Merge "zygote: clean up unnecessary rules."
diff --git a/app.te b/app.te
index b8833db..f6b730c 100644
--- a/app.te
+++ b/app.te
@@ -120,6 +120,9 @@
# For art.
allow appdomain dalvikcache_data_file:file execute;
+# /data/dalvik-cache/profiles
+allow appdomain dalvikcache_profiles_data_file:file write;
+
# For legacy unlabeled userdata on existing devices.
# See discussion of Unlabeled files in domain.te for more information.
allow appdomain unlabeled:file x_file_perms;
diff --git a/domain.te b/domain.te
index c329245..57a5b50 100644
--- a/domain.te
+++ b/domain.te
@@ -100,6 +100,8 @@
# Read /data/dalvik-cache.
allow domain dalvikcache_data_file:dir { search getattr };
allow domain dalvikcache_data_file:file r_file_perms;
+allow domain dalvikcache_profiles_data_file:dir { search getattr };
+allow domain dalvikcache_profiles_data_file:file r_file_perms;
# Read already opened /cache files.
allow domain cache_file:dir r_dir_perms;
diff --git a/file.te b/file.te
index 6b7eda8..0ddf50f 100644
--- a/file.te
+++ b/file.te
@@ -31,6 +31,7 @@
type sdcard_internal, sdcard_type, fs_type, mlstrustedobject;
type sdcard_external, sdcard_type, fs_type, mlstrustedobject;
type debugfs, fs_type, mlstrustedobject;
+type pstorefs, fs_type;
# File types
type unlabeled, file_type;
@@ -52,6 +53,8 @@
type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
# /data/dalvik-cache
type dalvikcache_data_file, file_type, data_file_type;
+# /data/dalvik-cache/profiles
+type dalvikcache_profiles_data_file, file_type, data_file_type;
# /data/local - writable by shell
type shell_data_file, file_type, data_file_type;
# /data/gps
diff --git a/file_contexts b/file_contexts
index dc91481..c136e26 100644
--- a/file_contexts
+++ b/file_contexts
@@ -168,6 +168,7 @@
/data/drm(/.*)? u:object_r:drm_data_file:s0
/data/gps(/.*)? u:object_r:gps_data_file:s0
/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
+/data/dalvik-cache/profiles(/.*)? u:object_r:dalvikcache_profiles_data_file:s0
/data/anr(/.*)? u:object_r:anr_data_file:s0
/data/app(/.*)? u:object_r:apk_data_file:s0
/data/app/vmdl.*\.tmp u:object_r:apk_tmp_file:s0
diff --git a/genfs_contexts b/genfs_contexts
index f247cec..07208f9 100644
--- a/genfs_contexts
+++ b/genfs_contexts
@@ -28,3 +28,4 @@
genfscon vfat / u:object_r:sdcard_external:s0
genfscon debugfs / u:object_r:debugfs:s0
genfscon fuse / u:object_r:sdcard_internal:s0
+genfscon pstore / u:object_r:pstorefs:s0
diff --git a/installd.te b/installd.te
index 3f5e9a1..a2b0687 100644
--- a/installd.te
+++ b/installd.te
@@ -9,6 +9,8 @@
allow installd system_data_file:file create_file_perms;
allow installd system_data_file:lnk_file create;
allow installd dalvikcache_data_file:file create_file_perms;
+allow installd dalvikcache_profiles_data_file:dir create_dir_perms;
+allow installd dalvikcache_profiles_data_file:file create_file_perms;
allow installd data_file_type:dir create_dir_perms;
allow installd data_file_type:dir { relabelfrom relabelto };
allow installd data_file_type:{ file_class_set } { getattr unlink };
diff --git a/netd.te b/netd.te
index 5020898..46cc436 100644
--- a/netd.te
+++ b/netd.te
@@ -56,9 +56,7 @@
domain_auto_trans(netd, clatd_exec, clatd)
allow netd clatd:process signal;
-# Support netd running mdnsd
-# TODO: prune this back further
-allow netd ctl_default_prop:property_service set;
+allow netd ctl_mdnsd_prop:property_service set;
###
### Neverallow rules
diff --git a/property.te b/property.te
index c1dc254..6f2b280 100644
--- a/property.te
+++ b/property.te
@@ -6,8 +6,11 @@
type system_prop, property_type;
type vold_prop, property_type;
type rild_prop, property_type;
+type ctl_bootanim_prop, property_type;
type ctl_default_prop, property_type;
type ctl_dumpstate_prop, property_type;
+type ctl_fuse_prop, property_type;
+type ctl_mdnsd_prop, property_type;
type ctl_rildaemon_prop, property_type;
type ctl_bugreport_prop, property_type;
type audio_prop, property_type;
diff --git a/property_contexts b/property_contexts
index 08874c5..aedf60c 100644
--- a/property_contexts
+++ b/property_contexts
@@ -52,7 +52,10 @@
crypto. u:object_r:vold_prop:s0
# ctl properties
+ctl.bootanim u:object_r:ctl_bootanim_prop:s0
ctl.dumpstate u:object_r:ctl_dumpstate_prop:s0
+ctl.fuse_ u:object_r:ctl_fuse_prop:s0
+ctl.mdnsd u:object_r:ctl_mdnsd_prop:s0
ctl.ril-daemon u:object_r:ctl_rildaemon_prop:s0
ctl.bugreport u:object_r:ctl_bugreport_prop:s0
ctl. u:object_r:ctl_default_prop:s0
diff --git a/surfaceflinger.te b/surfaceflinger.te
index 5ecfd18..20fef95 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -38,7 +38,7 @@
# Set properties.
allow surfaceflinger system_prop:property_service set;
-allow surfaceflinger ctl_default_prop:property_service set;
+allow surfaceflinger ctl_bootanim_prop:property_service set;
# Use open files supplied by an app.
allow surfaceflinger appdomain:fd use;
diff --git a/vold.te b/vold.te
index cc70e8a..b76be76 100644
--- a/vold.te
+++ b/vold.te
@@ -65,7 +65,7 @@
# Property Service
allow vold vold_prop:property_service set;
allow vold powerctl_prop:property_service set;
-allow vold ctl_default_prop:property_service set;
+allow vold ctl_fuse_prop:property_service set;
# ASEC
allow vold asec_image_file:file create_file_perms;