Snap for 11400057 from de4dc819b44f5842c6342471dc8b3561ccd5e0ea to simpleperf-releasesimpleperf-release

Change-Id: Ie28202e33e6597bb300121cd3943ebb94cb794de
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2024-02-02 23:45:18 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2024-02-02 23:45:18 +0000
commit: c3fe6bf395f311a807d56152398c08ed1767dfe4 (patch)
tree: cde4cf4631e79f6acea340166e3142a4b0f2cc2e
parent: 9a925ad54bc1d587eb6aa2016a17b456706a5c50 (diff)
parent: de4dc819b44f5842c6342471dc8b3561ccd5e0ea (diff)
download: gs101-sepolicy-simpleperf-release.tar.gz
21 files changed, 71 insertions, 38 deletions
diff --git a/neuralnetworks/file_contexts b/neuralnetworks/file_contexts
deleted file mode 100644
index fc151ab..0000000
--- a/neuralnetworks/file_contexts
+++ /dev/null
@@ -1 +0,0 @@
-/vendor/bin/hw/android\.hardware\.neuralnetworks@1\.3-service-armnn   u:object_r:hal_neuralnetworks_armnn_exec:s0
diff --git a/neuralnetworks/hal_neuralnetworks_armnn.te b/neuralnetworks/hal_neuralnetworks_armnn.te
deleted file mode 100644
index c987285..0000000
--- a/neuralnetworks/hal_neuralnetworks_armnn.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type hal_neuralnetworks_armnn, domain;
-hal_server_domain(hal_neuralnetworks_armnn, hal_neuralnetworks)
-
-type hal_neuralnetworks_armnn_exec, vendor_file_type, exec_type, file_type;
-
-allow hal_neuralnetworks_armnn gpu_device:chr_file rw_file_perms;
-
-init_daemon_domain(hal_neuralnetworks_armnn)
-
diff --git a/oriole-sepolicy.mk b/oriole-sepolicy.mk
new file mode 100644
index 0000000..a4f28b2
--- /dev/null
+++ b/oriole-sepolicy.mk
@@ -0,0 +1,2 @@
+# Oriole only sepolicy
+BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/oriole
diff --git a/oriole/grilservice_app.te b/oriole/grilservice_app.te
new file mode 100644
index 0000000..c5b6146
--- /dev/null
+++ b/oriole/grilservice_app.te
@@ -0,0 +1,2 @@
+allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;
+
diff --git a/raven-sepolicy.mk b/raven-sepolicy.mk
new file mode 100644
index 0000000..91d85cd
--- /dev/null
+++ b/raven-sepolicy.mk
@@ -0,0 +1,2 @@
+# Ravne only sepolicy
+BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/raven
diff --git a/raven/cccdk_timesync_app.te b/raven/cccdk_timesync_app.te
new file mode 100644
index 0000000..1a4264d
--- /dev/null
+++ b/raven/cccdk_timesync_app.te
@@ -0,0 +1 @@
+allow vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager find;
diff --git a/raven/grilservice_app.te b/raven/grilservice_app.te
new file mode 100644
index 0000000..c5b6146
--- /dev/null
+++ b/raven/grilservice_app.te
@@ -0,0 +1,2 @@
+allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;
+
diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts
index 790ba63..b8f0952 100644
--- a/system_ext/private/property_contexts
+++ b/system_ext/private/property_contexts
@@ -9,3 +9,6 @@ persist.bootanim.color4     u:object_r:bootanim_system_prop:s0     exact    int
 
 # Properties for euicc
 persist.modem.esim_profiles_exist            u:object_r:esim_modem_prop:s0    exact    string
+
+# Telephony
+telephony.ril.silent_reset    u:object_r:telephony_ril_prop:s0    exact    bool
+\ No newline at end of file
diff --git a/system_ext/public/property.te b/system_ext/public/property.te
index bb07d92..1abcc84 100644
--- a/system_ext/public/property.te
+++ b/system_ext/public/property.te
@@ -3,3 +3,10 @@ system_vendor_config_prop(fingerprint_ghbm_prop)
 
 # eSIM properties
 system_vendor_config_prop(esim_modem_prop)
+
+# Telephony
+system_public_prop(telephony_ril_prop)
+
+userdebug_or_eng(`
+  set_prop(shell, telephony_ril_prop)
+')
+\ No newline at end of file
diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index 4df791a..b50d3d0 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -1,27 +1,11 @@
-dump_lsi radio_vendor_data_file file b/269218638
-dump_lsi vendor_slog_file file b/269218638
-dump_modem radio_vendor_data_file file b/269370106
-dump_pixel_metrics sysfs file b/268411073
-dump_ramdump radio_vendor_data_file file b/276385941
-dump_ramdump vendor_camera_data_file file b/276385941
-dump_sensors radio_vendor_data_file file b/277528855
-dump_sensors vendor_camera_data_file file b/277528855
-dump_stm sysfs_spi dir b/268147283
-dump_trusty radio_vendor_data_file file b/269045042
-dumpstate app_zygote process b/238263438
-dumpstate hal_input_processor_default process b/238143262
-dumpstate system_data_file dir b/264483156
-dumpstate system_data_file dir b/264483673
+dump_stm sysfs_spi dir b/277989397
 hal_camera_default boot_status_prop file b/275002227
 hal_camera_default edgetpu_app_service service_manager b/275002227
 hal_drm_default default_prop file b/232714489
-hal_dumpstate_default dump_lsi process b/269045042
-hal_dumpstate_default dump_thermal process b/270247432
 hal_power_default hal_power_default capability b/240632824
 incidentd debugfs_wakeup_sources file b/238263568
 incidentd incidentd anon_inode b/268146971
 rfsd vendor_rild_prop property_service b/269218654
 su modem_img_file filesystem b/238825802
-system_app proc_pagetypeinfo file b/287169829
 system_server system_userdir_file dir b/281814691
-platform_app hal_uwb_vendor_service find b/290766628
+system_suspend sysfs_aoc dir b/291237382
diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te
index f7b2ebd..6025bd5 100644
--- a/tracking_denials/dumpstate.te
+++ b/tracking_denials/dumpstate.te
@@ -1,6 +1,4 @@
 # b/277155042
 dontaudit dumpstate app_zygote:process { signal };
-# b/185723618
-dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find };
-# b/277155042
 dontaudit dumpstate default_android_service:service_manager { find };
+dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find };
diff --git a/tracking_denials/hal_dumpstate_default.te b/tracking_denials/hal_dumpstate_default.te
new file mode 100644
index 0000000..dbcd88e
--- /dev/null
+++ b/tracking_denials/hal_dumpstate_default.te
@@ -0,0 +1,2 @@
+# b/277989067
+dontaudit hal_dumpstate_default vendor_shell_exec:file { execute_no_trans };
diff --git a/whitechapel/vendor/google/certs/com_google_android_apps_camera_services.x509.pem b/whitechapel/vendor/google/certs/com_google_android_apps_camera_services.x509.pem
new file mode 100644
index 0000000..7b8c5b2
--- /dev/null
+++ b/whitechapel/vendor/google/certs/com_google_android_apps_camera_services.x509.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIGCzCCA/OgAwIBAgIVAIHtywgrR7O/EgQ+PeYSfHDaUDt8MA0GCSqGSIb3DQEBCwUAMIGUMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU
+MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxMDAuBgNVBAMMJ2NvbV9nb29n
+bGVfYW5kcm9pZF9hcHBzX2NhbWVyYV9zZXJ2aWNlczAgFw0yMTA2MzAyMzI2MThaGA8yMDUxMDYz
+MDIzMjYxOFowgZQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
+b3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEwMC4G
+A1UEAwwnY29tX2dvb2dsZV9hbmRyb2lkX2FwcHNfY2FtZXJhX3NlcnZpY2VzMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAof2MqYxoQkV05oUZULYlNLDIJKryWjC8ha300YUktBNNVBSP
+1y33+ZTBldm7drcBGo54S1JE1lCIP1dMxby0rNTJ8/Zv2bMVMjXX0haF5vULt64itDcR0SqUDfFR
+UsHapPVmRmMpDOMOUYUbN7gjU7iYAc9oWBo6BFfckdpwwKfzYY/sgieen1E/MN7Zpzmefct3WDU5
+4Dc8mpoNsen3oqquieYAgv9FOw5gCIgsDaOfYFBgvAE08Pqo3J/zU6dAuqUJztNH8EhgTNbcaNVL
+jCmofa+iIAjSpmP69jcgaUyfmH0EE3/m55qouVRJzqARvmEO/M7LEr3n1ZKKhDZdO6TJysMzP9g8
+pONPO8/3hTQ+GP+7fOQooNQJEGNgJuZOHSyNL/8nGCgHBZKgZdZPKk8HV2M578UDf8yNyV5AYpx0
+VK1JdoBtNMzp0cv7Q6TTugIuDEzT3jmgGGp6WmXE6B9dJOq+cnVC7cSYva8wctFS3RpoqT79vkW3
+A7g2b26bM5GMQ8KcGC4qm4pJkrX5kKZWZGWXjm0F8gRJQ5D0S/AcUw3B+sG/AmfQzLm8SCK36HhO
+sFnPsQJ/VdL7kg9HHWrQYVexNaQnD/QLOCenk09COUzSwexws+kQhUH45OSbQFjOJwPbS4YAn9qV
+eV+DPlvemZEFYF5+MVlDwOGQ3JsCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtjMO
+nlaC4nsk4PwT+fcIYpg52JQwHwYDVR0jBBgwFoAUtjMOnlaC4nsk4PwT+fcIYpg52JQwDQYJKoZI
+hvcNAQELBQADggIBABhYDqPD2yWiXNCVtHk6h7Kb2H2U3rc8G7Or1/mwrXSCEgqHnCkpiWeb1h/5
+YNS9fRrexQD+O0hukCpjvIFccQvk8EkZdWpn4kDlrUqfakWpASzlwEqRviS31Hiybn/+QUpYuDTm
+FYorrHzDzPiNttzxVK0ENt4T4ETDWVqiGB7tbTlLPr6tz/oxDjRH8y4iS/For7SkfdI512txJgDr
+njvRVY9WJykySs+AAqwS1PIMXGoI03UmLJUsFNUjHehaqguPS1uiewlKiQq07blWbnQXdcyH7QTI
+hOUPY2rRBh8ciXu4L0Uk4To7+DP/8nHSGC7qXPvP6W3gqW1hj0d6GviMEfJ9fBSUEzaCRF3aL/5e
+JOGQQKxh7Jsl/zZs4+MYg0Q2cyg/BQVNNOhESG4et4OV5go9W+1oAy20FV0NgtdPoeb9ABNoi4T3
+IrKLgxOsbACpoDt3zPhncqiJhX3feFtyVV4oRiylydiiYO927qNdfMGmcnGFSG4814kUxSdpkoCA
+V7WCQD42zfBYj4pkdZwiJW4yZSaPWN/Eodi3PBsV+10Y1O1WOvebJuTGmcvWWMCPGtFQJDijUy4H
+r8rDe3ZmRGQ+vEGPJZC8nx9+qxLQ314ZCzdS0R1HwRRuOji3fCSCnaPQuCFe3YlzhB2j6fRGNf7F
+DB17LhMLl0GxX9j1
+-----END CERTIFICATE-----
diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te
index 17dede9..113cd5c 100644
--- a/whitechapel/vendor/google/device.te
+++ b/whitechapel/vendor/google/device.te
@@ -35,9 +35,6 @@ type vscaler_heap_device, dmabuf_heap_device_type, dev_type;
 # Fingerprint device
 type fingerprint_device, dev_type;
 
-# Raw HID device
-type hidraw_device, dev_type;
-
 # SecureElement SPI device
 type st54spi_device, dev_type;
 type st33spi_device, dev_type;
diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index d8cce99..8eec86a 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -55,6 +55,9 @@ type sysfs_fingerprint, sysfs_type, fs_type;
 # CHRE
 type chre_socket, file_type;
 
+# BT
+type vendor_bt_data_file, file_type, data_file_type;
+
 # IOMMU
 type sysfs_iommu, sysfs_type, fs_type;
 
diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index a8be48f..ea95a34 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -152,6 +152,7 @@
 
 # data files
 /data/vendor/mediadrm(/.*)?  u:object_r:mediadrm_vendor_data_file:s0
+/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0
 
 # Camera
 /vendor/bin/hw/android\.hardware\.camera\.provider@2\.7-service-google  u:object_r:hal_camera_default_exec:s0
@@ -372,7 +373,3 @@
 /vendor/lib64/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0
 /vendor/lib64/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0
 /vendor/lib64/libprotobuf-cpp-lite-(\d+\.){2,3}so u:object_r:same_process_hal_file:s0
-
-# Raw HID device
-/dev/hidraw[0-9]*                        u:object_r:hidraw_device:s0
-
diff --git a/whitechapel/vendor/google/hal_bluetooth_btlinux.te b/whitechapel/vendor/google/hal_bluetooth_btlinux.te
new file mode 100644
index 0000000..851dc89
--- /dev/null
+++ b/whitechapel/vendor/google/hal_bluetooth_btlinux.te
@@ -0,0 +1,3 @@
+allow hal_bluetooth_btlinux vendor_bt_data_file:dir rw_dir_perms;
+allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms;
+
diff --git a/whitechapel/vendor/google/keys.conf b/whitechapel/vendor/google/keys.conf
index fb6e52b..0693d7c 100644
--- a/whitechapel/vendor/google/keys.conf
+++ b/whitechapel/vendor/google/keys.conf
@@ -6,3 +6,6 @@ ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/com_qorvo_uwb
 
 [@EUICCSUPPORTPIXEL]
 ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/EuiccSupportPixel.x509.pem
+
+[@CAMERASERVICES]
+ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/com_google_android_apps_camera_services.x509.pem
diff --git a/whitechapel/vendor/google/mac_permissions.xml b/whitechapel/vendor/google/mac_permissions.xml
index 6cb7113..b51e565 100644
--- a/whitechapel/vendor/google/mac_permissions.xml
+++ b/whitechapel/vendor/google/mac_permissions.xml
@@ -30,4 +30,7 @@
     <signer signature="@EUICCSUPPORTPIXEL" >
         <seinfo value="EuiccSupportPixel" />
     </signer>
+    <signer signature="@CAMERASERVICES" >
+      <seinfo value="CameraServices" />
+    </signer>
 </policy>
diff --git a/whitechapel/vendor/google/radio.te b/whitechapel/vendor/google/radio.te
index baa356b..a604c72 100644
--- a/whitechapel/vendor/google/radio.te
+++ b/whitechapel/vendor/google/radio.te
@@ -1,3 +1,5 @@
+set_prop(radio, telephony_ril_prop)
+
 allow radio hal_exynos_rild_hwservice:hwservice_manager find;
 allow radio proc_vendor_sched:dir r_dir_perms;
 allow radio proc_vendor_sched:file w_file_perms;
diff --git a/whitechapel/vendor/google/rild.te b/whitechapel/vendor/google/rild.te
index 5108b45..e578ec4 100644
--- a/whitechapel/vendor/google/rild.te
+++ b/whitechapel/vendor/google/rild.te
@@ -7,6 +7,8 @@ set_prop(rild, vendor_sys_default_prop)
 get_prop(rild, sota_prop)
 get_prop(rild, system_boot_reason_prop)
 
+set_prop(rild, telephony_ril_prop)
+
 allow rild proc_net:file rw_file_perms;
 allow rild radio_vendor_data_file:dir create_dir_perms;
 allow rild radio_vendor_data_file:file create_file_perms;
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2024-02-02 23:45:18 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2024-02-02 23:45:18 +0000
commit	c3fe6bf395f311a807d56152398c08ed1767dfe4 (patch)
tree	cde4cf4631e79f6acea340166e3142a4b0f2cc2e
parent	9a925ad54bc1d587eb6aa2016a17b456706a5c50 (diff)
parent	de4dc819b44f5842c6342471dc8b3561ccd5e0ea (diff)
download	gs101-sepolicy-simpleperf-release.tar.gz