Merge "Exempt ASAN from selinux build-checks."
diff --git a/private/atrace.te b/private/atrace.te
index 8740b63..5de9f99 100644
--- a/private/atrace.te
+++ b/private/atrace.te
@@ -13,8 +13,8 @@
# Allow atrace to access tracefs.
allow atrace debugfs_tracing:dir r_dir_perms;
- allow atrace debugfs_tracing:file r_file_perms;
- allow atrace tracing_shell_writable:file rw_file_perms;
+ allow atrace debugfs_tracing:file rw_file_perms;
+ allow atrace debugfs_tracing_debug:file rw_file_perms;
allow atrace debugfs_trace_marker:file getattr;
# atrace sets debug.atrace.* properties
diff --git a/private/genfs_contexts b/private/genfs_contexts
index dfd8d9c..26a64bd 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -72,6 +72,41 @@
genfscon debugfs /tracing/trace_marker u:object_r:debugfs_trace_marker:s0
genfscon tracefs /trace_marker u:object_r:debugfs_trace_marker:s0
+genfscon debugfs /tracing/events/sync/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/workqueue/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/regulator/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/pagecache/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/irq/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/ipi/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_write_begin/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_write_end/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/ext4/ext4_da_write_begin/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/ext4/ext4_da_write_end/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/ext4/ext4_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/ext4/ext4_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/block/block_rq_issue/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/block/block_rq_complete/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/saved_cmdlines_size u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/sync/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/workqueue/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/regulator/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/pagecache/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/irq/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/ipi/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/f2fs/f2fs_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/f2fs/f2fs_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/f2fs/f2fs_write_begin/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/f2fs/f2fs_write_end/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/ext4/ext4_da_write_begin/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/ext4/ext4_da_write_end/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/ext4/ext4_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/ext4/ext4_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/block/block_rq_issue/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/block/block_rq_complete/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /saved_cmdlines_size u:object_r:debugfs_tracing_debug:s0
+
genfscon inotifyfs / u:object_r:inotify:s0
genfscon vfat / u:object_r:vfat:s0
genfscon debugfs / u:object_r:debugfs:s0
diff --git a/private/shell.te b/private/shell.te
index 6e69151..5299532 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -13,7 +13,7 @@
allow shell config_gz:file r_file_perms;
userdebug_or_eng(`
- allow shell tracing_shell_writable_debug:file rw_file_perms;
+ allow shell debugfs_tracing_debug:file rw_file_perms;
')
# Run app_process.
diff --git a/private/system_server.te b/private/system_server.te
index 2bfd4cd..99dc663 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -99,7 +99,7 @@
allow system_server self:netlink_route_socket nlmsg_write;
# Kill apps.
-allow system_server appdomain:process { sigkill signal };
+allow system_server appdomain:process { getpgid sigkill signal };
# Set scheduling info for apps.
allow system_server appdomain:process { getsched setsched };
diff --git a/public/file.te b/public/file.te
index 5653318..1f3dfe9 100644
--- a/public/file.te
+++ b/public/file.te
@@ -67,10 +67,9 @@
type debugfs_mmc, fs_type, debugfs_type;
type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject;
type debugfs_tracing, fs_type, debugfs_type;
+type debugfs_tracing_debug, fs_type, debugfs_type;
type debugfs_tracing_instances, fs_type, debugfs_type;
type debugfs_wifi_tracing, fs_type, debugfs_type;
-type tracing_shell_writable, fs_type, debugfs_type;
-type tracing_shell_writable_debug, fs_type, debugfs_type;
type pstorefs, fs_type;
type functionfs, fs_type, mlstrustedobject;
diff --git a/public/init.te b/public/init.te
index cf9488f..01d308a 100644
--- a/public/init.te
+++ b/public/init.te
@@ -282,7 +282,7 @@
# Support "adb shell stop"
allow init self:capability kill;
-allow init domain:process { sigkill signal };
+allow init domain:process { getpgid sigkill signal };
# Init creates keystore's directory on boot, and walks through
# the directory as part of a recursive restorecon.