From a5c4df1e6983bd8711a8c673294238ae082554d9 Mon Sep 17 00:00:00 2001
From: sukiliu <sukiliu@google.com>
Date: Mon, 23 May 2022 15:56:37 +0800
Subject: Update avc error on ROM 8628084

Ignore-AOSP-First: the dontaudit is included in AOSP

Bug: 233569257
Test: PtsSELinuxTestCases
Change-Id: Ibefc45ea7398a407f7add0d123883af4253fcce2
---
 tracking_denials/dumpstate.te | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 tracking_denials/dumpstate.te

diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te
new file mode 100644
index 0000000..c415668
--- /dev/null
+++ b/tracking_denials/dumpstate.te
@@ -0,0 +1,2 @@
+# b/233569257
+dontaudit dumpstate app_zygote:process { signal };
-- 
cgit v1.2.3


From 13db3bd3e58702fe3dd4bfe0969f07ada38f3ff7 Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Fri, 13 May 2022 21:19:22 +0800
Subject: sepolicy_vndr: Add shell permission to
 /sys/class/kgsl/kgsl-3d0/perfcounter

Allow shell users to have permission to update sysfs node
/sys/class/kgsl/kgsl-3d0/perfcounter

Bug: 193434313
Change-Id: Id0be56157cd076ea4de2769003724992a7ba092a
---
 vendor/qcom/common/file.te        | 1 +
 vendor/qcom/common/genfs_contexts | 1 +
 vendor/qcom/common/shell.te       | 3 +++
 3 files changed, 5 insertions(+)
 create mode 100644 vendor/qcom/common/shell.te

diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te
index 0533681..99b8620 100644
--- a/vendor/qcom/common/file.te
+++ b/vendor/qcom/common/file.te
@@ -40,6 +40,7 @@ type sysfs_rmtfs, sysfs_type, fs_type;
 type adsprpcd_file, file_type, mlstrustedobject, vendor_file_type;
 type persist_time_file, file_type, vendor_persist_type;
 type sysfs_kgsl_proc, sysfs_type, fs_type;
+type sysfs_kgsl_shell, sysfs_type, fs_type;
 type sysfs_diag, fs_type, sysfs_type;
 type vendor_radio_data_file, file_type, data_file_type, mlstrustedobject;
 type sensors_vendor_data_file, file_type, data_file_type;
diff --git a/vendor/qcom/common/genfs_contexts b/vendor/qcom/common/genfs_contexts
index 2ddedb9..5b8182a 100644
--- a/vendor/qcom/common/genfs_contexts
+++ b/vendor/qcom/common/genfs_contexts
@@ -6,6 +6,7 @@ genfscon sysfs /class/uio
 genfscon sysfs /devices/virtual/kgsl/kgsl/proc                                                                                         u:object_r:sysfs_kgsl_proc:s0
 genfscon sysfs /devices/platform/soc/0.qcom,rmtfs_sharedmem                                                                            u:object_r:sysfs_rmtfs:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp                                                                                 u:object_r:sysfs_msm_subsys:s0
+genfscon sysfs /devices/platform/soc/3d00000.qcom,kgsl-3d0/kgsl/kgsl-3d0/perfcounter                                                   u:object_r:sysfs_kgsl_shell:s0
 genfscon sysfs /bus/esoc                                                                                                               u:object_r:sysfs_esoc:s0
 genfscon sysfs /bus/msm_subsys                                                                                                         u:object_r:sysfs_msm_subsys:s0
 genfscon debugfs /wlan                                                                                                                 u:object_r:debugfs_wlan:s0
diff --git a/vendor/qcom/common/shell.te b/vendor/qcom/common/shell.te
new file mode 100644
index 0000000..cd0e4a4
--- /dev/null
+++ b/vendor/qcom/common/shell.te
@@ -0,0 +1,3 @@
+# allow shell users to control kgsl perfcounters
+allow shell sysfs_kgsl_shell:file rw_file_perms;
+allow shell sysfs_msm_subsys:dir r_dir_perms;
-- 
cgit v1.2.3