Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918

Bug: 205056467
Merged-In: I788344419e2eee44443f4e4cc342c0de11632be1
Change-Id: I5646901310b1463cd52da34fcecfcd756a18452e
diff --git a/vendor/google/device.te b/vendor/google/device.te
index 21282a1..3a88966 100644
--- a/vendor/google/device.te
+++ b/vendor/google/device.te
@@ -1,6 +1,6 @@
 type ramoops_device, dev_type;
 type rls_device, dev_type;
-type dp_block_device, dev_type, bdev_type;
+type dp_block_device, dev_type;
 type qg_device, dev_type;
 type logbuffer_device, dev_type;
 type smcinvoke_device, dev_type;
diff --git a/vendor/google/dumpstate.te b/vendor/google/dumpstate.te
index 12a6a43..b3fc3dd 100644
--- a/vendor/google/dumpstate.te
+++ b/vendor/google/dumpstate.te
@@ -4,6 +4,7 @@
 userdebug_or_eng(`
   allow dumpstate debugfs_dma_buf:file r_file_perms;
   allow dumpstate media_rw_data_file:file append;
+  dontaudit dumpstate su:process sigkill;
 ')
 
 # For collecting bugreports.
diff --git a/vendor/google/modem_diagnostics.te b/vendor/google/modem_diagnostics.te
index 4e7f3d5..c481738 100644
--- a/vendor/google/modem_diagnostics.te
+++ b/vendor/google/modem_diagnostics.te
@@ -18,4 +18,7 @@
   set_prop(modem_diagnostic_app, vendor_modem_diag_prop)
   set_prop(modem_diagnostic_app, radio_control_prop)
   set_prop(modem_diagnostic_app, vendor_radio_prop)
+
+  allow modem_diagnostic_app sysfs_batteryinfo:file r_file_perms;
+  allow modem_diagnostic_app sysfs_batteryinfo:dir search;
 ')
diff --git a/vendor/qcom/common/device.te b/vendor/qcom/common/device.te
index 43a7063..db7a09c 100644
--- a/vendor/qcom/common/device.te
+++ b/vendor/qcom/common/device.te
@@ -3,15 +3,15 @@
 type qdsp_device, dev_type, mlstrustedobject;
 type fm_radio_device, dev_type;
 type sg_device, dev_type;
-type ssd_block_device, dev_type, bdev_type;
+type ssd_block_device, dev_type;
 type ramdump_device, dev_type;
 type ipa_dev, dev_type;
 type modem_ssr_device, dev_type;
 type qce_device, dev_type;
 type at_device, dev_type;
 type wlan_device, dev_type;
-type custom_ab_block_device, dev_type, bdev_type;
-type xbl_block_device, dev_type, bdev_type;
-type gpt_block_device, dev_type, bdev_type;
-type modem_block_device, dev_type, bdev_type;
-type persist_block_device, dev_type, bdev_type;
+type custom_ab_block_device, dev_type;
+type xbl_block_device, dev_type;
+type gpt_block_device, dev_type;
+type modem_block_device, dev_type;
+type persist_block_device, dev_type;
diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te
index 1cfad85..1573c2d 100644
--- a/vendor/qcom/common/file.te
+++ b/vendor/qcom/common/file.te
@@ -51,7 +51,7 @@
 type mpss_rfs_data_file, data_file_type, file_type;
 type rfs_tombstone_data_file, data_file_type, file_type;
 type sysfs_msm_wlan, sysfs_type, fs_type;
-type sysfs_scsi_devices_0000, sysfs_type, fs_type, sysfs_block_type;
+type sysfs_scsi_devices_0000, sysfs_type, fs_type;
 type debugfs_sched_features, debugfs_type, fs_type;
 type debugfs_wlan, debugfs_type, fs_type;
 type debugfs_ipc, debugfs_type, fs_type;
diff --git a/vendor/qcom/common/tee.te b/vendor/qcom/common/tee.te
index 05a9c29..1aac029 100644
--- a/vendor/qcom/common/tee.te
+++ b/vendor/qcom/common/tee.te
@@ -11,12 +11,15 @@
 allow tee ssd_block_device:blk_file rw_file_perms;
 allow tee sg_device:chr_file { rw_file_perms setattr };
 
-allow tee mnt_vendor_file:dir search;
-allow tee persist_file:dir search;
+allow tee mnt_vendor_file:dir r_dir_perms;
+allow tee persist_file:dir r_dir_perms;
 allow tee persist_file:lnk_file read;
 allow tee persist_drm_file:dir create_dir_perms;
 allow tee persist_drm_file:file create_file_perms;
 
+# b/198130336
+dontaudit tee tmpfs:dir read;
+
 wakelock_use(tee);
 
 hwbinder_use(tee)