Annotate core components that access vendor data types

A neverallow asserts that core domains may not access data types
specified in vendor policy. For domains that still violate the
neverallow rule, grant a temporary exemption with TODOs and bugs
assigned for the remaining work.

Bug: 34980020
Test: Build and boot Marlin. Make phone call, watch youtube video.
      No new denials observed.

Change-Id: I8a1609a89edd66e1a5685d46aea04d52247a0a56
diff --git a/sepolicy/dumpstate.te b/sepolicy/dumpstate.te
index 72935eb..22935a3 100644
--- a/sepolicy/dumpstate.te
+++ b/sepolicy/dumpstate.te
@@ -1,4 +1,8 @@
+# TODO(b/36657258): Remove vendordata_in_core_violators once
+# dumpstate no longer directly accesses /data owned by a vendor
+# process.
+typeattribute dumpstate vendordata_in_core_violators;
 allow dumpstate smlog_dump_file:dir create_dir_perms;
 allow dumpstate smlog_dump_file:file create_file_perms;
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
index 5d696a9..5c117a6 100644
--- a/sepolicy/mediaserver.te
+++ b/sepolicy/mediaserver.te
@@ -1,6 +1,3 @@
-allow mediaserver perfd:unix_stream_socket connectto;
-allow mediaserver perfd_data_file:dir search;
-allow mediaserver perfd_data_file:sock_file write;
 allow mediaserver sysfs_soc:dir search;
 allow mediaserver sysfs_soc:file r_file_perms;
 # Only allow gpu ioctl commands that have been demonstrated to be necessary.
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
index adbf784..702d61c 100644
--- a/sepolicy/platform_app.te
+++ b/sepolicy/platform_app.te
@@ -1,4 +1,8 @@
+   # TODO(b/36734870): Remove this once platform_app no longer directly
+   # accesses data owned by vendor components
+   typeattribute platform_app vendordata_in_core_violators;
    # qxdmlogger rundiag perms
    allow platform_app diag_logs:dir rw_dir_perms;
    allow platform_app diag_logs:file create_file_perms;
diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
index 32fd159..82ea66a 100644
--- a/sepolicy/surfaceflinger.te
+++ b/sepolicy/surfaceflinger.te
@@ -12,3 +12,8 @@
 # persist/display
 allow surfaceflinger persist_display_file:dir r_dir_perms;
 allow surfaceflinger persist_display_file:file create_file_perms;
+# TODO(b/36655945): Remove once surfaceflinger is no longer sharing data
+# in /data/misc/display with hal_graphics_composer.
+typeattribute surfaceflinger vendordata_in_core_violators;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 1738e0d..4e8daf0 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -11,11 +11,6 @@
 # /dev/uhid
 allow system_server uhid_device:chr_file rw_file_perms;
-# talk to perfd
-allow system_server perfd_data_file:dir search;
-allow system_server perfd_data_file:sock_file write;
-allow system_server perfd:unix_stream_socket connectto;
 # TODO(b/36613917): Remove this once system_server no longer communicates with netmgrd over sockets.
 typeattribute netmgrd socket_between_core_and_vendor_violators;
 allow system_server netmgrd_socket:dir search;