Snap for 10453563 from 3ae91d9c27e1301538b8f1de59067ddc6e63f0b6 to mainline-ipsec-release
Change-Id: I7ce87521a4a9503c4a2d566fc0374cfe5dbc1946
diff --git a/bluejay-sepolicy.mk b/bluejay-sepolicy.mk
index cb5229b..ab9ac22 100644
--- a/bluejay-sepolicy.mk
+++ b/bluejay-sepolicy.mk
@@ -1,2 +1,2 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/bluejay
-BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials_bluejay
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/bluejay-sepolicy/tracking_denials
diff --git a/bluejay/genfs_contexts b/bluejay/genfs_contexts
index 0e9b2a8..6b11056 100644
--- a/bluejay/genfs_contexts
+++ b/bluejay/genfs_contexts
@@ -4,3 +4,8 @@
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a u:object_r:sysfs_vibrator:s0
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-cs40l26a u:object_r:sysfs_vibrator:s0
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l26a u:object_r:sysfs_vibrator:s0
+
+# Storage
+genfscon sysfs /devices/platform/14700000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0
diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
new file mode 100644
index 0000000..5aa59ad
--- /dev/null
+++ b/tracking_denials/bug_map
@@ -0,0 +1,19 @@
+derive_sdk mediaprovider_app dir b/264600240
+dump_pixel_metrics sysfs file b/268147280
+dump_ramdump radio_vendor_data_file file b/270247129
+dump_ramdump vendor_camera_data_file file b/270633115
+dump_stm sysfs_spi dir b/268147400
+dump_storage radio_vendor_data_file file b/269218359
+dump_storage vendor_slog_file file b/269218359
+dump_trusty modem_efs_file file b/277529247
+dumpstate app_zygote process b/238263942
+dumpstate system_data_file dir b/261932945
+hal_dumpstate_default dump_ramdump process b/270247072
+hal_power_default hal_power_default capability b/240632681
+hal_vibrator_default sysfs file b/264483668
+incidentd debugfs_wakeup_sources file b/238263518
+incidentd incidentd anon_inode b/268147248
+webview_zygote logdr_socket sock_file b/264600023
+webview_zygote resourcecache_data_file dir b/264600023
+webview_zygote tombstoned_crash_socket sock_file b/264600023
+webview_zygote zygote_exec file b/264600023
diff --git a/tracking_denials/dump_gsc.te b/tracking_denials/dump_gsc.te
new file mode 100644
index 0000000..1eb7ccf
--- /dev/null
+++ b/tracking_denials/dump_gsc.te
@@ -0,0 +1,3 @@
+# b/265886512
+dontaudit dump_gsc radio_vendor_data_file:file { read };
+dontaudit dump_gsc radio_vendor_data_file:file { write };
diff --git a/tracking_denials/hal_vibrator_default.te b/tracking_denials/hal_vibrator_default.te
new file mode 100644
index 0000000..f634fe6
--- /dev/null
+++ b/tracking_denials/hal_vibrator_default.te
@@ -0,0 +1,2 @@
+# b/275645961
+dontaudit hal_vibrator_default service_manager_type:service_manager find;
diff --git a/vendor/device.te b/vendor/device.te
new file mode 100644
index 0000000..d2a91db
--- /dev/null
+++ b/vendor/device.te
@@ -0,0 +1,2 @@
+# Block Devices
+type fips_block_device, dev_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
new file mode 100644
index 0000000..a273c79
--- /dev/null
+++ b/vendor/file_contexts
@@ -0,0 +1,5 @@
+# Binaries
+/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0
+
+# Devices
+/dev/block/platform/14700000\.ufs/by-name/fips u:object_r:fips_block_device:s0
diff --git a/vendor/ufs_firmware_update.te b/vendor/ufs_firmware_update.te
new file mode 100644
index 0000000..53ceba5
--- /dev/null
+++ b/vendor/ufs_firmware_update.te
@@ -0,0 +1,10 @@
+type ufs_firmware_update, domain;
+type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(ufs_firmware_update)
+
+allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans;
+allow ufs_firmware_update block_device:dir r_dir_perms;
+allow ufs_firmware_update fips_block_device:blk_file rw_file_perms;
+allow ufs_firmware_update sysfs:dir r_dir_perms;
+allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms;
