Merge "Add selinux permissions for ro.usb.uvc.enabled"
diff --git a/prebuilts/api/33.0/private/file.te b/prebuilts/api/33.0/private/file.te
index cf9ea02..c5837f9 100644
--- a/prebuilts/api/33.0/private/file.te
+++ b/prebuilts/api/33.0/private/file.te
@@ -12,7 +12,7 @@
type storaged_data_file, file_type, data_file_type, core_data_file_type;
# /data/misc/wmtrace for wm traces
-type wm_trace_data_file, file_type, data_file_type, core_data_file_type;
+type wm_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
# /data/misc/a11ytrace for accessibility traces
type accessibility_trace_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/prebuilts/api/33.0/private/platform_app.te b/prebuilts/api/33.0/private/platform_app.te
index 6112ae0..b40f6b9 100644
--- a/prebuilts/api/33.0/private/platform_app.te
+++ b/prebuilts/api/33.0/private/platform_app.te
@@ -57,6 +57,12 @@
auditallow platform_app proc_net_type:{ dir file lnk_file } { getattr open read };
')
+# Allow writing and removing wmshell protolog in /data/misc/wmtrace.
+userdebug_or_eng(`
+ allow platform_app wm_trace_data_file:dir rw_dir_perms;
+ allow platform_app wm_trace_data_file:file { getattr setattr create unlink w_file_perms };
+')
+
allow platform_app audioserver_service:service_manager find;
allow platform_app cameraserver_service:service_manager find;
allow platform_app drmserver_service:service_manager find;
diff --git a/private/file.te b/private/file.te
index e33469f..776c8e5 100644
--- a/private/file.te
+++ b/private/file.te
@@ -13,7 +13,7 @@
type storaged_data_file, file_type, data_file_type, core_data_file_type;
# /data/misc/wmtrace for wm traces
-type wm_trace_data_file, file_type, data_file_type, core_data_file_type;
+type wm_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
# /data/misc/a11ytrace for accessibility traces
type accessibility_trace_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/file_contexts b/private/file_contexts
index 7ce80ae..4c3f108 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -224,7 +224,6 @@
/system/bin/boringssl_self_test(32|64) u:object_r:boringssl_self_test_exec:s0
/system/bin/prng_seeder u:object_r:prng_seeder_exec:s0
/system/bin/charger u:object_r:charger_exec:s0
-/system/bin/canhalconfigurator(-aidl)? u:object_r:canhalconfigurator_exec:s0
/system/bin/e2fsdroid u:object_r:e2fs_exec:s0
/system/bin/mke2fs u:object_r:e2fs_exec:s0
/system/bin/e2fsck -- u:object_r:fsck_exec:s0
@@ -494,6 +493,7 @@
/(system_ext|system/system_ext)/bin/hidl_lazy_cb_test_server u:object_r:hidl_lazy_test_server_exec:s0
/(system_ext|system/system_ext)/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_service_exec:s0
+/(system_ext|system/system_ext)/bin/canhalconfigurator(-aidl)? u:object_r:canhalconfigurator_exec:s0
/(system_ext|system/system_ext)/lib(64)?(/.*)? u:object_r:system_lib_file:s0
diff --git a/private/platform_app.te b/private/platform_app.te
index f14e52d..46abb16 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -57,6 +57,12 @@
auditallow platform_app proc_net_type:{ dir file lnk_file } { getattr open read };
')
+# Allow writing and removing wmshell protolog in /data/misc/wmtrace.
+userdebug_or_eng(`
+ allow platform_app wm_trace_data_file:dir rw_dir_perms;
+ allow platform_app wm_trace_data_file:file { getattr setattr create unlink w_file_perms };
+')
+
allow platform_app audioserver_service:service_manager find;
allow platform_app cameraserver_service:service_manager find;
allow platform_app drmserver_service:service_manager find;