Merge Android 14

Bug: 298295554
Merged-In: Ic75ad7e3e999a49457f67af13ae85f40201f4cc2
Change-Id: I41cb9e2d4102d93f72acce15f171a96851d391fa

tracking_denials/bug_map

@@ -1,7 +1,9 @@
+adbd sysfs_msm_subsys dir b/269369858
+derive_sdk system_app dir b/269044764
 dumpstate hal_input_processor_default process b/238263647
 dumpstate incident process b/238263647
+dumpstate system_data_file dir b/264600011
+hal_camera_default graphics_config_prop file b/268147541
 hal_drm_widevine default_prop file b/238263747
-init app_data_file dir b/241172516
-init gsi_data_file file b/241172516
-init privapp_data_file dir b/241172516
-init system_app_data_file dir b/241172516
+shell build_attestation_prop file b/269370035
+system_server vendor_incremental_module file b/264483807

tracking_denials/dumpstate.te

@@ -0,0 +1,2 @@
+# b/277155912
+dontaudit dumpstate default_android_service:service_manager { find };

tracking_denials/shell.te

@@ -0,0 +1,10 @@
+# b/269370035
+dontaudit shell incident_service:service_manager { find };
+dontaudit shell installd_service:service_manager { find };
+dontaudit shell mdns_service:service_manager { find };
+dontaudit shell netd_service:service_manager { find };
+dontaudit shell system_suspend_control_service:service_manager { find };
+dontaudit shell system_suspend_control_internal_service:service_manager { find };
+dontaudit shell vold_service:service_manager { find };
+dontaudit shell dnsresolver_service:service_manager { find };
+dontaudit shell gatekeeper_service:service_manager { find };

vendor/google/genfs_contexts

@@ -0,0 +1 @@
+genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-1/1-003b                    u:object_r:sysfs_wlc:s0

vendor/google/hal_health_default.te

@@ -0,0 +1,2 @@
+r_dir_file(hal_health_default, sysfs_wlc)
+allow hal_health_default sysfs_wlc:dir r_dir_perms;

vendor/google/pixelstats_vendor.te

@@ -14,9 +14,6 @@ allow pixelstats_vendor fwk_stats_service:service_manager find;
 
 allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms;
 
-# wlc
-allow pixelstats_vendor sysfs_wlc:dir search;
-
 # OrientationCollector
 # HIDL sensorservice
 allow pixelstats_vendor fwk_sensor_hwservice:hwservice_manager find;

wireless_charger/file_contexts

@@ -0,0 +1 @@
+/vendor/bin/hw/vendor\.google\.wireless_charger-default                  u:object_r:hal_wireless_charger_exec:s0

wireless_charger/hal_dumpstate_default.te

@@ -0,0 +1,3 @@
+allow hal_dumpstate_default sysfs_wlc:dir search;
+allow hal_dumpstate_default sysfs_wlc:dir r_dir_perms;
+allow hal_dumpstate_default sysfs_wlc:file r_file_perms;

wireless_charger/hal_googlebattery.te

@@ -0,0 +1,2 @@
+r_dir_file(hal_googlebattery, sysfs_wlc)
+allow hal_googlebattery sysfs_wlc:file rw_file_perms;

wireless_charger/hal_health_default.te

@@ -0,0 +1 @@
+allow hal_health_default sysfs_wlc:dir search;

wireless_charger/hal_sensors_default.te

@@ -0,0 +1 @@
+allow hal_sensors_default sysfs_wlc:dir r_dir_perms;

wireless_charger/hal_wireless_charger.te

@@ -0,0 +1,20 @@
+
+init_daemon_domain(hal_wireless_charger)
+
+r_dir_file(hal_wireless_charger, sysfs_batteryinfo)
+r_dir_file(hal_wireless_charger, sysfs_wlc)
+
+allow hal_wireless_charger sysfs_batteryinfo:file rw_file_perms;
+allow hal_wireless_charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+allow hal_wireless_charger sysfs_wlc:file rw_file_perms;
+
+
+binder_call(hal_wireless_charger, servicemanager)
+add_service(hal_wireless_charger, hal_wireless_charger_service)
+
+userdebug_or_eng(`
+     domain_auto_trans(shell,  hal_wireless_charger_exec, hal_wireless_charger)
+')
+
+binder_call(hal_wireless_charger, platform_app)
+binder_call(hal_wireless_charger, system_app)

wireless_charger/pixelstats_vendor.te

@@ -0,0 +1,3 @@
+# Wireless charge
+allow pixelstats_vendor sysfs_wlc:dir search;
+allow pixelstats_vendor sysfs_wlc:file rw_file_perms;

wireless_charger/service_contexts

@@ -0,0 +1 @@
+vendor.google.wireless_charger.IWirelessCharger/default                      u:object_r:hal_wireless_charger_service:s0