Snap for 5303890 from 3e3664bdfab6b9dfa7ad10e9da4577e2759f8424 to sdk-release

Change-Id: I039cc0dfad5b3417be93e5f8474c679eae8c44df
diff --git a/crosshatch-sepolicy.mk b/crosshatch-sepolicy.mk
index 65f1690..b924ed3 100644
--- a/crosshatch-sepolicy.mk
+++ b/crosshatch-sepolicy.mk
@@ -1,5 +1,5 @@
-BOARD_PLAT_PUBLIC_SEPOLICY_DIR := device/google/crosshatch-sepolicy/public
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR := device/google/crosshatch-sepolicy/private
+PRODUCT_PUBLIC_SEPOLICY_DIRS := device/google/crosshatch-sepolicy/public
+PRODUCT_PRIVATE_SEPOLICY_DIRS := device/google/crosshatch-sepolicy/private
 
 # vendors
 BOARD_SEPOLICY_DIRS += device/google/crosshatch-sepolicy/vendor/qcom/common
diff --git a/vendor/google/bug_map b/vendor/google/bug_map
index 670225a..9a10cfe 100644
--- a/vendor/google/bug_map
+++ b/vendor/google/bug_map
@@ -2,6 +2,7 @@
 cdsprpcd system_file dir 109882276
 dataservice_app vendor_default_prop file 79617173
 factory_ota_app vendor_default_prop file 79617173
+hal_camera_default persist_file file 123018469
 netmgrd system_file file 117232795
 platform_app vendor_default_prop file 79617173
 priv_app vendor_default_prop file 79617173
diff --git a/vendor/google/google_camera_app.te b/vendor/google/google_camera_app.te
index a296a36..5023e08 100644
--- a/vendor/google/google_camera_app.te
+++ b/vendor/google/google_camera_app.te
@@ -15,9 +15,13 @@
 allow google_camera_app mediametrics_service:service_manager find;
 allow google_camera_app nfc_service:service_manager find;
 allow google_camera_app surfaceflinger_service:service_manager find;
+allow google_camera_app gpu_service:service_manager find;
 
 allow google_camera_app hidl_token_hwservice:hwservice_manager find;
 
+# Allow google_camera_app to interact with gpuservice
+binder_call(google_camera_app, gpuservice)
+
 # Execute libraries from RenderScript cache
 allow google_camera_app app_data_file:file { rx_file_perms };
 
diff --git a/vendor/qcom/common/hal_dumpstate_impl.te b/vendor/qcom/common/hal_dumpstate_impl.te
index cb9a3c7..f0d9b8d 100644
--- a/vendor/qcom/common/hal_dumpstate_impl.te
+++ b/vendor/qcom/common/hal_dumpstate_impl.te
@@ -11,14 +11,10 @@
 userdebug_or_eng(`
   # smlog_dump
   domain_auto_trans(hal_dumpstate_impl, smlog_dump_exec, smlog_dump)
-  allow hal_dumpstate_impl modem_dump_file:dir create_dir_perms;
-  allow hal_dumpstate_impl modem_dump_file:file create_file_perms;
   allow hal_dumpstate_impl radio_vendor_data_file:dir r_dir_perms;
   allow hal_dumpstate_impl radio_vendor_data_file:file r_file_perms;
   allow hal_dumpstate_impl netmgr_data_file:dir r_dir_perms;
   allow hal_dumpstate_impl netmgr_data_file:file r_file_perms;
-  allow hal_dumpstate_impl debugfs_ipc:dir r_dir_perms;
-  allow hal_dumpstate_impl debugfs_ipc:file r_file_perms;
   allow hal_dumpstate_impl debugfs_tzdbg:dir search;
   allow hal_dumpstate_impl debugfs_tzdbg:file r_file_perms;
   allow hal_dumpstate_impl sysfs_usb_device:dir r_dir_perms;
@@ -30,6 +26,8 @@
   set_prop(hal_dumpstate_impl, vendor_modem_diag_prop)
 ')
 
+allow hal_dumpstate_impl modem_dump_file:dir create_dir_perms;
+allow hal_dumpstate_impl modem_dump_file:file create_file_perms;
 allow hal_dumpstate_impl modem_stat_data_file:file r_file_perms;
 
 allow hal_dumpstate_impl uio_device:chr_file rw_file_perms;
@@ -49,6 +47,7 @@
 allow hal_dumpstate_impl debugfs_wlan:file r_file_perms;
 allow hal_dumpstate_impl debugfs_icnss:dir r_dir_perms;
 allow hal_dumpstate_impl debugfs_icnss:file r_file_perms;
+allow hal_dumpstate_impl debugfs_ipc:dir r_dir_perms;
 allow hal_dumpstate_impl debugfs_ipc:file r_file_perms;
 allow hal_dumpstate_impl debugfs_f2fs:dir r_dir_perms;
 allow hal_dumpstate_impl debugfs_f2fs:file r_file_perms;
diff --git a/vendor/qcom/common/ramdump.te b/vendor/qcom/common/ramdump.te
index 9d22aa5..9e7448d 100644
--- a/vendor/qcom/common/ramdump.te
+++ b/vendor/qcom/common/ramdump.te
@@ -19,6 +19,8 @@
   allow ramdump misc_block_device:blk_file rw_file_perms;
   allow ramdump userdata_block_device:blk_file rw_file_perms;
 
+  dontaudit ramdump metadata_file:dir search;
+
   # read from /fstab.sdm845
   allow ramdump rootfs:file r_file_perms;