Merge "Move file labeling to genfs_contexts."
diff --git a/private/domain_deprecated.te b/private/domain_deprecated.te
index 43f1135..7c735f2 100644
--- a/private/domain_deprecated.te
+++ b/private/domain_deprecated.te
@@ -190,6 +190,7 @@
userdebug_or_eng(`
auditallow {
domain_deprecated
+ -dumpstate
-fsck
-fsck_untrusted
-sdcardd
@@ -199,6 +200,7 @@
} proc:file r_file_perms;
auditallow {
domain_deprecated
+ -dumpstate
-fsck
-fsck_untrusted
-system_server
@@ -206,6 +208,7 @@
} proc:lnk_file { open ioctl lock }; # getattr read granted in domain
auditallow {
domain_deprecated
+ -dumpstate
-fingerprintd
-healthd
-netd
diff --git a/private/file_contexts b/private/file_contexts
index d90ae95..69e4d61 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -17,8 +17,6 @@
/charger u:object_r:rootfs:s0
/init u:object_r:init_exec:s0
/sbin(/.*)? u:object_r:rootfs:s0
-/sbin/e2fsdroid u:object_r:e2fs_exec:s0
-/sbin/mke2fs u:object_r:e2fs_exec:s0
# For kernel modules
/lib(/.*)? u:object_r:rootfs:s0
@@ -178,6 +176,8 @@
#
/system(/.*)? u:object_r:system_file:s0
/system/bin/atrace u:object_r:atrace_exec:s0
+/system/bin/e2fsdroid u:object_r:e2fs_exec:s0
+/system/bin/mke2fs u:object_r:e2fs_exec:s0
/system/bin/e2fsck -- u:object_r:fsck_exec:s0
/system/bin/fsck\.f2fs -- u:object_r:fsck_exec:s0
/system/bin/fsck_msdos -- u:object_r:fsck_exec:s0
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 4f66ffb..e069fd2 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -137,8 +137,9 @@
control_logd(dumpstate)
read_runtime_log_tags(dumpstate)
-# Read /proc/net
+# Read /proc and /proc/net
allow dumpstate proc_net:file r_file_perms;
+r_dir_file(dumpstate, proc)
# Read network state info files.
allow dumpstate net_data_file:dir search;