From 7f6f0cada9b36d18efedb58e7f18e536b29fc7b7 Mon Sep 17 00:00:00 2001
From: Sooraj S <sooorajjj@gmail.com>
Date: Mon, 13 Jul 2020 13:05:57 +0530
Subject: [PATCH 1/6] sepolicy: allow platform_app to create named pipes

---
 common/private/platform_app.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/common/private/platform_app.te b/common/private/platform_app.te
index 07183e7..ef16b76 100644
--- a/common/private/platform_app.te
+++ b/common/private/platform_app.te
@@ -9,3 +9,7 @@ hal_client_domain(platform_app, hal_lineage_livedisplay)
 
 # Allow PowerShare HAL service to be found
 hal_client_domain(platform_app, hal_lineage_powershare)
+
+# allow platform_app to create named pipes (used for realm support)
+allow platform_app fuse:fifo_file create;
+allow platform_app app_data_file:fifo_file create_file_perms;
-- 
GitLab


From 760e6c0259c97e84bcabd8f1998aa6061cd50ec3 Mon Sep 17 00:00:00 2001
From: Sooraj S <sooorajjj@gmail.com>
Date: Wed, 11 Nov 2020 17:46:53 +0530
Subject: [PATCH 2/6] sepolicy: allow platform_app rs_exec:file rx_file_perms

foundation.e.camera depend on being able to execute /system/bin/bcc. Allow
it.
---
 common/private/platform_app.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/common/private/platform_app.te b/common/private/platform_app.te
index ef16b76..6e42d15 100644
--- a/common/private/platform_app.te
+++ b/common/private/platform_app.te
@@ -13,3 +13,5 @@ hal_client_domain(platform_app, hal_lineage_powershare)
 # allow platform_app to create named pipes (used for realm support)
 allow platform_app fuse:fifo_file create;
 allow platform_app app_data_file:fifo_file create_file_perms;
+allow platform_app app_data_file:fifo_file open;
+allow platform_app rs_exec:file rx_file_perms;
-- 
GitLab


From 3c54f63da30c7d27bb00e1c7c2075ad669a8d4c5 Mon Sep 17 00:00:00 2001
From: Alexandre Roux <alexandre.roux.danzi@lostpod.me>
Date: Fri, 7 Aug 2020 07:41:32 +0000
Subject: [PATCH 3/6] sepolicy: allow platform_app access app_data_file

---
 common/private/platform_app.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/common/private/platform_app.te b/common/private/platform_app.te
index 6e42d15..9c14c8f 100644
--- a/common/private/platform_app.te
+++ b/common/private/platform_app.te
@@ -15,3 +15,6 @@ allow platform_app fuse:fifo_file create;
 allow platform_app app_data_file:fifo_file create_file_perms;
 allow platform_app app_data_file:fifo_file open;
 allow platform_app rs_exec:file rx_file_perms;
+
+# Allow platform apps to execute files in /data
+allow platform_app app_data_file:file execute;
-- 
GitLab


From dd2807d29da437c4aef1ba42d83d4657c6a292c6 Mon Sep 17 00:00:00 2001
From: TheScarastic <warabhishek@e.email>
Date: Mon, 7 Mar 2022 14:53:27 +0530
Subject: [PATCH 4/6] sepolicy: Add rules for tracker blocker

---
 common/private/netd.te | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 common/private/netd.te

diff --git a/common/private/netd.te b/common/private/netd.te
new file mode 100644
index 0000000..bc71718
--- /dev/null
+++ b/common/private/netd.te
@@ -0,0 +1 @@
+allow netd platform_app:unix_stream_socket connectto;
-- 
GitLab


From a3a4d16513bb2f164538f6f0a0c0f5bb3997ae42 Mon Sep 17 00:00:00 2001
From: TheScarastic <warabhishek@e.email>
Date: Wed, 21 Sep 2022 07:21:05 +0000
Subject: [PATCH 5/6] sepolicy: Updater: Add support for systemUpdatermanager

---
 common/private/updater_app.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/common/private/updater_app.te b/common/private/updater_app.te
index 657588f..d1c50e0 100644
--- a/common/private/updater_app.te
+++ b/common/private/updater_app.te
@@ -9,6 +9,7 @@ binder_call(updater_app, update_engine)
 allow updater_app app_api_service:service_manager find;
 allow updater_app recovery_service:service_manager find;
 allow updater_app system_api_service:service_manager find;
+allow updater_app system_update_service:service_manager find;
 allow updater_app update_engine_service:service_manager find;
 
 allow updater_app app_data_file:dir create_dir_perms;
-- 
GitLab


From 29785476542f8f9c8c0880b4637910c1735668e3 Mon Sep 17 00:00:00 2001
From: TheScarastic <warabhishek@e.email>
Date: Fri, 7 Oct 2022 07:34:14 +0000
Subject: [PATCH 6/6] sepolicy: All platform app to create sockets

---
 common/private/platform_app.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/common/private/platform_app.te b/common/private/platform_app.te
index 9c14c8f..acbc623 100644
--- a/common/private/platform_app.te
+++ b/common/private/platform_app.te
@@ -18,3 +18,5 @@ allow platform_app rs_exec:file rx_file_perms;
 
 # Allow platform apps to execute files in /data
 allow platform_app app_data_file:file execute;
+
+allow platform_app app_data_file:{ lnk_file sock_file fifo_file } create_file_perms;
-- 
GitLab