Initialize gs201 to zero
Bug: 196916111
Test: boot to home with all services launched
Change-Id: I3453fc01cec5fd7b2b2a44a6f20c64e818ce1acd
diff --git a/OWNERS b/OWNERS
new file mode 100644
index 0000000..a24d5fb
--- /dev/null
+++ b/OWNERS
@@ -0,0 +1,11 @@
+adamshih@google.com
+alanstokes@google.com
+bowgotsai@google.com
+jbires@google.com
+jeffv@google.com
+jgalenson@google.com
+jiyong@google.com
+rurumihong@google.com
+sspatil@google.com
+smoreland@google.com
+trong@google.com
diff --git a/ambient/exo_app.te b/ambient/exo_app.te
deleted file mode 100644
index ef928f6..0000000
--- a/ambient/exo_app.te
+++ /dev/null
@@ -1,20 +0,0 @@
-type exo_app, coredomain, domain;
-
-app_domain(exo_app)
-net_domain(exo_app)
-
-allow exo_app app_api_service:service_manager find;
-allow exo_app audioserver_service:service_manager find;
-allow exo_app cameraserver_service:service_manager find;
-allow exo_app mediaserver_service:service_manager find;
-allow exo_app radio_service:service_manager find;
-allow exo_app fwk_stats_service:service_manager find;
-allow exo_app mediametrics_service:service_manager find;
-allow exo_app gpu_device:dir search;
-
-allow exo_app uhid_device:chr_file rw_file_perms;
-
-binder_call(exo_app, statsd)
-binder_use(exo_app)
-
-get_prop(exo_app, device_config_runtime_native_boot_prop)
diff --git a/ambient/seapp_contexts b/ambient/seapp_contexts
deleted file mode 100644
index 8024688..0000000
--- a/ambient/seapp_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# Domain for Exo app
-user=_app seinfo=platform name=com.google.pixel.exo domain=exo_app type=app_data_file levelFrom=all
diff --git a/display/common/file.te b/display/common/file.te
deleted file mode 100644
index 3734e33..0000000
--- a/display/common/file.te
+++ /dev/null
@@ -1 +0,0 @@
-type persist_display_file, file_type, vendor_persist_type;
diff --git a/display/common/file_contexts b/display/common/file_contexts
deleted file mode 100644
index bca7746..0000000
--- a/display/common/file_contexts
+++ /dev/null
@@ -1 +0,0 @@
-/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0
diff --git a/display/gs101/genfs_contexts b/display/gs101/genfs_contexts
deleted file mode 100644
index 6b15576..0000000
--- a/display/gs101/genfs_contexts
+++ /dev/null
@@ -1,14 +0,0 @@
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0
-genfscon sysfs /firmware/devicetree/base/drmdsim@0x1C2C0000/panel@0/compatible u:object_r:sysfs_display:s0
-
-genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0
-genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0
-genfscon sysfs /firmware/devicetree/base/drmdsim@0x1C2D0000/panel@0/compatible u:object_r:sysfs_display:s0
-
-genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0
-
-genfscon sysfs /devices/platform/1c300000.drmdecon/dqe/atc u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c300000.drmdecon/early_wakeup u:object_r:sysfs_display:s0
diff --git a/display/gs101/hal_graphics_composer_default.te b/display/gs101/hal_graphics_composer_default.te
deleted file mode 100644
index b513913..0000000
--- a/display/gs101/hal_graphics_composer_default.te
+++ /dev/null
@@ -1,38 +0,0 @@
-allow hal_graphics_composer_default video_device:chr_file rw_file_perms;
-add_service(hal_graphics_composer_default, vendor_surfaceflinger_vndservice)
-hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator)
-allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-vndbinder_use(hal_graphics_composer_default)
-
-userdebug_or_eng(`
- allow hal_graphics_composer_default vendor_log_file:dir create_dir_perms;
-
- # For HWC/libdisplaycolor to generate calibration file.
- allow hal_graphics_composer_default persist_display_file:file create_file_perms;
- allow hal_graphics_composer_default persist_display_file:dir rw_dir_perms;
-')
-
-# allow HWC/libdisplaycolor to read calibration data
-allow hal_graphics_composer_default mnt_vendor_file:dir search;
-allow hal_graphics_composer_default persist_file:dir search;
-allow hal_graphics_composer_default persist_display_file:file r_file_perms;
-
-# allow HWC to r/w backlight
-allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms;
-allow hal_graphics_composer_default sysfs_leds:file rw_file_perms;
-
-# allow HWC to get vendor_persist_sys_default_prop
-get_prop(hal_graphics_composer_default, vendor_persist_sys_default_prop)
-
-# allow HWC to get vendor_display_prop
-get_prop(hal_graphics_composer_default, vendor_display_prop)
-
-# allow HWC to access vendor_displaycolor_service
-add_service(hal_graphics_composer_default, vendor_displaycolor_service)
-
-add_service(hal_graphics_composer_default, hal_pixel_display_service)
-binder_use(hal_graphics_composer_default)
-get_prop(hal_graphics_composer_default, boot_status_prop);
-
-# allow HWC to access vendor log file
-allow hal_graphics_composer_default vendor_log_file:file create_file_perms;
diff --git a/gs201-sepolicy.mk b/gs201-sepolicy.mk
index 17e2277..b775c68 100644
--- a/gs201-sepolicy.mk
+++ b/gs201-sepolicy.mk
@@ -1,18 +1,12 @@
# sepolicy that are shared among devices using whitechapel
-BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/whitechapel/vendor/google
+BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/whitechapel_pro
+BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/legacy
# unresolved SELinux error log with bug tracking
BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/tracking_denials
PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs201-sepolicy/private
-# Display
-BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/display/common
-BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/display/gs201
-
-# Micro sensor framework (usf)
-BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/usf
-
# system_ext
SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/gs201-sepolicy/system_ext/public
SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs201-sepolicy/system_ext/private
diff --git a/whitechapel/vendor/google/aocd.te b/legacy/aocd.te
similarity index 100%
rename from whitechapel/vendor/google/aocd.te
rename to legacy/aocd.te
diff --git a/whitechapel/vendor/google/aocdump.te b/legacy/aocdump.te
similarity index 100%
rename from whitechapel/vendor/google/aocdump.te
rename to legacy/aocdump.te
diff --git a/whitechapel/vendor/google/attributes b/legacy/attributes
similarity index 100%
rename from whitechapel/vendor/google/attributes
rename to legacy/attributes
diff --git a/whitechapel/vendor/google/audioserver.te b/legacy/audioserver.te
similarity index 100%
rename from whitechapel/vendor/google/audioserver.te
rename to legacy/audioserver.te
diff --git a/whitechapel/vendor/google/bipchmgr.te b/legacy/bipchmgr.te
similarity index 100%
rename from whitechapel/vendor/google/bipchmgr.te
rename to legacy/bipchmgr.te
diff --git a/whitechapel/vendor/google/bootanim.te b/legacy/bootanim.te
similarity index 100%
rename from whitechapel/vendor/google/bootanim.te
rename to legacy/bootanim.te
diff --git a/whitechapel/vendor/google/bootdevice_sysdev.te b/legacy/bootdevice_sysdev.te
similarity index 100%
rename from whitechapel/vendor/google/bootdevice_sysdev.te
rename to legacy/bootdevice_sysdev.te
diff --git a/whitechapel/vendor/google/cbd.te b/legacy/cbd.te
similarity index 100%
rename from whitechapel/vendor/google/cbd.te
rename to legacy/cbd.te
diff --git a/whitechapel/vendor/google/cbrs_setup.te b/legacy/cbrs_setup.te
similarity index 100%
rename from whitechapel/vendor/google/cbrs_setup.te
rename to legacy/cbrs_setup.te
diff --git a/whitechapel/vendor/google/certs/com_google_mds.x509.pem b/legacy/certs/com_google_mds.x509.pem
similarity index 100%
rename from whitechapel/vendor/google/certs/com_google_mds.x509.pem
rename to legacy/certs/com_google_mds.x509.pem
diff --git a/whitechapel/vendor/google/certs/com_qorvo_uwb.x509.pem b/legacy/certs/com_qorvo_uwb.x509.pem
similarity index 100%
rename from whitechapel/vendor/google/certs/com_qorvo_uwb.x509.pem
rename to legacy/certs/com_qorvo_uwb.x509.pem
diff --git a/whitechapel/vendor/google/chre.te b/legacy/chre.te
similarity index 100%
rename from whitechapel/vendor/google/chre.te
rename to legacy/chre.te
diff --git a/whitechapel/vendor/google/con_monitor.te b/legacy/con_monitor.te
similarity index 100%
rename from whitechapel/vendor/google/con_monitor.te
rename to legacy/con_monitor.te
diff --git a/whitechapel/vendor/google/device.te b/legacy/device.te
similarity index 100%
rename from whitechapel/vendor/google/device.te
rename to legacy/device.te
diff --git a/whitechapel/vendor/google/dmd.te b/legacy/dmd.te
similarity index 100%
rename from whitechapel/vendor/google/dmd.te
rename to legacy/dmd.te
diff --git a/legacy/domain.te b/legacy/domain.te
new file mode 100644
index 0000000..392e75c
--- /dev/null
+++ b/legacy/domain.te
@@ -0,0 +1,23 @@
+allow {domain -appdomain -rs} sysfs_vendor_sched:file w_file_perms;
+dontaudit domain file_type:file *;
+dontaudit domain file_type:chr_file *;
+dontaudit domain file_type:dir *;
+dontaudit domain file_type:capability *;
+dontaudit domain file_type:sock_file *;
+dontaudit domain property_type:file *;
+dontaudit domain property_type:property_service *;
+dontaudit domain fs_type:chr_file *;
+dontaudit domain fs_type:file *;
+dontaudit domain fs_type:blk_file *;
+dontaudit domain fs_type:dir *;
+dontaudit domain fs_type:filesystem *;
+dontaudit domain dev_type:file *;
+dontaudit domain dev_type:chr_file *;
+dontaudit domain dev_type:blk_file *;
+dontaudit domain hwservice_manager_type:hwservice_manager *;
+dontaudit domain service_manager_type:service_manager *;
+dontaudit domain domain:capability *;
+dontaudit domain domain:binder *;
+dontaudit domain domain:socket_class_set *;
+dontaudit fs_type fs_type:filesystem *;
+
diff --git a/whitechapel/vendor/google/dumpstate.te b/legacy/dumpstate.te
similarity index 100%
rename from whitechapel/vendor/google/dumpstate.te
rename to legacy/dumpstate.te
diff --git a/whitechapel/vendor/google/e2fs.te b/legacy/e2fs.te
similarity index 100%
rename from whitechapel/vendor/google/e2fs.te
rename to legacy/e2fs.te
diff --git a/whitechapel/vendor/google/exo_camera_injection/dumpstate.te b/legacy/exo_camera_injection/dumpstate.te
similarity index 100%
rename from whitechapel/vendor/google/exo_camera_injection/dumpstate.te
rename to legacy/exo_camera_injection/dumpstate.te
diff --git a/whitechapel/vendor/google/exo_camera_injection/exo_app.te b/legacy/exo_camera_injection/exo_app.te
similarity index 100%
rename from whitechapel/vendor/google/exo_camera_injection/exo_app.te
rename to legacy/exo_camera_injection/exo_app.te
diff --git a/whitechapel/vendor/google/exo_camera_injection/file_contexts b/legacy/exo_camera_injection/file_contexts
similarity index 100%
rename from whitechapel/vendor/google/exo_camera_injection/file_contexts
rename to legacy/exo_camera_injection/file_contexts
diff --git a/whitechapel/vendor/google/exo_camera_injection/hal_exo_camera_injection.te b/legacy/exo_camera_injection/hal_exo_camera_injection.te
similarity index 100%
rename from whitechapel/vendor/google/exo_camera_injection/hal_exo_camera_injection.te
rename to legacy/exo_camera_injection/hal_exo_camera_injection.te
diff --git a/whitechapel/vendor/google/exo_camera_injection/hwservice.te b/legacy/exo_camera_injection/hwservice.te
similarity index 100%
rename from whitechapel/vendor/google/exo_camera_injection/hwservice.te
rename to legacy/exo_camera_injection/hwservice.te
diff --git a/whitechapel/vendor/google/exo_camera_injection/hwservice_contexts b/legacy/exo_camera_injection/hwservice_contexts
similarity index 100%
rename from whitechapel/vendor/google/exo_camera_injection/hwservice_contexts
rename to legacy/exo_camera_injection/hwservice_contexts
diff --git a/whitechapel/vendor/google/fastbootd.te b/legacy/fastbootd.te
similarity index 100%
rename from whitechapel/vendor/google/fastbootd.te
rename to legacy/fastbootd.te
diff --git a/whitechapel/vendor/google/file.te b/legacy/file.te
similarity index 92%
rename from whitechapel/vendor/google/file.te
rename to legacy/file.te
index c2fe293..c909ebc 100644
--- a/whitechapel/vendor/google/file.te
+++ b/legacy/file.te
@@ -143,6 +143,7 @@
# Display
type sysfs_display, sysfs_type, fs_type;
+type persist_display_file, file_type, vendor_persist_type;
# Backlight
type sysfs_backlight, sysfs_type, fs_type;
@@ -196,3 +197,15 @@
# WLC FW
type vendor_wlc_fwupdata_file, vendor_file_type, file_type;
+#
+# USF file SELinux type enforcements.
+#
+
+# Declare the sensor registry persist file type. By convention, persist file
+# types begin with "persist_".
+type persist_sensor_reg_file, file_type, vendor_persist_type;
+
+# Declare the sensor registry data file type. By convention, data file types
+# end with "data_file".
+type sensor_reg_data_file, file_type, data_file_type;
+
diff --git a/whitechapel/vendor/google/file_contexts b/legacy/file_contexts
similarity index 98%
rename from whitechapel/vendor/google/file_contexts
rename to legacy/file_contexts
index 587b20f..f2d8977 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/legacy/file_contexts
@@ -380,6 +380,7 @@
/vendor/lib(64)?/hw/gralloc\.gs201\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/vulkan\.gs201\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/arm\.graphics-V1-ndk\.so u:object_r:same_process_hal_file:s0
+/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0
# Touch
/dev/touch_offload u:object_r:touch_offload_device:s0
@@ -437,3 +438,13 @@
# WLC FW update
/vendor/bin/wlc_upt/p9412_mtp u:object_r:vendor_wlc_fwupdata_file:s0
/vendor/bin/wlc_upt/wlc_fw_update\.sh u:object_r:wlcfwupdate_exec:s0
+#
+# USF SELinux file security contexts.
+#
+
+# Sensor registry persist files.
+/mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0
+
+# Sensor registry data files.
+/data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0
+
diff --git a/whitechapel/vendor/google/fsck.te b/legacy/fsck.te
similarity index 100%
rename from whitechapel/vendor/google/fsck.te
rename to legacy/fsck.te
diff --git a/whitechapel/vendor/google/genfs_contexts b/legacy/genfs_contexts
similarity index 100%
rename from whitechapel/vendor/google/genfs_contexts
rename to legacy/genfs_contexts
diff --git a/whitechapel/vendor/google/gpsd.te b/legacy/gpsd.te
similarity index 100%
rename from whitechapel/vendor/google/gpsd.te
rename to legacy/gpsd.te
diff --git a/whitechapel/vendor/google/grilservice_app.te b/legacy/grilservice_app.te
similarity index 100%
rename from whitechapel/vendor/google/grilservice_app.te
rename to legacy/grilservice_app.te
diff --git a/whitechapel/vendor/google/hal_audio_default.te b/legacy/hal_audio_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_audio_default.te
rename to legacy/hal_audio_default.te
diff --git a/whitechapel/vendor/google/hal_audiometricext_default.te b/legacy/hal_audiometricext_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_audiometricext_default.te
rename to legacy/hal_audiometricext_default.te
diff --git a/whitechapel/vendor/google/hal_bluetooth_btlinux.te b/legacy/hal_bluetooth_btlinux.te
similarity index 100%
rename from whitechapel/vendor/google/hal_bluetooth_btlinux.te
rename to legacy/hal_bluetooth_btlinux.te
diff --git a/whitechapel/vendor/google/hal_bootctl_default.te b/legacy/hal_bootctl_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_bootctl_default.te
rename to legacy/hal_bootctl_default.te
diff --git a/whitechapel/vendor/google/hal_camera_default.te b/legacy/hal_camera_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_camera_default.te
rename to legacy/hal_camera_default.te
diff --git a/whitechapel/vendor/google/hal_confirmationui.te b/legacy/hal_confirmationui.te
similarity index 100%
rename from whitechapel/vendor/google/hal_confirmationui.te
rename to legacy/hal_confirmationui.te
diff --git a/whitechapel/vendor/google/hal_contexthub.te b/legacy/hal_contexthub.te
similarity index 100%
rename from whitechapel/vendor/google/hal_contexthub.te
rename to legacy/hal_contexthub.te
diff --git a/whitechapel/vendor/google/hal_drm_clearkey.te b/legacy/hal_drm_clearkey.te
similarity index 100%
rename from whitechapel/vendor/google/hal_drm_clearkey.te
rename to legacy/hal_drm_clearkey.te
diff --git a/whitechapel/vendor/google/hal_drm_default.te b/legacy/hal_drm_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_drm_default.te
rename to legacy/hal_drm_default.te
diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/legacy/hal_dumpstate_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_dumpstate_default.te
rename to legacy/hal_dumpstate_default.te
diff --git a/whitechapel/vendor/google/hal_fingerprint_default.te b/legacy/hal_fingerprint_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_fingerprint_default.te
rename to legacy/hal_fingerprint_default.te
diff --git a/whitechapel/vendor/google/hal_gnss_default.te b/legacy/hal_gnss_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_gnss_default.te
rename to legacy/hal_gnss_default.te
diff --git a/whitechapel/vendor/google/hal_graphics_allocator_default.te b/legacy/hal_graphics_allocator_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_graphics_allocator_default.te
rename to legacy/hal_graphics_allocator_default.te
diff --git a/whitechapel/vendor/google/hal_graphics_composer_default.te b/legacy/hal_graphics_composer_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_graphics_composer_default.te
rename to legacy/hal_graphics_composer_default.te
diff --git a/whitechapel/vendor/google/hal_health_default.te b/legacy/hal_health_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_health_default.te
rename to legacy/hal_health_default.te
diff --git a/whitechapel/vendor/google/hal_health_storage_default.te b/legacy/hal_health_storage_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_health_storage_default.te
rename to legacy/hal_health_storage_default.te
diff --git a/whitechapel/vendor/google/hal_neuralnetworks_armnn.te b/legacy/hal_neuralnetworks_armnn.te
similarity index 100%
rename from whitechapel/vendor/google/hal_neuralnetworks_armnn.te
rename to legacy/hal_neuralnetworks_armnn.te
diff --git a/whitechapel/vendor/google/hal_nfc_default.te b/legacy/hal_nfc_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_nfc_default.te
rename to legacy/hal_nfc_default.te
diff --git a/whitechapel/vendor/google/hal_power_default.te b/legacy/hal_power_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_power_default.te
rename to legacy/hal_power_default.te
diff --git a/whitechapel/vendor/google/hal_power_stats_default.te b/legacy/hal_power_stats_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_power_stats_default.te
rename to legacy/hal_power_stats_default.te
diff --git a/whitechapel/vendor/google/hal_radioext_default.te b/legacy/hal_radioext_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_radioext_default.te
rename to legacy/hal_radioext_default.te
diff --git a/whitechapel/vendor/google/hal_secure_element_default.te b/legacy/hal_secure_element_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_secure_element_default.te
rename to legacy/hal_secure_element_default.te
diff --git a/whitechapel/vendor/google/hal_tetheroffload_default.te b/legacy/hal_tetheroffload_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_tetheroffload_default.te
rename to legacy/hal_tetheroffload_default.te
diff --git a/whitechapel/vendor/google/hal_thermal_default.te b/legacy/hal_thermal_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_thermal_default.te
rename to legacy/hal_thermal_default.te
diff --git a/whitechapel/vendor/google/hal_usb_impl.te b/legacy/hal_usb_impl.te
similarity index 100%
rename from whitechapel/vendor/google/hal_usb_impl.te
rename to legacy/hal_usb_impl.te
diff --git a/whitechapel/vendor/google/hal_uwb_default.te b/legacy/hal_uwb_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_uwb_default.te
rename to legacy/hal_uwb_default.te
diff --git a/whitechapel/vendor/google/hal_vendor_hwcservice_default.te b/legacy/hal_vendor_hwcservice_default.te
similarity index 100%
rename from whitechapel/vendor/google/hal_vendor_hwcservice_default.te
rename to legacy/hal_vendor_hwcservice_default.te
diff --git a/whitechapel/vendor/google/hal_wifi.te b/legacy/hal_wifi.te
similarity index 100%
rename from whitechapel/vendor/google/hal_wifi.te
rename to legacy/hal_wifi.te
diff --git a/whitechapel/vendor/google/hal_wifi_ext.te b/legacy/hal_wifi_ext.te
similarity index 100%
rename from whitechapel/vendor/google/hal_wifi_ext.te
rename to legacy/hal_wifi_ext.te
diff --git a/whitechapel/vendor/google/hal_wlc.te b/legacy/hal_wlc.te
similarity index 100%
rename from whitechapel/vendor/google/hal_wlc.te
rename to legacy/hal_wlc.te
diff --git a/whitechapel/vendor/google/hardware_info_app.te b/legacy/hardware_info_app.te
similarity index 100%
rename from whitechapel/vendor/google/hardware_info_app.te
rename to legacy/hardware_info_app.te
diff --git a/whitechapel/vendor/google/hbmsvmanager_app.te b/legacy/hbmsvmanager_app.te
similarity index 100%
rename from whitechapel/vendor/google/hbmsvmanager_app.te
rename to legacy/hbmsvmanager_app.te
diff --git a/whitechapel/vendor/google/hwservice.te b/legacy/hwservice.te
similarity index 100%
rename from whitechapel/vendor/google/hwservice.te
rename to legacy/hwservice.te
diff --git a/whitechapel/vendor/google/hwservice_contexts b/legacy/hwservice_contexts
similarity index 100%
rename from whitechapel/vendor/google/hwservice_contexts
rename to legacy/hwservice_contexts
diff --git a/whitechapel/vendor/google/hwservicemanager.te b/legacy/hwservicemanager.te
similarity index 100%
rename from whitechapel/vendor/google/hwservicemanager.te
rename to legacy/hwservicemanager.te
diff --git a/whitechapel/vendor/google/incident.te b/legacy/incident.te
similarity index 100%
rename from whitechapel/vendor/google/incident.te
rename to legacy/incident.te
diff --git a/whitechapel/vendor/google/init-insmod-sh.te b/legacy/init-insmod-sh.te
similarity index 100%
rename from whitechapel/vendor/google/init-insmod-sh.te
rename to legacy/init-insmod-sh.te
diff --git a/whitechapel/vendor/google/init.te b/legacy/init.te
similarity index 100%
rename from whitechapel/vendor/google/init.te
rename to legacy/init.te
diff --git a/whitechapel/vendor/google/init_radio.te b/legacy/init_radio.te
similarity index 100%
rename from whitechapel/vendor/google/init_radio.te
rename to legacy/init_radio.te
diff --git a/whitechapel/vendor/google/installd.te b/legacy/installd.te
similarity index 100%
rename from whitechapel/vendor/google/installd.te
rename to legacy/installd.te
diff --git a/whitechapel/vendor/google/kernel.te b/legacy/kernel.te
similarity index 100%
rename from whitechapel/vendor/google/kernel.te
rename to legacy/kernel.te
diff --git a/legacy/keys.conf b/legacy/keys.conf
new file mode 100644
index 0000000..2681594
--- /dev/null
+++ b/legacy/keys.conf
@@ -0,0 +1,5 @@
+[@MDS]
+ALL : device/google/gs201-sepolicy/legacy/certs/com_google_mds.x509.pem
+
+[@UWB]
+ALL : device/google/gs201-sepolicy/legacy/certs/com_qorvo_uwb.x509.pem
diff --git a/whitechapel/vendor/google/lhd.te b/legacy/lhd.te
similarity index 100%
rename from whitechapel/vendor/google/lhd.te
rename to legacy/lhd.te
diff --git a/whitechapel/vendor/google/logger_app.te b/legacy/logger_app.te
similarity index 100%
rename from whitechapel/vendor/google/logger_app.te
rename to legacy/logger_app.te
diff --git a/whitechapel/vendor/google/mac_permissions.xml b/legacy/mac_permissions.xml
similarity index 100%
rename from whitechapel/vendor/google/mac_permissions.xml
rename to legacy/mac_permissions.xml
diff --git a/whitechapel/vendor/google/mediacodec.te b/legacy/mediacodec.te
similarity index 100%
rename from whitechapel/vendor/google/mediacodec.te
rename to legacy/mediacodec.te
diff --git a/whitechapel/vendor/google/modem_diagnostics.te b/legacy/modem_diagnostics.te
similarity index 100%
rename from whitechapel/vendor/google/modem_diagnostics.te
rename to legacy/modem_diagnostics.te
diff --git a/whitechapel/vendor/google/modem_logging_control.te b/legacy/modem_logging_control.te
similarity index 100%
rename from whitechapel/vendor/google/modem_logging_control.te
rename to legacy/modem_logging_control.te
diff --git a/whitechapel/vendor/google/modem_svc_sit.te b/legacy/modem_svc_sit.te
similarity index 100%
rename from whitechapel/vendor/google/modem_svc_sit.te
rename to legacy/modem_svc_sit.te
diff --git a/whitechapel/vendor/google/netutils_wrapper.te b/legacy/netutils_wrapper.te
similarity index 100%
rename from whitechapel/vendor/google/netutils_wrapper.te
rename to legacy/netutils_wrapper.te
diff --git a/whitechapel/vendor/google/ofl_app.te b/legacy/ofl_app.te
similarity index 100%
rename from whitechapel/vendor/google/ofl_app.te
rename to legacy/ofl_app.te
diff --git a/whitechapel/vendor/google/omadm.te b/legacy/omadm.te
similarity index 100%
rename from whitechapel/vendor/google/omadm.te
rename to legacy/omadm.te
diff --git a/whitechapel/vendor/google/pixelstats_vendor.te b/legacy/pixelstats_vendor.te
similarity index 100%
rename from whitechapel/vendor/google/pixelstats_vendor.te
rename to legacy/pixelstats_vendor.te
diff --git a/whitechapel/vendor/google/pktrouter.te b/legacy/pktrouter.te
similarity index 100%
rename from whitechapel/vendor/google/pktrouter.te
rename to legacy/pktrouter.te
diff --git a/whitechapel/vendor/google/platform_app.te b/legacy/platform_app.te
similarity index 100%
rename from whitechapel/vendor/google/platform_app.te
rename to legacy/platform_app.te
diff --git a/whitechapel/vendor/google/priv_app.te b/legacy/priv_app.te
similarity index 100%
rename from whitechapel/vendor/google/priv_app.te
rename to legacy/priv_app.te
diff --git a/whitechapel/vendor/google/property.te b/legacy/property.te
similarity index 100%
rename from whitechapel/vendor/google/property.te
rename to legacy/property.te
diff --git a/whitechapel/vendor/google/property_contexts b/legacy/property_contexts
similarity index 100%
rename from whitechapel/vendor/google/property_contexts
rename to legacy/property_contexts
diff --git a/whitechapel/vendor/google/radio.te b/legacy/radio.te
similarity index 100%
rename from whitechapel/vendor/google/radio.te
rename to legacy/radio.te
diff --git a/whitechapel/vendor/google/ramdump_app.te b/legacy/ramdump_app.te
similarity index 100%
rename from whitechapel/vendor/google/ramdump_app.te
rename to legacy/ramdump_app.te
diff --git a/whitechapel/vendor/google/recovery.te b/legacy/recovery.te
similarity index 100%
rename from whitechapel/vendor/google/recovery.te
rename to legacy/recovery.te
diff --git a/whitechapel/vendor/google/rfsd.te b/legacy/rfsd.te
similarity index 100%
rename from whitechapel/vendor/google/rfsd.te
rename to legacy/rfsd.te
diff --git a/whitechapel/vendor/google/ril_config_service.te b/legacy/ril_config_service.te
similarity index 100%
rename from whitechapel/vendor/google/ril_config_service.te
rename to legacy/ril_config_service.te
diff --git a/whitechapel/vendor/google/rild.te b/legacy/rild.te
similarity index 100%
rename from whitechapel/vendor/google/rild.te
rename to legacy/rild.te
diff --git a/whitechapel/vendor/google/rlsservice.te b/legacy/rlsservice.te
similarity index 100%
rename from whitechapel/vendor/google/rlsservice.te
rename to legacy/rlsservice.te
diff --git a/whitechapel/vendor/google/scd.te b/legacy/scd.te
similarity index 100%
rename from whitechapel/vendor/google/scd.te
rename to legacy/scd.te
diff --git a/whitechapel/vendor/google/sced.te b/legacy/sced.te
similarity index 100%
rename from whitechapel/vendor/google/sced.te
rename to legacy/sced.te
diff --git a/whitechapel/vendor/google/seapp_contexts b/legacy/seapp_contexts
similarity index 100%
rename from whitechapel/vendor/google/seapp_contexts
rename to legacy/seapp_contexts
diff --git a/whitechapel/vendor/google/securedpud.slider.te b/legacy/securedpud.slider.te
similarity index 100%
rename from whitechapel/vendor/google/securedpud.slider.te
rename to legacy/securedpud.slider.te
diff --git a/whitechapel/vendor/google/service.te b/legacy/service.te
similarity index 100%
rename from whitechapel/vendor/google/service.te
rename to legacy/service.te
diff --git a/whitechapel/vendor/google/service_contexts b/legacy/service_contexts
similarity index 100%
rename from whitechapel/vendor/google/service_contexts
rename to legacy/service_contexts
diff --git a/whitechapel/vendor/google/shell.te b/legacy/shell.te
similarity index 100%
rename from whitechapel/vendor/google/shell.te
rename to legacy/shell.te
diff --git a/whitechapel/vendor/google/ssr_detector.te b/legacy/ssr_detector.te
similarity index 100%
rename from whitechapel/vendor/google/ssr_detector.te
rename to legacy/ssr_detector.te
diff --git a/whitechapel/vendor/google/storageproxyd.te b/legacy/storageproxyd.te
similarity index 100%
rename from whitechapel/vendor/google/storageproxyd.te
rename to legacy/storageproxyd.te
diff --git a/whitechapel/vendor/google/system_app.te b/legacy/system_app.te
similarity index 100%
rename from whitechapel/vendor/google/system_app.te
rename to legacy/system_app.te
diff --git a/whitechapel/vendor/google/system_server.te b/legacy/system_server.te
similarity index 100%
rename from whitechapel/vendor/google/system_server.te
rename to legacy/system_server.te
diff --git a/whitechapel/vendor/google/tcpdump_logger.te b/legacy/tcpdump_logger.te
similarity index 100%
rename from whitechapel/vendor/google/tcpdump_logger.te
rename to legacy/tcpdump_logger.te
diff --git a/usf/te_macros b/legacy/te_macros
similarity index 100%
rename from usf/te_macros
rename to legacy/te_macros
diff --git a/whitechapel/vendor/google/toolbox.te b/legacy/toolbox.te
similarity index 100%
rename from whitechapel/vendor/google/toolbox.te
rename to legacy/toolbox.te
diff --git a/whitechapel/vendor/google/trusty_apploader.te b/legacy/trusty_apploader.te
similarity index 100%
rename from whitechapel/vendor/google/trusty_apploader.te
rename to legacy/trusty_apploader.te
diff --git a/whitechapel/vendor/google/trusty_metricsd.te b/legacy/trusty_metricsd.te
similarity index 100%
rename from whitechapel/vendor/google/trusty_metricsd.te
rename to legacy/trusty_metricsd.te
diff --git a/whitechapel/vendor/google/twoshay.te b/legacy/twoshay.te
similarity index 100%
rename from whitechapel/vendor/google/twoshay.te
rename to legacy/twoshay.te
diff --git a/whitechapel/vendor/google/untrusted_app_all.te b/legacy/untrusted_app_all.te
similarity index 100%
rename from whitechapel/vendor/google/untrusted_app_all.te
rename to legacy/untrusted_app_all.te
diff --git a/whitechapel/vendor/google/update_engine.te b/legacy/update_engine.te
similarity index 100%
rename from whitechapel/vendor/google/update_engine.te
rename to legacy/update_engine.te
diff --git a/whitechapel/vendor/google/uwb_vendor_app.te b/legacy/uwb_vendor_app.te
similarity index 100%
rename from whitechapel/vendor/google/uwb_vendor_app.te
rename to legacy/uwb_vendor_app.te
diff --git a/whitechapel/vendor/google/vcd.te b/legacy/vcd.te
similarity index 100%
rename from whitechapel/vendor/google/vcd.te
rename to legacy/vcd.te
diff --git a/whitechapel/vendor/google/vendor_ims_app.te b/legacy/vendor_ims_app.te
similarity index 100%
rename from whitechapel/vendor/google/vendor_ims_app.te
rename to legacy/vendor_ims_app.te
diff --git a/whitechapel/vendor/google/vendor_init.te b/legacy/vendor_init.te
similarity index 100%
rename from whitechapel/vendor/google/vendor_init.te
rename to legacy/vendor_init.te
diff --git a/whitechapel/vendor/google/vendor_shell.te b/legacy/vendor_shell.te
similarity index 100%
rename from whitechapel/vendor/google/vendor_shell.te
rename to legacy/vendor_shell.te
diff --git a/whitechapel/vendor/google/vendor_telephony_app.te b/legacy/vendor_telephony_app.te
similarity index 100%
rename from whitechapel/vendor/google/vendor_telephony_app.te
rename to legacy/vendor_telephony_app.te
diff --git a/whitechapel/vendor/google/vndservice.te b/legacy/vndservice.te
similarity index 100%
rename from whitechapel/vendor/google/vndservice.te
rename to legacy/vndservice.te
diff --git a/whitechapel/vendor/google/vndservice_contexts b/legacy/vndservice_contexts
similarity index 100%
rename from whitechapel/vendor/google/vndservice_contexts
rename to legacy/vndservice_contexts
diff --git a/whitechapel/vendor/google/vold.te b/legacy/vold.te
similarity index 100%
rename from whitechapel/vendor/google/vold.te
rename to legacy/vold.te
diff --git a/whitechapel/vendor/google/wifi_sniffer.te b/legacy/wifi_sniffer.te
similarity index 100%
rename from whitechapel/vendor/google/wifi_sniffer.te
rename to legacy/wifi_sniffer.te
diff --git a/whitechapel/vendor/google/wlcfwupdate.te b/legacy/wlcfwupdate.te
similarity index 100%
rename from whitechapel/vendor/google/wlcfwupdate.te
rename to legacy/wlcfwupdate.te
diff --git a/private/dex2oat.te b/private/dex2oat.te
deleted file mode 100644
index 50d7852..0000000
--- a/private/dex2oat.te
+++ /dev/null
@@ -1,59 +0,0 @@
-# b/187016929
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat proc_filesystems:file read ;
-dontaudit dex2oat postinstall_apex_mnt_dir:file getattr ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat proc_filesystems:file read ;
-dontaudit dex2oat postinstall_apex_mnt_dir:file getattr ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
-dontaudit dex2oat vendor_overlay_file:file read ;
diff --git a/private/gmscore_app.te b/private/gmscore_app.te
deleted file mode 100644
index fa20f24..0000000
--- a/private/gmscore_app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/177389198
-dontaudit gmscore_app adbd_prop:file *;
diff --git a/private/hal_dumpstate_default.te b/private/hal_dumpstate_default.te
deleted file mode 100644
index 83c7568..0000000
--- a/private/hal_dumpstate_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/176868217
-dontaudit hal_dumpstate adbd_prop:file *;
diff --git a/private/incidentd.te b/private/incidentd.te
deleted file mode 100644
index 1557f06..0000000
--- a/private/incidentd.te
+++ /dev/null
@@ -1,14 +0,0 @@
-# b/174961589
-dontaudit incidentd adbd_config_prop:file open ;
-dontaudit incidentd adbd_prop:file getattr ;
-dontaudit incidentd adbd_prop:file open ;
-dontaudit incidentd adbd_config_prop:file open ;
-dontaudit incidentd adbd_config_prop:file getattr ;
-dontaudit incidentd adbd_config_prop:file map ;
-dontaudit incidentd adbd_prop:file open ;
-dontaudit incidentd adbd_prop:file getattr ;
-dontaudit incidentd adbd_prop:file map ;
-dontaudit incidentd apexd_prop:file open ;
-dontaudit incidentd adbd_config_prop:file getattr ;
-dontaudit incidentd adbd_config_prop:file map ;
-dontaudit incidentd adbd_prop:file map ;
diff --git a/private/lpdumpd.te b/private/lpdumpd.te
deleted file mode 100644
index 86a101c..0000000
--- a/private/lpdumpd.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# b/177176997
-dontaudit lpdumpd block_device:blk_file getattr ;
-dontaudit lpdumpd block_device:blk_file getattr ;
-dontaudit lpdumpd block_device:blk_file read ;
-dontaudit lpdumpd block_device:blk_file getattr ;
-dontaudit lpdumpd block_device:blk_file read ;
-dontaudit lpdumpd block_device:blk_file read ;
diff --git a/private/priv_app.te b/private/priv_app.te
deleted file mode 100644
index 2ef1f96..0000000
--- a/private/priv_app.te
+++ /dev/null
@@ -1,19 +0,0 @@
-# b/178433525
-dontaudit priv_app adbd_prop:file { map };
-dontaudit priv_app adbd_prop:file { getattr };
-dontaudit priv_app adbd_prop:file { open };
-dontaudit priv_app ab_update_gki_prop:file { map };
-dontaudit priv_app ab_update_gki_prop:file { getattr };
-dontaudit priv_app ab_update_gki_prop:file { open };
-dontaudit priv_app aac_drc_prop:file { map };
-dontaudit priv_app aac_drc_prop:file { getattr };
-dontaudit priv_app aac_drc_prop:file { open };
-dontaudit priv_app adbd_prop:file { map };
-dontaudit priv_app aac_drc_prop:file { open };
-dontaudit priv_app aac_drc_prop:file { getattr };
-dontaudit priv_app aac_drc_prop:file { map };
-dontaudit priv_app ab_update_gki_prop:file { open };
-dontaudit priv_app ab_update_gki_prop:file { getattr };
-dontaudit priv_app ab_update_gki_prop:file { map };
-dontaudit priv_app adbd_prop:file { open };
-dontaudit priv_app adbd_prop:file { getattr };
diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
deleted file mode 100644
index f26e081..0000000
--- a/private/untrusted_app_25.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/177389321
-dontaudit untrusted_app_25 adbd_prop:file *;
diff --git a/private/wait_for_keymaster.te b/private/wait_for_keymaster.te
deleted file mode 100644
index 0e29999..0000000
--- a/private/wait_for_keymaster.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/188114822
-dontaudit wait_for_keymaster servicemanager:binder transfer;
diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te
deleted file mode 100644
index 513736b..0000000
--- a/tracking_denials/dumpstate.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# b/185723618
-dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find };
-# b/187795940
-dontaudit dumpstate twoshay:binder call;
diff --git a/tracking_denials/gpsd.te b/tracking_denials/gpsd.te
deleted file mode 100644
index fe55439..0000000
--- a/tracking_denials/gpsd.te
+++ /dev/null
@@ -1,11 +0,0 @@
-# b/173969091
-dontaudit gpsd radio_prop:file { read };
-dontaudit gpsd radio_prop:file { open };
-dontaudit gpsd radio_prop:file { map };
-dontaudit gpsd radio_prop:file { map };
-dontaudit gpsd system_data_file:dir { search };
-dontaudit gpsd radio_prop:file { read };
-dontaudit gpsd radio_prop:file { open };
-dontaudit gpsd radio_prop:file { getattr };
-dontaudit gpsd system_data_file:dir { search };
-dontaudit gpsd radio_prop:file { getattr };
diff --git a/tracking_denials/hal_camera_default.te b/tracking_denials/hal_camera_default.te
deleted file mode 100644
index 6ab5a51..0000000
--- a/tracking_denials/hal_camera_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# b/178980085
-dontaudit hal_camera_default system_data_file:dir { search };
-# b/180567725
-dontaudit hal_camera_default traced:unix_stream_socket { connectto };
-dontaudit hal_camera_default traced_producer_socket:sock_file { write };
diff --git a/tracking_denials/hal_fingerprint_default.te b/tracking_denials/hal_fingerprint_default.te
deleted file mode 100644
index e9c6ff2..0000000
--- a/tracking_denials/hal_fingerprint_default.te
+++ /dev/null
@@ -1,15 +0,0 @@
-# b/183338543
-dontaudit hal_fingerprint_default system_data_root_file:file { read };
-dontaudit hal_fingerprint_default default_prop:file { getattr };
-dontaudit hal_fingerprint_default default_prop:file { map };
-dontaudit hal_fingerprint_default default_prop:file { open };
-dontaudit hal_fingerprint_default default_prop:file { read };
-dontaudit hal_fingerprint_default system_data_root_file:file { open };
-dontaudit hal_fingerprint_default system_data_root_file:file { read };
-dontaudit hal_fingerprint_default default_prop:file { map };
-dontaudit hal_fingerprint_default default_prop:file { getattr };
-dontaudit hal_fingerprint_default default_prop:file { open };
-dontaudit hal_fingerprint_default default_prop:file { read };
-dontaudit hal_fingerprint_default system_data_root_file:file { open };
-# b/187015705
-dontaudit hal_fingerprint_default property_socket:sock_file write;
diff --git a/tracking_denials/hal_graphics_composer_default.te b/tracking_denials/hal_graphics_composer_default.te
deleted file mode 100644
index ef727b5..0000000
--- a/tracking_denials/hal_graphics_composer_default.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# b/185723492
-dontaudit hal_graphics_composer_default hal_dumpstate_default:fd { use };
-dontaudit hal_graphics_composer_default hal_dumpstate_default:fd { use };
diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te
deleted file mode 100644
index 9ebda63..0000000
--- a/tracking_denials/hal_neuralnetworks_armnn.te
+++ /dev/null
@@ -1,33 +0,0 @@
-# b/171160755
-dontaudit hal_neuralnetworks_armnn traced:unix_stream_socket connectto ;
-dontaudit hal_neuralnetworks_armnn hal_neuralnetworks_hwservice:hwservice_manager add ;
-dontaudit hal_neuralnetworks_armnn hal_neuralnetworks_hwservice:hwservice_manager find ;
-dontaudit hal_neuralnetworks_armnn hwservicemanager:binder transfer ;
-dontaudit hal_neuralnetworks_armnn hwservicemanager:binder call ;
-dontaudit hal_neuralnetworks_armnn hwservicemanager_prop:file map ;
-dontaudit hal_neuralnetworks_armnn hwservicemanager_prop:file getattr ;
-dontaudit hal_neuralnetworks_armnn hwservicemanager_prop:file open ;
-dontaudit hal_neuralnetworks_armnn hwservicemanager_prop:file read ;
-dontaudit hal_neuralnetworks_armnn gpu_device:chr_file {read write} ;
-dontaudit hal_neuralnetworks_armnn gpu_device:chr_file open ;
-dontaudit hal_neuralnetworks_armnn gpu_device:chr_file getattr ;
-dontaudit hal_neuralnetworks_armnn gpu_device:chr_file ioctl ;
-dontaudit hal_neuralnetworks_armnn gpu_device:chr_file map ;
-dontaudit hal_neuralnetworks_armnn gpu_device:chr_file {read write} ;
-dontaudit hal_neuralnetworks_armnn traced_producer_socket:sock_file write ;
-dontaudit hal_neuralnetworks_armnn hidl_base_hwservice:hwservice_manager add ;
-# b/171670122
-dontaudit hal_neuralnetworks_armnn debugfs_tracing:file { read };
-dontaudit hal_neuralnetworks_armnn debugfs_tracing:file { open };
-# b/180550063
-dontaudit hal_neuralnetworks_armnn system_data_file:dir { search };
-dontaudit hal_neuralnetworks_armnn system_data_file:dir { search };
-# b/180858476
-dontaudit hal_neuralnetworks_armnn default_prop:file { read };
-dontaudit hal_neuralnetworks_armnn default_prop:file { read };
-dontaudit hal_neuralnetworks_armnn default_prop:file { open };
-dontaudit hal_neuralnetworks_armnn default_prop:file { getattr };
-dontaudit hal_neuralnetworks_armnn default_prop:file { map };
-dontaudit hal_neuralnetworks_armnn default_prop:file { open };
-dontaudit hal_neuralnetworks_armnn default_prop:file { getattr };
-dontaudit hal_neuralnetworks_armnn default_prop:file { map };
diff --git a/tracking_denials/hal_neuralnetworks_darwinn.te b/tracking_denials/hal_neuralnetworks_darwinn.te
deleted file mode 100644
index e69de29..0000000
--- a/tracking_denials/hal_neuralnetworks_darwinn.te
+++ /dev/null
diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te
deleted file mode 100644
index ab5c7ec..0000000
--- a/tracking_denials/hal_power_default.te
+++ /dev/null
@@ -1,12 +0,0 @@
-# b/171760921
-dontaudit hal_power_default hal_power_default:capability { dac_override };
-# b/178331773
-dontaudit hal_power_default sysfs:file { write };
-dontaudit hal_power_default sysfs:file { open };
-dontaudit hal_power_default sysfs:file { write };
-dontaudit hal_power_default sysfs:file { open };
-# b/178752616
-dontaudit hal_power_default sysfs:file { read };
-dontaudit hal_power_default sysfs:file { getattr };
-dontaudit hal_power_default sysfs:file { read };
-dontaudit hal_power_default sysfs:file { getattr };
diff --git a/tracking_denials/hardware_info_app.te b/tracking_denials/hardware_info_app.te
deleted file mode 100644
index 8e02952..0000000
--- a/tracking_denials/hardware_info_app.te
+++ /dev/null
@@ -1,14 +0,0 @@
-# b/181177926
-dontaudit hardware_info_app sysfs_batteryinfo:file { read };
-dontaudit hardware_info_app sysfs:file { read };
-dontaudit hardware_info_app sysfs:file { open };
-dontaudit hardware_info_app sysfs:file { getattr };
-dontaudit hardware_info_app sysfs_batteryinfo:dir { search };
-# b/181914888
-dontaudit hardware_info_app sysfs_batteryinfo:file { open };
-dontaudit hardware_info_app sysfs_batteryinfo:file { getattr };
-dontaudit hardware_info_app vendor_regmap_debugfs:dir { search };
-# b/181915166
-dontaudit hardware_info_app sysfs_batteryinfo:file { getattr };
-dontaudit hardware_info_app sysfs_batteryinfo:file { open };
-dontaudit hardware_info_app vendor_regmap_debugfs:dir { search };
diff --git a/tracking_denials/incidentd.te b/tracking_denials/incidentd.te
deleted file mode 100644
index a998712..0000000
--- a/tracking_denials/incidentd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/187015816
-dontaudit incidentd apex_info_file:file getattr;
diff --git a/tracking_denials/init.te b/tracking_denials/init.te
deleted file mode 100644
index 27d6f88..0000000
--- a/tracking_denials/init.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# b/180963348
-dontaudit init overlayfs_file:chr_file { unlink };
-dontaudit init overlayfs_file:file { rename };
diff --git a/tracking_denials/ofl_app.te b/tracking_denials/ofl_app.te
deleted file mode 100644
index 525ebda..0000000
--- a/tracking_denials/ofl_app.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# b/184005231
-dontaudit ofl_app default_prop:file { read };
-
diff --git a/tracking_denials/pixelstats_vendor.te b/tracking_denials/pixelstats_vendor.te
deleted file mode 100644
index 4bc5f01..0000000
--- a/tracking_denials/pixelstats_vendor.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# b/183338421
-dontaudit pixelstats_vendor sysfs_dma_heap:dir { search };
-dontaudit pixelstats_vendor sysfs_dma_heap:file { read };
-dontaudit pixelstats_vendor sysfs_dma_heap:file { open };
-dontaudit pixelstats_vendor sysfs_dma_heap:file { getattr };
-# b/188114896
-dontaudit pixelstats_vendor debugfs_mgm:dir read;
diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te
deleted file mode 100644
index bebe393..0000000
--- a/tracking_denials/priv_app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/187016930
-dontaudit priv_app fwk_stats_service:service_manager find ;
diff --git a/tracking_denials/servicemanager.te b/tracking_denials/servicemanager.te
deleted file mode 100644
index 0900dcd..0000000
--- a/tracking_denials/servicemanager.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# b/182086688
-dontaudit servicemanager hal_sensors_default:binder { call };
-dontaudit servicemanager hal_sensors_default:binder { call };
diff --git a/tracking_denials/surfaceflinger.te b/tracking_denials/surfaceflinger.te
deleted file mode 100644
index 1f7fd2a..0000000
--- a/tracking_denials/surfaceflinger.te
+++ /dev/null
@@ -1,12 +0,0 @@
-# b/176868297
-dontaudit surfaceflinger hal_graphics_composer_default:dir search ;
-# b/177176899
-dontaudit surfaceflinger hal_graphics_composer_default:file open ;
-dontaudit surfaceflinger hal_graphics_composer_default:file read ;
-dontaudit surfaceflinger hal_graphics_composer_default:file getattr ;
-dontaudit surfaceflinger hal_graphics_composer_default:file read ;
-dontaudit surfaceflinger hal_graphics_composer_default:file open ;
-dontaudit surfaceflinger hal_graphics_composer_default:file read ;
-dontaudit surfaceflinger hal_graphics_composer_default:file open ;
-dontaudit surfaceflinger hal_graphics_composer_default:file getattr ;
-dontaudit surfaceflinger hal_graphics_composer_default:file getattr ;
diff --git a/tracking_denials/trusty_apploader.te b/tracking_denials/trusty_apploader.te
deleted file mode 100644
index 3f6e9ae..0000000
--- a/tracking_denials/trusty_apploader.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# b/182953825
-dontaudit trusty_apploader trusty_apploader:capability { dac_override };
-dontaudit trusty_apploader trusty_apploader:capability { dac_override };
diff --git a/tracking_denials/untrusted_app.te b/tracking_denials/untrusted_app.te
deleted file mode 100644
index 9b098f8..0000000
--- a/tracking_denials/untrusted_app.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# b/184593993
-dontaudit untrusted_app vendor_camera_prop:file { read };
-dontaudit untrusted_app vendor_camera_prop:file { read };
-dontaudit untrusted_app vendor_camera_prop:file { read };
diff --git a/tracking_denials/update_engine.te b/tracking_denials/update_engine.te
deleted file mode 100644
index 98e7b85..0000000
--- a/tracking_denials/update_engine.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/187016910
-dontaudit update_engine mnt_vendor_file:dir search ;
diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te
deleted file mode 100644
index d2c20fe..0000000
--- a/tracking_denials/vendor_init.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/176528557
-dontaudit vendor_init debugfs_trace_marker:file { getattr };
diff --git a/usf/file.te b/usf/file.te
deleted file mode 100644
index e264c27..0000000
--- a/usf/file.te
+++ /dev/null
@@ -1,12 +0,0 @@
-#
-# USF file SELinux type enforcements.
-#
-
-# Declare the sensor registry persist file type. By convention, persist file
-# types begin with "persist_".
-type persist_sensor_reg_file, file_type, vendor_persist_type;
-
-# Declare the sensor registry data file type. By convention, data file types
-# end with "data_file".
-type sensor_reg_data_file, file_type, data_file_type;
-
diff --git a/usf/file_contexts b/usf/file_contexts
deleted file mode 100644
index ff3d41d..0000000
--- a/usf/file_contexts
+++ /dev/null
@@ -1,10 +0,0 @@
-#
-# USF SELinux file security contexts.
-#
-
-# Sensor registry persist files.
-/mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0
-
-# Sensor registry data files.
-/data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0
-
diff --git a/usf/sensor_hal.te b/usf/sensor_hal.te
deleted file mode 100644
index 233c523..0000000
--- a/usf/sensor_hal.te
+++ /dev/null
@@ -1,60 +0,0 @@
-#
-# USF sensor HAL SELinux type enforcements.
-#
-
-# Allow reading of sensor registry persist files.
-allow hal_sensors_default persist_file:dir search;
-allow hal_sensors_default mnt_vendor_file:dir search;
-r_dir_file(hal_sensors_default, persist_sensor_reg_file)
-
-# Allow creation and writing of sensor registry data files.
-allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms;
-allow hal_sensors_default sensor_reg_data_file:file create_file_perms;
-
-# Allow access to the AoC communication driver.
-allow hal_sensors_default aoc_device:chr_file rw_file_perms;
-
-# Allow access to the AoC clock and kernel boot time sys FS node. This is needed
-# to synchronize the AP and AoC clock timestamps.
-allow hal_sensors_default sysfs_aoc_boottime:file rw_file_perms;
-
-# Allow create thread to watch AOC's device.
-allow hal_sensors_default device:dir r_dir_perms;
-
-# Allow access to the files of CDT information.
-r_dir_file(hal_sensors_default, sysfs_chosen)
-
-# Allow display_info_service access to the backlight driver.
-allow hal_sensors_default sysfs_leds:dir search;
-allow hal_sensors_default sysfs_leds:file rw_file_perms;
-
-# Allow access to the power supply files for MagCC.
-r_dir_file(hal_sensors_default, sysfs_batteryinfo)
-allow hal_sensors_default sysfs_wlc:dir r_dir_perms;
-
-# Allow access to sensor service for sensor_listener.
-binder_call(hal_sensors_default, system_server);
-
-# Allow access to the sysfs_aoc.
-allow hal_sensors_default sysfs_aoc:dir search;
-allow hal_sensors_default sysfs_aoc:file r_file_perms;
-
-# Allow use of the USF low latency transport.
-usf_low_latency_transport(hal_sensors_default)
-
-# Allow sensor HAL to reset AOC.
-allow hal_sensors_default sysfs_aoc_reset:file w_file_perms;
-
-#
-# Suez type enforcements.
-#
-
-# Allow SensorSuez to connect AIDL stats.
-binder_use(hal_sensors_default);
-allow hal_sensors_default fwk_stats_service:service_manager find;
-
-# Allow access to CHRE socket to connect to nanoapps.
-unix_socket_connect(hal_sensors_default, chre, chre)
-
-# Allow sensor HAL to read lhbm.
-allow hal_sensors_default sysfs_lhbm:file r_file_perms;
diff --git a/whitechapel/vendor/google/domain.te b/whitechapel/vendor/google/domain.te
deleted file mode 100644
index cffaf8c..0000000
--- a/whitechapel/vendor/google/domain.te
+++ /dev/null
@@ -1 +0,0 @@
-allow {domain -appdomain -rs} sysfs_vendor_sched:file w_file_perms;
diff --git a/whitechapel/vendor/google/keys.conf b/whitechapel/vendor/google/keys.conf
deleted file mode 100644
index 175d09d..0000000
--- a/whitechapel/vendor/google/keys.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-[@MDS]
-ALL : device/google/gs201-sepolicy/whitechapel/vendor/google/certs/com_google_mds.x509.pem
-
-[@UWB]
-ALL : device/google/gs201-sepolicy/whitechapel/vendor/google/certs/com_qorvo_uwb.x509.pem
