Merge rvc-qpr-dev-plus-aosp-without-vendor@6881855
Bug: 172690556
Merged-In: I7d44dd53cd0f77438d948b966b5de2c32f3347e8
Change-Id: Id2dae5622864032c8734ddccfc455a7aa7174c69
diff --git a/OWNERS b/OWNERS
index c133e99..791abb4 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1,13 +1,3 @@
-adamshih@google.com
-alanstokes@google.com
-bowgotsai@google.com
-jbires@google.com
-jeffv@google.com
-jgalenson@google.com
-jiyong@google.com
-nnk@google.com
+include platform/system/sepolicy:/OWNERS
+
rurumihong@google.com
-smoreland@google.com
-sspatil@google.com
-tomcherry@google.com
-trong@google.com
diff --git a/tracking_denials/vold.te b/tracking_denials/vold.te
new file mode 100644
index 0000000..646067b
--- /dev/null
+++ b/tracking_denials/vold.te
@@ -0,0 +1,2 @@
+# b/174214346
+dontaudit vold vendor_apex_file:file getattr;
diff --git a/vendor/google/modem_diagnostics.te b/vendor/google/modem_diagnostics.te
index d27e93c..1077a40 100644
--- a/vendor/google/modem_diagnostics.te
+++ b/vendor/google/modem_diagnostics.te
@@ -12,6 +12,9 @@
allow modem_diagnostic_app sysfs_esim:file r_file_perms;
+ allow modem_diagnostic_app ssr_log_file:dir r_dir_perms;
+ allow modem_diagnostic_app ssr_log_file:file r_file_perms;
+
unix_socket_connect(modem_diagnostic_app, diag, qlogd);
set_prop(modem_diagnostic_app, vendor_modem_diag_prop)
diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts
index f3c98c7..48c9b4f 100644
--- a/vendor/qcom/common/seapp_contexts
+++ b/vendor/qcom/common/seapp_contexts
@@ -1,4 +1,4 @@
-user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file
+user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file levelFrom=user
user=_app seinfo=platform name=com.android.pixellogger domain=logger_app type=app_data_file levelFrom=all
user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
@@ -6,7 +6,7 @@
#Add new domain for DataServices
# Domain for CNEService , uceShimService and other connectivity services
-user=radio seinfo=platform name=.dataservices domain=dataservice_app type=radio_data_file
+user=radio seinfo=platform name=.dataservices domain=dataservice_app type=radio_data_file levelFrom=user
# The default domain for tango_core process
user=_app seinfo=tango name=com.google.tango domain=tango_core type=app_data_file levelFrom=user
@@ -22,7 +22,7 @@
user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=user
#Needed for time service apk
-user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file
+user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file levelFrom=all
# Domain for easelservice app
user=_app seinfo=easel name=com.google.android.imaging.easel.service domain=easelservice_app type=app_data_file levelFrom=user
@@ -35,4 +35,4 @@
user=_app seinfo=platform name=com.qualcomm.qti.services.secureui* domain=secure_ui_service_app levelFrom=all
-user=radio isPrivApp=true seinfo=platform name=com.google.RilConfigService domain=ril_config_service_app type=app_data_file
+user=radio isPrivApp=true seinfo=platform name=com.google.RilConfigService domain=ril_config_service_app type=app_data_file levelFrom=all
diff --git a/vendor/qcom/common/time_daemon.te b/vendor/qcom/common/time_daemon.te
index d97cdbb..f0aa0e5 100644
--- a/vendor/qcom/common/time_daemon.te
+++ b/vendor/qcom/common/time_daemon.te
@@ -1,4 +1,4 @@
-type time_daemon, domain;
+type time_daemon, domain, mlstrustedsubject;
type time_daemon_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(time_daemon)