commit 024bc597980993b1204f06c61864b7f4418b7239
author Songchun Fan <schfan@google.com> Tue Dec 17 09:45:43 2019 -0800
committer Songchun Fan <schfan@google.com> Tue Dec 17 09:57:42 2019 -0800
tree 0ca5b46684c1a23bedeeea27c8a47dbaf0709228
parent f1f79242f309bd397d7ae9bf1f730f762f82ee5d

[incremental] allow system server to read /proc/filesystems

Also allow binder service "incremental_service" to be found by service
manager.

Test: boots
BUG: 136132412
Change-Id: I3584a9b69a7e1909f096e3c4579c1834bdfba22e

private/service_contexts

diff --git a/private/service_contexts b/private/service_contexts
index 7540705..908ff68 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -100,6 +100,7 @@
 ims                                       u:object_r:radio_service:s0
 imms                                      u:object_r:imms_service:s0
 incremental                               u:object_r:incremental_service:s0
+incremental_service                       u:object_r:incremental_service:s0
 ipsec                                     u:object_r:ipsec_service:s0
 ircsmessage                               u:object_r:radio_service:s0
 iris                                      u:object_r:iris_service:s0

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index 5bd4d9d..73e4399 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -17,6 +17,9 @@
 allow system_server zygote_tmpfs:file read;
 allow system_server appdomain_tmpfs:file { getattr map read write };
 
+# For Incremental Service to check if incfs is available
+allow system_server proc_filesystems:file r_file_perms;
+
 # For art.
 allow system_server dalvikcache_data_file:dir r_dir_perms;
 allow system_server dalvikcache_data_file:file r_file_perms;