Merge "hal_tetheroffload: Grant permissions" into oc-dr1-dev

commit: 243c46cc46ebf46e581d4d52e73a277a2a69bfe3 [log] [tgz]
author: TreeHugger Robot <treehugger-gerrit@google.com> Thu Jun 29 04:26:11 2017 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Thu Jun 29 04:26:11 2017 +0000
tree: 52b8a1720e6429a001b06609b786ceee8d06b3af
parent: ae548746dcfb71c44832865172a1288852711a92 [diff]
parent: e58a8de5e742a1ff854328121c0891505cdbb91f [diff]
diff --git a/private/dexoptanalyzer.te b/private/dexoptanalyzer.te
index db81d0d..1c23f57 100644
--- a/private/dexoptanalyzer.te
+++ b/private/dexoptanalyzer.te

@@ -21,6 +21,10 @@
 # package manager.
 allow dexoptanalyzer app_data_file:dir { getattr search };
 allow dexoptanalyzer app_data_file:file r_file_perms;
+# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the
+# "dontaudit...audit_access" policy line to suppress the audit access without
+# suppressing denial on actual access.
+dontaudit dexoptanalyzer app_data_file:dir audit_access;
 
 # Allow testing /data/user/0 which symlinks to /data/data
 allow dexoptanalyzer system_data_file:lnk_file { getattr };

diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index 036e1d2..fc2b5f6 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te

@@ -17,6 +17,7 @@
   -hal_wifi_supplicant_server
   -rild
 } domain:{ tcp_socket udp_socket rawip_socket } *;
+neverallow hal_tetheroffload_server unlabeled:service_manager list; #TODO: b/62658302
 
 ###
 # HALs are defined as an attribute and so a given domain could hypothetically
commit	243c46cc46ebf46e581d4d52e73a277a2a69bfe3	[log] [tgz]
author	TreeHugger Robot <treehugger-gerrit@google.com>	Thu Jun 29 04:26:11 2017 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Thu Jun 29 04:26:11 2017 +0000
tree	52b8a1720e6429a001b06609b786ceee8d06b3af
parent	ae548746dcfb71c44832865172a1288852711a92 [diff]
parent	e58a8de5e742a1ff854328121c0891505cdbb91f [diff]