Merge "Don't label /dev/{ akm8973.* accelerometer } from system sepolicy"

commit: 2bb0085dbd1de6ca1fea802d0ea68f6075563aba [log] [tgz]
author: Tri Vo <trong@google.com> Tue Nov 06 22:43:49 2018 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Nov 06 22:43:49 2018 +0000
tree: a049adb8a64a6f3c8223cfa03a2ece2d12a51ce4
parent: 2b76694814b8411fdc1d7825c3ece7da72bfa68f [diff]
parent: fe39ed33dc895fba5bcefd6a088994daf85b6806 [diff]
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 1a8c536..7caafaa 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil

@@ -96,6 +96,7 @@
     heapprofd_socket
     incident_helper
     incident_helper_exec
+    intelligence_service
     iorapd
     iorapd_data_file
     iorapd_exec

diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 4e42041..79f43d4 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil

@@ -87,6 +87,7 @@
     heapprofd_socket
     incident_helper
     incident_helper_exec
+    intelligence_service
     iorapd
     iorapd_data_file
     iorapd_exec

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 25e95c7..1a9fbad 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil

@@ -34,6 +34,7 @@
     heapprofd
     heapprofd_exec
     heapprofd_socket
+    intelligence_service
     llkd
     llkd_exec
     llkd_prop

diff --git a/private/service_contexts b/private/service_contexts
index c2a4ca1..71741e2 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -77,6 +77,7 @@
 iphonesubinfo                             u:object_r:radio_service:s0
 ims                                       u:object_r:radio_service:s0
 imms                                      u:object_r:imms_service:s0
+intelligence                              u:object_r:intelligence_service:s0
 ipsec                                     u:object_r:ipsec_service:s0
 isms_msim                                 u:object_r:radio_service:s0
 isms2                                     u:object_r:radio_service:s0

diff --git a/public/clatd.te b/public/clatd.te
index 5c9d724..7d3d40e 100644
--- a/public/clatd.te
+++ b/public/clatd.te

@@ -34,3 +34,4 @@
 allow clatd self:netlink_route_socket nlmsg_write;
 allow clatd self:{ packet_socket rawip_socket tun_socket } create_socket_perms_no_ioctl;
 allow clatd tun_device:chr_file rw_file_perms;
+allowxperm clatd tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF };

diff --git a/public/domain.te b/public/domain.te
index 0244b7a..b17893b 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -1063,7 +1063,6 @@
         -vendor_init
     } {
         system_file_type
-        -system_file # TODO(b/111243627): remove once Treble violations are fixed.
         -system_lib_file
         -system_linker_exec
         -crash_dump_exec
@@ -1141,7 +1140,6 @@
     -vendor_init
   } {
     system_file_type
-    -system_file # TODO(b/111243627): remove once Treble violations are fixed.
     -crash_dump_exec
     -file_contexts_file
     -netutils_wrapper_exec

diff --git a/public/service.te b/public/service.te
index 10222eb..997b709 100644
--- a/public/service.te
+++ b/public/service.te

@@ -93,9 +93,10 @@
 type hardware_service, system_server_service, service_manager_type;
 type hardware_properties_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type hdmi_control_service, system_api_service, system_server_service, service_manager_type;
+type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type intelligence_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type ipsec_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type launcherapps_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
commit	2bb0085dbd1de6ca1fea802d0ea68f6075563aba	[log] [tgz]
author	Tri Vo <trong@google.com>	Tue Nov 06 22:43:49 2018 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Nov 06 22:43:49 2018 +0000
tree	a049adb8a64a6f3c8223cfa03a2ece2d12a51ce4
parent	2b76694814b8411fdc1d7825c3ece7da72bfa68f [diff]
parent	fe39ed33dc895fba5bcefd6a088994daf85b6806 [diff]