Merge "Move allow rules from public/app.te to private/app.te"
diff --git a/apex/com.android.tethering-file_contexts b/apex/com.android.tethering-file_contexts
index 9398505..1b578ea 100644
--- a/apex/com.android.tethering-file_contexts
+++ b/apex/com.android.tethering-file_contexts
@@ -1 +1,2 @@
-(/.*)? u:object_r:system_file:s0
+(/.*)? u:object_r:system_file:s0
+/bin/for-system/clatd u:object_r:clatd_exec:s0
diff --git a/private/property_contexts b/private/property_contexts
index 3650a44..5a9f0e8 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -296,9 +296,11 @@
ro.virtual_ab.compression.enabled u:object_r:virtual_ab_prop:s0 exact bool
ro.virtual_ab.compression.xor.enabled u:object_r:virtual_ab_prop:s0 exact bool
ro.virtual_ab.userspace.snapshots.enabled u:object_r:virtual_ab_prop:s0 exact bool
+ro.virtual_ab.io_uring.enabled u:object_r:virtual_ab_prop:s0 exact bool
snapuserd.ready u:object_r:snapuserd_prop:s0 exact bool
snapuserd.proxy_ready u:object_r:snapuserd_prop:s0 exact bool
snapuserd.test.dm.snapshots u:object_r:snapuserd_prop:s0 exact bool
+snapuserd.test.io_uring.force_disable u:object_r:snapuserd_prop:s0 exact bool
ro.product.ab_ota_partitions u:object_r:ota_prop:s0 exact string
# Property to set/clear the warm reset flag after an OTA update.
diff --git a/private/snapuserd.te b/private/snapuserd.te
index e3b43a1..2e2c473 100644
--- a/private/snapuserd.te
+++ b/private/snapuserd.te
@@ -8,6 +8,8 @@
allow snapuserd kmsg_device:chr_file rw_file_perms;
+allow snapuserd self:capability ipc_lock;
+
# Allow snapuserd to reach block devices in /dev/block.
allow snapuserd block_device:dir search;