Merge "Track add of RuntimeService in system server"
diff --git a/private/apexd.te b/private/apexd.te
index 61e099b..7a1e4e2 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -40,6 +40,11 @@
# allow apexd to create symlinks in /apex
allow apexd apex_mnt_dir:lnk_file create_file_perms;
+# allow apexd to relabel apk_tmp_file to apex_data_file.
+# TODO(b/112669193) remove this when APEXes are staged via file descriptor
+allow apexd apk_tmp_file:file relabelfrom;
+allow apexd apex_data_file:file relabelto;
+
# Unmount and mount filesystems
allow apexd labeledfs:filesystem { mount unmount };
diff --git a/private/bug_map b/private/bug_map
index becbd97..9747704 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -12,6 +12,7 @@
init shell_data_file sock_file 77873135
init system_data_file chr_file 77873135
isolated_app privapp_data_file dir 119596573
+isolated_app app_data_file dir 120394782
mediaextractor app_data_file file 77923736
mediaextractor radio_data_file file 77923736
mediaprovider cache_file blk_file 77925342
diff --git a/private/traced_probes.te b/private/traced_probes.te
index f84d698..b0b87d8 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -65,6 +65,10 @@
proc_stat
}:file r_file_perms;
+
+# Allow access to the IHealth HAL service for tracing battery counters.
+hal_client_domain(traced_probes, hal_health)
+
###
### Neverallow rules
###
diff --git a/public/hal_usb.te b/public/hal_usb.te
index b8034b8..38bc49a 100644
--- a/public/hal_usb.te
+++ b/public/hal_usb.te
@@ -6,6 +6,7 @@
allow hal_usb self:netlink_kobject_uevent_socket create;
allow hal_usb self:netlink_kobject_uevent_socket setopt;
+allow hal_usb self:netlink_kobject_uevent_socket getopt;
allow hal_usb self:netlink_kobject_uevent_socket bind;
allow hal_usb self:netlink_kobject_uevent_socket read;
allow hal_usb sysfs:dir open;