[automerger skipped] Removes duplicate hidraw_device type definition. am: 60940a7ad7 am: c245d0e88d -s ours
am skip reason: Merged-In I3e1fc7cb102fa9e9a80b8751eb0da505e3b3d69f with SHA-1 60940a7ad7 is already in history
Original change: https://android-review.googlesource.com/c/device/google/gs101-sepolicy/+/2855365
Change-Id: Ic8e813b3a6450aa3b3bd075a967e760a398ec1c0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/neuralnetworks/file_contexts b/neuralnetworks/file_contexts
deleted file mode 100644
index fc151ab..0000000
--- a/neuralnetworks/file_contexts
+++ /dev/null
@@ -1 +0,0 @@
-/vendor/bin/hw/android\.hardware\.neuralnetworks@1\.3-service-armnn u:object_r:hal_neuralnetworks_armnn_exec:s0
diff --git a/neuralnetworks/hal_neuralnetworks_armnn.te b/neuralnetworks/hal_neuralnetworks_armnn.te
deleted file mode 100644
index c987285..0000000
--- a/neuralnetworks/hal_neuralnetworks_armnn.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type hal_neuralnetworks_armnn, domain;
-hal_server_domain(hal_neuralnetworks_armnn, hal_neuralnetworks)
-
-type hal_neuralnetworks_armnn_exec, vendor_file_type, exec_type, file_type;
-
-allow hal_neuralnetworks_armnn gpu_device:chr_file rw_file_perms;
-
-init_daemon_domain(hal_neuralnetworks_armnn)
-
diff --git a/oriole-sepolicy.mk b/oriole-sepolicy.mk
new file mode 100644
index 0000000..a4f28b2
--- /dev/null
+++ b/oriole-sepolicy.mk
@@ -0,0 +1,2 @@
+# Oriole only sepolicy
+BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/oriole
diff --git a/oriole/grilservice_app.te b/oriole/grilservice_app.te
new file mode 100644
index 0000000..c5b6146
--- /dev/null
+++ b/oriole/grilservice_app.te
@@ -0,0 +1,2 @@
+allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;
+
diff --git a/raven-sepolicy.mk b/raven-sepolicy.mk
new file mode 100644
index 0000000..91d85cd
--- /dev/null
+++ b/raven-sepolicy.mk
@@ -0,0 +1,2 @@
+# Ravne only sepolicy
+BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/raven
diff --git a/raven/cccdk_timesync_app.te b/raven/cccdk_timesync_app.te
new file mode 100644
index 0000000..1a4264d
--- /dev/null
+++ b/raven/cccdk_timesync_app.te
@@ -0,0 +1 @@
+allow vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager find;
diff --git a/raven/grilservice_app.te b/raven/grilservice_app.te
new file mode 100644
index 0000000..c5b6146
--- /dev/null
+++ b/raven/grilservice_app.te
@@ -0,0 +1,2 @@
+allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;
+
diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts
index 790ba63..b8f0952 100644
--- a/system_ext/private/property_contexts
+++ b/system_ext/private/property_contexts
@@ -9,3 +9,6 @@
# Properties for euicc
persist.modem.esim_profiles_exist u:object_r:esim_modem_prop:s0 exact string
+
+# Telephony
+telephony.ril.silent_reset u:object_r:telephony_ril_prop:s0 exact bool
\ No newline at end of file
diff --git a/system_ext/public/property.te b/system_ext/public/property.te
index bb07d92..1abcc84 100644
--- a/system_ext/public/property.te
+++ b/system_ext/public/property.te
@@ -3,3 +3,10 @@
# eSIM properties
system_vendor_config_prop(esim_modem_prop)
+
+# Telephony
+system_public_prop(telephony_ril_prop)
+
+userdebug_or_eng(`
+ set_prop(shell, telephony_ril_prop)
+')
\ No newline at end of file
diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index 9d1293e..b50d3d0 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -1,22 +1,7 @@
-dump_lsi radio_vendor_data_file file b/269218638
-dump_lsi vendor_slog_file file b/269218638
-dump_modem radio_vendor_data_file file b/269370106
-dump_pixel_metrics sysfs file b/268411073
-dump_ramdump radio_vendor_data_file file b/276385941
-dump_ramdump vendor_camera_data_file file b/276385941
-dump_sensors radio_vendor_data_file file b/277528855
-dump_sensors vendor_camera_data_file file b/277528855
-dump_stm sysfs_spi dir b/268147283
-dump_trusty radio_vendor_data_file file b/269045042
-dumpstate app_zygote process b/238263438
-dumpstate hal_input_processor_default process b/238143262
-dumpstate system_data_file dir b/264483156
-dumpstate system_data_file dir b/264483673
+dump_stm sysfs_spi dir b/277989397
hal_camera_default boot_status_prop file b/275002227
hal_camera_default edgetpu_app_service service_manager b/275002227
hal_drm_default default_prop file b/232714489
-hal_dumpstate_default dump_lsi process b/269045042
-hal_dumpstate_default dump_thermal process b/270247432
hal_power_default hal_power_default capability b/240632824
incidentd debugfs_wakeup_sources file b/238263568
incidentd incidentd anon_inode b/268146971
diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te
index f7b2ebd..6025bd5 100644
--- a/tracking_denials/dumpstate.te
+++ b/tracking_denials/dumpstate.te
@@ -1,6 +1,4 @@
# b/277155042
dontaudit dumpstate app_zygote:process { signal };
-# b/185723618
-dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find };
-# b/277155042
dontaudit dumpstate default_android_service:service_manager { find };
+dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find };
diff --git a/tracking_denials/hal_dumpstate_default.te b/tracking_denials/hal_dumpstate_default.te
new file mode 100644
index 0000000..dbcd88e
--- /dev/null
+++ b/tracking_denials/hal_dumpstate_default.te
@@ -0,0 +1,2 @@
+# b/277989067
+dontaudit hal_dumpstate_default vendor_shell_exec:file { execute_no_trans };
diff --git a/whitechapel/vendor/google/certs/com_google_android_apps_camera_services.x509.pem b/whitechapel/vendor/google/certs/com_google_android_apps_camera_services.x509.pem
new file mode 100644
index 0000000..7b8c5b2
--- /dev/null
+++ b/whitechapel/vendor/google/certs/com_google_android_apps_camera_services.x509.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIGCzCCA/OgAwIBAgIVAIHtywgrR7O/EgQ+PeYSfHDaUDt8MA0GCSqGSIb3DQEBCwUAMIGUMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU
+MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxMDAuBgNVBAMMJ2NvbV9nb29n
+bGVfYW5kcm9pZF9hcHBzX2NhbWVyYV9zZXJ2aWNlczAgFw0yMTA2MzAyMzI2MThaGA8yMDUxMDYz
+MDIzMjYxOFowgZQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
+b3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEwMC4G
+A1UEAwwnY29tX2dvb2dsZV9hbmRyb2lkX2FwcHNfY2FtZXJhX3NlcnZpY2VzMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAof2MqYxoQkV05oUZULYlNLDIJKryWjC8ha300YUktBNNVBSP
+1y33+ZTBldm7drcBGo54S1JE1lCIP1dMxby0rNTJ8/Zv2bMVMjXX0haF5vULt64itDcR0SqUDfFR
+UsHapPVmRmMpDOMOUYUbN7gjU7iYAc9oWBo6BFfckdpwwKfzYY/sgieen1E/MN7Zpzmefct3WDU5
+4Dc8mpoNsen3oqquieYAgv9FOw5gCIgsDaOfYFBgvAE08Pqo3J/zU6dAuqUJztNH8EhgTNbcaNVL
+jCmofa+iIAjSpmP69jcgaUyfmH0EE3/m55qouVRJzqARvmEO/M7LEr3n1ZKKhDZdO6TJysMzP9g8
+pONPO8/3hTQ+GP+7fOQooNQJEGNgJuZOHSyNL/8nGCgHBZKgZdZPKk8HV2M578UDf8yNyV5AYpx0
+VK1JdoBtNMzp0cv7Q6TTugIuDEzT3jmgGGp6WmXE6B9dJOq+cnVC7cSYva8wctFS3RpoqT79vkW3
+A7g2b26bM5GMQ8KcGC4qm4pJkrX5kKZWZGWXjm0F8gRJQ5D0S/AcUw3B+sG/AmfQzLm8SCK36HhO
+sFnPsQJ/VdL7kg9HHWrQYVexNaQnD/QLOCenk09COUzSwexws+kQhUH45OSbQFjOJwPbS4YAn9qV
+eV+DPlvemZEFYF5+MVlDwOGQ3JsCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtjMO
+nlaC4nsk4PwT+fcIYpg52JQwHwYDVR0jBBgwFoAUtjMOnlaC4nsk4PwT+fcIYpg52JQwDQYJKoZI
+hvcNAQELBQADggIBABhYDqPD2yWiXNCVtHk6h7Kb2H2U3rc8G7Or1/mwrXSCEgqHnCkpiWeb1h/5
+YNS9fRrexQD+O0hukCpjvIFccQvk8EkZdWpn4kDlrUqfakWpASzlwEqRviS31Hiybn/+QUpYuDTm
+FYorrHzDzPiNttzxVK0ENt4T4ETDWVqiGB7tbTlLPr6tz/oxDjRH8y4iS/For7SkfdI512txJgDr
+njvRVY9WJykySs+AAqwS1PIMXGoI03UmLJUsFNUjHehaqguPS1uiewlKiQq07blWbnQXdcyH7QTI
+hOUPY2rRBh8ciXu4L0Uk4To7+DP/8nHSGC7qXPvP6W3gqW1hj0d6GviMEfJ9fBSUEzaCRF3aL/5e
+JOGQQKxh7Jsl/zZs4+MYg0Q2cyg/BQVNNOhESG4et4OV5go9W+1oAy20FV0NgtdPoeb9ABNoi4T3
+IrKLgxOsbACpoDt3zPhncqiJhX3feFtyVV4oRiylydiiYO927qNdfMGmcnGFSG4814kUxSdpkoCA
+V7WCQD42zfBYj4pkdZwiJW4yZSaPWN/Eodi3PBsV+10Y1O1WOvebJuTGmcvWWMCPGtFQJDijUy4H
+r8rDe3ZmRGQ+vEGPJZC8nx9+qxLQ314ZCzdS0R1HwRRuOji3fCSCnaPQuCFe3YlzhB2j6fRGNf7F
+DB17LhMLl0GxX9j1
+-----END CERTIFICATE-----
diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index d8cce99..8eec86a 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -55,6 +55,9 @@
# CHRE
type chre_socket, file_type;
+# BT
+type vendor_bt_data_file, file_type, data_file_type;
+
# IOMMU
type sysfs_iommu, sysfs_type, fs_type;
diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index 5903e37..ea95a34 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -152,6 +152,7 @@
# data files
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
+/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0
# Camera
/vendor/bin/hw/android\.hardware\.camera\.provider@2\.7-service-google u:object_r:hal_camera_default_exec:s0
diff --git a/whitechapel/vendor/google/hal_bluetooth_btlinux.te b/whitechapel/vendor/google/hal_bluetooth_btlinux.te
new file mode 100644
index 0000000..851dc89
--- /dev/null
+++ b/whitechapel/vendor/google/hal_bluetooth_btlinux.te
@@ -0,0 +1,3 @@
+allow hal_bluetooth_btlinux vendor_bt_data_file:dir rw_dir_perms;
+allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms;
+
diff --git a/whitechapel/vendor/google/keys.conf b/whitechapel/vendor/google/keys.conf
index fb6e52b..0693d7c 100644
--- a/whitechapel/vendor/google/keys.conf
+++ b/whitechapel/vendor/google/keys.conf
@@ -6,3 +6,6 @@
[@EUICCSUPPORTPIXEL]
ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/EuiccSupportPixel.x509.pem
+
+[@CAMERASERVICES]
+ALL : device/google/gs101-sepolicy/whitechapel/vendor/google/certs/com_google_android_apps_camera_services.x509.pem
diff --git a/whitechapel/vendor/google/mac_permissions.xml b/whitechapel/vendor/google/mac_permissions.xml
index 6cb7113..b51e565 100644
--- a/whitechapel/vendor/google/mac_permissions.xml
+++ b/whitechapel/vendor/google/mac_permissions.xml
@@ -30,4 +30,7 @@
<signer signature="@EUICCSUPPORTPIXEL" >
<seinfo value="EuiccSupportPixel" />
</signer>
+ <signer signature="@CAMERASERVICES" >
+ <seinfo value="CameraServices" />
+ </signer>
</policy>
diff --git a/whitechapel/vendor/google/radio.te b/whitechapel/vendor/google/radio.te
index baa356b..a604c72 100644
--- a/whitechapel/vendor/google/radio.te
+++ b/whitechapel/vendor/google/radio.te
@@ -1,3 +1,5 @@
+set_prop(radio, telephony_ril_prop)
+
allow radio hal_exynos_rild_hwservice:hwservice_manager find;
allow radio proc_vendor_sched:dir r_dir_perms;
allow radio proc_vendor_sched:file w_file_perms;
diff --git a/whitechapel/vendor/google/rild.te b/whitechapel/vendor/google/rild.te
index 5108b45..e578ec4 100644
--- a/whitechapel/vendor/google/rild.te
+++ b/whitechapel/vendor/google/rild.te
@@ -7,6 +7,8 @@
get_prop(rild, sota_prop)
get_prop(rild, system_boot_reason_prop)
+set_prop(rild, telephony_ril_prop)
+
allow rild proc_net:file rw_file_perms;
allow rild radio_vendor_data_file:dir create_dir_perms;
allow rild radio_vendor_data_file:file create_file_perms;