Merge "Add module_load permission to system class" into nyc-dev

commit: 10908ff29dfb654787f99f1e4ea7e4bf2c93aec9 [log] [tgz]
author: Jeffrey Vander Stoep <jeffv@google.com> Thu Apr 07 20:17:08 2016 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Thu Apr 07 20:17:09 2016 +0000
tree: 2c5dd2ef1b3d5796aea1564d3694775a0b252230
parent: 182c4f31d95925376118ac1ba7e68f3372b012b1 [diff]
parent: 6d77d852ea239cdccb357aac39b15bdf26ffe491 [diff]
diff --git a/bluetooth.te b/bluetooth.te
index ff664ab..4b20a58 100644
--- a/bluetooth.te
+++ b/bluetooth.te

@@ -57,7 +57,8 @@
 # Access to /data/media.
 # This should be removed if sdcardfs is modified to alter the secontext for its
 # accesses to the underlying FS.
-allow bluetooth media_rw_data_file:dir search;
+allow bluetooth media_rw_data_file:dir create_dir_perms;
+allow bluetooth media_rw_data_file:file create_file_perms;
 
 ###
 ### Neverallow rules

diff --git a/platform_app.te b/platform_app.te
index 3e6cd1a..8ac7932 100644
--- a/platform_app.te
+++ b/platform_app.te

@@ -50,3 +50,4 @@
 allow platform_app surfaceflinger_service:service_manager find;
 allow platform_app app_api_service:service_manager find;
 allow platform_app system_api_service:service_manager find;
+allow platform_app vr_manager_service:service_manager find;

diff --git a/service.te b/service.te
index 71f8f3b..bd6ab38 100644
--- a/service.te
+++ b/service.te

@@ -110,6 +110,7 @@
 type user_service, app_api_service, system_server_service, service_manager_type;
 type vibrator_service, app_api_service, system_server_service, service_manager_type;
 type voiceinteraction_service, app_api_service, system_server_service, service_manager_type;
+type vr_manager_service, system_server_service, service_manager_type;
 type wallpaper_service, app_api_service, system_server_service, service_manager_type;
 type webviewupdate_service, app_api_service, system_server_service, service_manager_type;
 type wifip2p_service, app_api_service, system_server_service, service_manager_type;

diff --git a/service_contexts b/service_contexts
index c1fe961..288ff90 100644
--- a/service_contexts
+++ b/service_contexts

@@ -135,6 +135,7 @@
 user                                      u:object_r:user_service:s0
 vibrator                                  u:object_r:vibrator_service:s0
 voiceinteraction                          u:object_r:voiceinteraction_service:s0
+vrmanager                                 u:object_r:vr_manager_service:s0
 wallpaper                                 u:object_r:wallpaper_service:s0
 webviewupdate                             u:object_r:webviewupdate_service:s0
 wifip2p                                   u:object_r:wifip2p_service:s0

diff --git a/system_server.te b/system_server.te
index 8d8c303..ac27256 100644
--- a/system_server.te
+++ b/system_server.te

@@ -497,6 +497,9 @@
 # accesses to the underlying FS.
 allow system_server media_rw_data_file:dir search;
 
+# Allow invoking tools like "timeout"
+allow system_server toolbox_exec:file rx_file_perms;
+
 ###
 ### Neverallow rules
 ###
commit	10908ff29dfb654787f99f1e4ea7e4bf2c93aec9	[log] [tgz]
author	Jeffrey Vander Stoep <jeffv@google.com>	Thu Apr 07 20:17:08 2016 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Thu Apr 07 20:17:09 2016 +0000
tree	2c5dd2ef1b3d5796aea1564d3694775a0b252230
parent	182c4f31d95925376118ac1ba7e68f3372b012b1 [diff]
parent	6d77d852ea239cdccb357aac39b15bdf26ffe491 [diff]