeattribute base_typeattr_458)
-(typeattributeset base_typeattr_458 (and (domain ) (not (init installd vold vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_458 (and (domain ) (not (artd installd ))))
 (typeattribute base_typeattr_457)
-(typeattributeset base_typeattr_457 (and (domain ) (not (appdomain app_zygote artd installd rs system_server vold vold_prepare_subdirs zygote ))))
+(typeattributeset base_typeattr_457 (and (domain ) (not (appdomain app_zygote artd installd rs ))))
 (typeattribute base_typeattr_456)
-(typeattributeset base_typeattr_456 (and (domain ) (not (appdomain adbd app_zygote artd installd profman rs runas system_server zygote ))))
+(typeattributeset base_typeattr_456 (and (domain ) (not (appdomain artd installd rs ))))
 (typeattribute base_typeattr_455)
-(typeattributeset base_typeattr_455 (and (domain ) (not (artd installd vold_prepare_subdirs ))))
+(typeattributeset base_typeattr_455 (and (domain ) (not (appdomain adbd app_zygote artd installd profman rs runas system_server zygote ))))
 (typeattribute base_typeattr_454)
 (typeattributeset base_typeattr_454 (and (domain ) (not (gmscore_app priv_app ))))
 (typeattribute base_typeattr_453)
@@ -34804,7 +34143,7 @@
 (typeattribute base_typeattr_282)
 (typeattributeset base_typeattr_282 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (mediaprovider_app ))))
 (typeattribute base_typeattr_281)
-(typeattributeset base_typeattr_281 (and (fs_type file_type ) (not (sdcard_type fuse user_profile_data_file media_rw_data_file app_data_file privapp_data_file app_exec_data_file storage_area_content_file ))))
+(typeattributeset base_typeattr_281 (and (fs_type file_type ) (not (sdcard_type fuse user_profile_data_file media_rw_data_file app_data_file privapp_data_file app_exec_data_file ))))
 (typeattribute base_typeattr_280)
 (typeattributeset base_typeattr_280 (and (untrusted_app_all isolated_app_all ephemeral_app isolated_app isolated_compute_app mediaprovider untrusted_app untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 mediaprovider_app ) (not (untrusted_app_30 untrusted_app_29 untrusted_app_27 untrusted_app_25 ))))
 (typeattribute base_typeattr_279)
diff --git a/prebuilts/api/202504/private/mediaserver.te b/prebuilts/api/202504/private/mediaserver.te
index d72caf6..dbba2f1 100644
--- a/prebuilts/api/202504/private/mediaserver.te
+++ b/prebuilts/api/202504/private/mediaserver.te
@@ -135,7 +135,6 @@
 # /vendor apk access
 allow mediaserver vendor_app_file:file { read map getattr };
 
-use_drmservice(mediaserver)
 allow mediaserver drmserver:drmservice {
     consumeRights
     setPlaybackStatus
diff --git a/prebuilts/api/202504/private/property.te b/prebuilts/api/202504/private/property.te
index b39c7ed..27812a1 100644
--- a/prebuilts/api/202504/private/property.te
+++ b/prebuilts/api/202504/private/property.te
@@ -113,13 +113,13 @@
 
 # Properties which should only be written by vendor_init
 system_vendor_config_prop(avf_virtualizationservice_prop)
+until_board_api(202504, `
+    system_vendor_config_prop(drm_config_prop)
+')
 system_vendor_config_prop(high_barometer_quality_prop)
 system_vendor_config_prop(mmd_prop)
 system_vendor_config_prop(mmd_shared_prop)
 system_vendor_config_prop(prefetch_boot_prop)
-until_board_api(202504, `
-    system_vendor_config_prop(drm_config_prop)
-')
 
 typeattribute log_prop log_property_type;
 typeattribute log_tag_prop log_property_type;
diff --git a/prebuilts/api/202504/private/property_contexts b/prebuilts/api/202504/private/property_contexts
index 2694d22..ff877c9 100644
--- a/prebuilts/api/202504/private/property_contexts
+++ b/prebuilts/api/202504/private/property_contexts
@@ -781,8 +781,6 @@
 
 pm.16kb.app_compat.disabled                             u:object_r:pm_16kb_app_compat_prop:s0 exact bool
 
-ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int
-
 ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
 ro.bluetooth.leaudio_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
 
diff --git a/prebuilts/api/202504/public/te_macros b/prebuilts/api/202504/public/te_macros
index 2ba15b3..bd7da4c 100644
--- a/prebuilts/api/202504/public/te_macros
+++ b/prebuilts/api/202504/public/te_macros
@@ -420,10 +420,6 @@
 allow $1 servicemanager:binder { call transfer };
 # Allow servicemanager to send out callbacks
 allow servicemanager $1:binder { call transfer };
-# servicemanager performs getpidcon on clients.
-allow servicemanager $1:dir search;
-allow servicemanager $1:file { read open };
-allow servicemanager $1:process getattr;
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 # all domains in domain.te.
 ')
@@ -436,10 +432,6 @@
 allow $1 hwservicemanager:binder { call transfer };
 # Allow hwservicemanager to send out callbacks
 allow hwservicemanager $1:binder { call transfer };
-# hwservicemanager performs getpidcon on clients.
-allow hwservicemanager $1:dir search;
-allow hwservicemanager $1:file { read open map };
-allow hwservicemanager $1:process getattr;
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 # all domains in domain.te.
 ')
@@ -452,10 +444,6 @@
 allow $1 vndbinder_device:chr_file rw_file_perms;
 # Call the vndservicemanager and transfer references to it.
 allow $1 vndservicemanager:binder { call transfer };
-# vndservicemanager performs getpidcon on clients.
-allow vndservicemanager $1:dir search;
-allow vndservicemanager $1:file { read open map };
-allow vndservicemanager $1:process getattr;
 ')
 
 #####################################
@@ -693,12 +681,7 @@
 #####################################
 # use_keystore(domain)
 # Ability to use keystore.
-# Keystore is requires the following permissions
-# to call getpidcon.
 define(`use_keystore', `
-  allow keystore $1:dir search;
-  allow keystore $1:file { read open };
-  allow keystore $1:process getattr;
   allow $1 apc_service:service_manager find;
   allow $1 keystore_service:service_manager find;
   allow $1 legacykeystore_service:service_manager find;
@@ -710,25 +693,12 @@
 # use_credstore(domain)
 # Ability to use credstore.
 define(`use_credstore', `
-  allow credstore $1:dir search;
-  allow credstore $1:file { read open };
-  allow credstore $1:process getattr;
   allow $1 credstore_service:service_manager find;
   binder_call($1, credstore)
   binder_call(credstore, $1)
 ')
 
 ###########################################
-# use_drmservice(domain)
-# Ability to use DrmService which requires
-# DrmService to call getpidcon.
-define(`use_drmservice', `
-  allow drmserver $1:dir search;
-  allow drmserver $1:file { read open };
-  allow drmserver $1:process getattr;
-')
-
-###########################################
 # add_service(domain, service)
 # Ability for domain to add a service to service_manager
 # and find it. It also creates a neverallow preventing
diff --git a/private/compat/202504/202504.cil b/private/compat/202504/202504.cil
index 0d6a010..fe23d8d 100644
--- a/private/compat/202504/202504.cil
+++ b/private/compat/202504/202504.cil
@@ -1,3 +1,6 @@
+;; types removed from current policy
+(type apk_verity_prop)
+
 ;; mapping information from ToT policy's types to 202504 policy's types.
 (expandtypeattribute (DockObserver_service_202504) true)
 (expandtypeattribute (IProxyService_service_202504) true)
diff --git a/private/hal_drm.te b/private/hal_drm.te
index f24c326..e40252f 100644
--- a/private/hal_drm.te
+++ b/private/hal_drm.te
@@ -48,6 +48,9 @@
 
 allow hal_drm_server { appdomain -isolated_app }:fd use;
 
+# Reduce the audit log spam caused by the Rikers anti-root check (b/401297280)
+dontaudit hal_drm system_userdir_file:dir search;
+
 # only allow unprivileged socket ioctl commands
 allowxperm hal_drm self:{ rawip_socket tcp_socket udp_socket }
   ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
diff --git a/private/installd.te b/private/installd.te
index 50c378a..0149ebc 100644
--- a/private/installd.te
+++ b/private/installd.te
@@ -31,9 +31,6 @@
 get_prop(installd, device_config_runtime_native_prop)
 get_prop(installd, device_config_runtime_native_boot_prop)
 
-# Allow installd to access apk verity feature flag (for legacy case).
-get_prop(installd, apk_verity_prop)
-
 # Allow installd to access odsign verification status
 get_prop(installd, odsign_prop)
 
diff --git a/private/mediaserver.te b/private/mediaserver.te
index d72caf6..dbba2f1 100644
--- a/private/mediaserver.te
+++ b/private/mediaserver.te
@@ -135,7 +135,6 @@
 # /vendor apk access
 allow mediaserver vendor_app_file:file { read map getattr };
 
-use_drmservice(mediaserver)
 allow mediaserver drmserver:drmservice {
     consumeRights
     setPlaybackStatus
diff --git a/private/property.te b/private/property.te
index 9ff56e9..f3f97fe 100644
--- a/private/property.te
+++ b/private/property.te
@@ -115,13 +115,13 @@
 
 # Properties which should only be written by vendor_init
 system_vendor_config_prop(avf_virtualizationservice_prop)
+until_board_api(202504, `
+    system_vendor_config_prop(drm_config_prop)
+')
 system_vendor_config_prop(high_barometer_quality_prop)
 system_vendor_config_prop(mmd_prop)
 system_vendor_config_prop(mmd_shared_prop)
 system_vendor_config_prop(prefetch_boot_prop)
-until_board_api(202504, `
-    system_vendor_config_prop(drm_config_prop)
-')
 
 typeattribute log_prop log_property_type;
 typeattribute log_tag_prop log_property_type;
diff --git a/private/property_contexts b/private/property_contexts
index 61dcac0..0dcfbdb 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -784,8 +784,6 @@
 
 pm.16kb.app_compat.disabled                             u:object_r:pm_16kb_app_compat_prop:s0 exact bool
 
-ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int
-
 ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
 ro.bluetooth.leaudio_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
 
diff --git a/private/system_server.te b/private/system_server.te
index 7bdcaef..78d90d2 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -878,9 +878,6 @@
 # Read the property that mocks an OTA
 get_prop(system_server, mock_ota_prop)
 
-# Read the property as feature flag for protecting apks with fs-verity.
-get_prop(system_server, apk_verity_prop)
-
 # Read wifi.interface
 get_prop(system_server, wifi_prop)
 
diff --git a/private/vendor_init.te b/private/vendor_init.te
index 939bcc0..256b86f 100644
--- a/private/vendor_init.te
+++ b/private/vendor_init.te
@@ -269,7 +269,6 @@
 # Allow vendor_init to (re)set nice
 allow vendor_init self:capability sys_nice;
 
-set_prop(vendor_init, apk_verity_prop)
 set_prop(vendor_init, bluetooth_a2dp_offload_prop)
 set_prop(vendor_init, bluetooth_audio_hal_prop)
 set_prop(vendor_init, bluetooth_config_prop)
diff --git a/public/property.te b/public/property.te
index c6c56a9..0f91732 100644
--- a/public/property.te
+++ b/public/property.te
@@ -136,7 +136,7 @@
 system_vendor_config_prop(apexd_config_prop)
 system_vendor_config_prop(apexd_select_prop)
 system_vendor_config_prop(aaudio_config_prop)
-system_vendor_config_prop(apk_verity_prop)
+until_board_api(202604, `system_vendor_config_prop(apk_verity_prop)')
 system_vendor_config_prop(audio_config_prop)
 system_vendor_config_prop(bootanim_config_prop)
 system_vendor_config_prop(bluetooth_config_prop)
diff --git a/public/te_macros b/public/te_macros
index 2ba15b3..bd7da4c 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -420,10 +420,6 @@
 allow $1 servicemanager:binder { call transfer };
 # Allow servicemanager to send out callbacks
 allow servicemanager $1:binder { call transfer };
-# servicemanager performs getpidcon on clients.
-allow servicemanager $1:dir search;
-allow servicemanager $1:file { read open };
-allow servicemanager $1:process getattr;
 # rw access to /dev/binder and /dev/ashmem is presently granted to
 # all domains in domain.te.
 ')
@@ -436,10 +432,6 @@
 allow $1 hwservicemanager:binder { call transfer };
 # Allow hwservicemanager to send out callbacks
 allow hwservicemanager $1:binder { call transfer };
-# hwservicemanager performs getpidcon on clients.
-allow hwservicemanager $1:dir search;
-allow hwservicemanager $1:file { read open map };
-allow hwservicemanager $1:process getattr;
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 # all domains in domain.te.
 ')
@@ -452,10 +444,6 @@
 allow $1 vndbinder_device:chr_file rw_file_perms;
 # Call the vndservicemanager and transfer references to it.
 allow $1 vndservicemanager:binder { call transfer };
-# vndservicemanager performs getpidcon on clients.
-allow vndservicemanager $1:dir search;
-allow vndservicemanager $1:file { read open map };
-allow vndservicemanager $1:process getattr;
 ')
 
 #####################################
@@ -693,12 +681,7 @@
 #####################################
 # use_keystore(domain)
 # Ability to use keystore.
-# Keystore is requires the following permissions
-# to call getpidcon.
 define(`use_keystore', `
-  allow keystore $1:dir search;
-  allow keystore $1:file { read open };
-  allow keystore $1:process getattr;
   allow $1 apc_service:service_manager find;
   allow $1 keystore_service:service_manager find;
   allow $1 legacykeystore_service:service_manager find;
@@ -710,25 +693,12 @@
 # use_credstore(domain)
 # Ability to use credstore.
 define(`use_credstore', `
-  allow credstore $1:dir search;
-  allow credstore $1:file { read open };
-  allow credstore $1:process getattr;
   allow $1 credstore_service:service_manager find;
   binder_call($1, credstore)
   binder_call(credstore, $1)
 ')
 
 ###########################################
-# use_drmservice(domain)
-# Ability to use DrmService which requires
-# DrmService to call getpidcon.
-define(`use_drmservice', `
-  allow drmserver $1:dir search;
-  allow drmserver $1:file { read open };
-  allow drmserver $1:process getattr;
-')
-
-###########################################
 # add_service(domain, service)
 # Ability for domain to add a service to service_manager
 # and find it. It also creates a neverallow preventing
diff --git a/tests/apex_sepolicy_tests.py b/tests/apex_sepolicy_tests.py
index d8c5c2b..b1d02a6 100644
--- a/tests/apex_sepolicy_tests.py
+++ b/tests/apex_sepolicy_tests.py
@@ -119,6 +119,8 @@
             return path.startswith('./bin/') and not path.endswith('/')
         case MatchPred(pred):
             return pred(path)
+        case _:
+            sys.exit(f'unknown matcher: {matcher}')
 
 
 def check_rule(pol, path: str, tcontext: str, rule: Rule) -> List[str]:
@@ -186,15 +188,15 @@
 
 def system_vendor_rule(partition):
     exceptions = [
-        "./etc/linkerconfig.pb"
+        "./etc/linker.config.pb"
     ]
     def pred(path):
         return path not in exceptions
 
-    return pred, HasAttr(base_attr_for(partition))
+    return MatchPred(pred), HasAttr(base_attr_for(partition))
 
 
-def check_line(pol: policy.Policy, line: str, rules) -> List[str]:
+def check_line(pol: policy.Policy, line: str, rules, ignore_unknown_context=False) -> List[str]:
     """Parses a file_contexts line and runs checks"""
     # skip empty/comment line
     line = line.strip()
@@ -210,6 +212,9 @@
         return [f"Error: invalid file_contexts: {line}"]
     tcontext = context.split(':')[2]
 
+    if ignore_unknown_context and tcontext not in pol.GetAllTypes(False):
+        return []
+
     # check rules
     errors = []
     for matcher, rule in rules:
@@ -240,18 +245,19 @@
     policy_path = extract_data('precompiled_sepolicy', work_dir)
     pol = policy.Policy(policy_path, None, lib_path)
 
+    # ignore unknown contexts unless --all is specified
+    ignore_unknown_context = True
     if args.all:
-        rules = all_rules
-    else:
-        rules = generic_rules
+        ignore_unknown_context = False
 
+    rules = all_rules
     if args.partition:
         rules.append(system_vendor_rule(args.partition))
 
     errors = []
     with open(args.file_contexts, 'rt', encoding='utf-8') as file_contexts:
         for line in file_contexts:
-            errors.extend(check_line(pol, line, rules))
+            errors.extend(check_line(pol, line, rules, ignore_unknown_context))
     if len(errors) > 0:
         sys.exit('\n'.join(errors))
 
diff --git a/tests/apex_sepolicy_tests_test.py b/tests/apex_sepolicy_tests_test.py
index 2a92aee..4fcb36e 100644
--- a/tests/apex_sepolicy_tests_test.py
+++ b/tests/apex_sepolicy_tests_test.py
@@ -108,5 +108,16 @@
         self.assert_error('./bin/hw/svc u:object_r:vendor_file:s0',
                           r'Error: .*svc: can\'t be labelled as \'vendor_file\'')
 
+    def test_system_vendor(self):
+        line = './bin/foo u:object_r:vendor_file:s0'
+        rules = [apex.system_vendor_rule('system')]
+        errors = apex.check_line(self.pol, line, rules)
+        self.assertRegex(errors[0], r'Error: .* must be associated')
+
+        line = './bin/foo u:object_r:system_file:s0'
+        rules = [apex.system_vendor_rule('vendor')]
+        errors = apex.check_line(self.pol, line, rules)
+        self.assertRegex(errors[0], r'Error: .* must be associated')
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)