Merge "Allow app to conntect to BufferHub service"
diff --git a/private/apexd.te b/private/apexd.te
index 4850d61..5959035 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -6,9 +6,9 @@
allow apexd apex_key_file:dir { search getattr };
allow apexd apex_key_file:file r_file_perms;
-# Allow reading and writing of APEX files in the APEX data dir
-allow apexd apex_data_file:dir rw_dir_perms;
-allow apexd apex_data_file:file rw_file_perms;
+# Allow creating, reading and writing of APEX files/dirs in the APEX data dir
+allow apexd apex_data_file:dir create_dir_perms;
+allow apexd apex_data_file:file create_file_perms;
# allow apexd to create loop devices with /dev/loop-control
allow apexd loop_control_device:chr_file rw_file_perms;
diff --git a/private/traced.te b/private/traced.te
index 6571938..33c5ac0 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -19,7 +19,9 @@
# directly into that (rather than returning the trace contents over the socket).
allow traced perfetto:fd use;
allow traced shell:fd use;
+allow traced traceur_app:fd use;
allow traced perfetto_traces_data_file:file { read write };
+allow traced trace_data_file:file { read write };
###
### Neverallow rules
@@ -53,6 +55,7 @@
data_file_type
-zoneinfo_data_file
-perfetto_traces_data_file
+ -trace_data_file
}:file ~write;
# Only init is allowed to enter the traced domain via exec()