Merge "Add rules to dump fingerprint hal traces"
diff --git a/private/gsid.te b/private/gsid.te
index 5d7b043..3ff9d67 100644
--- a/private/gsid.te
+++ b/private/gsid.te
@@ -135,6 +135,8 @@
ota_image_data_file
}:file ioctl FS_IOC_FIEMAP;
+allow gsid system_server:binder call;
+
neverallow {
domain
-init
diff --git a/public/app.te b/public/app.te
index 235d3f8..e5b9fd6 100644
--- a/public/app.te
+++ b/public/app.te
@@ -317,7 +317,7 @@
allow appdomain proc_meminfo:file r_file_perms;
# For app fuse.
-allow appdomain app_fuse_file:file { getattr read append write };
+allow appdomain app_fuse_file:file { getattr read append write map };
pdx_client({ appdomain -isolated_app -ephemeral_app }, display_client)
pdx_client({ appdomain -isolated_app -ephemeral_app }, display_manager)
diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index 806944f..57d8e7e 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@@ -81,5 +81,6 @@
get_prop(update_engine_common, virtual_ab_prop)
# Allow to read/write/create OTA metadata files for snapshot status and COW file status.
+allow update_engine_common metadata_file:dir search;
allow update_engine_common ota_metadata_file:dir rw_dir_perms;
allow update_engine_common ota_metadata_file:file create_file_perms;