Merge "Revert "property_context: split into platform and non-platform components.""

commit: 615b60bd54d380304da8eb1e08b5df4677fed0a1 [log] [tgz]
author: Jorim Jaggi <jjaggi@google.com> Wed Jan 18 16:33:31 2017 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Jan 18 16:33:31 2017 +0000
tree: bb8bf873626a6f9d509dab15991649bdc6600c23
parent: ccbf463a9a1e9d928f06f85730f682957ea9974d [diff]
parent: aa03ef26214767cc53d21be40d3027fc69684551 [diff]
diff --git a/private/genfs_contexts b/private/genfs_contexts
index f701685..6386101 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts

@@ -32,6 +32,7 @@
 genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
 genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
 genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
+genfscon proc /uid_procstat/set u:object_r:proc_uid_procstat_set:s0
 genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0
 
 # selinuxfs booleans can be individually labeled.

diff --git a/public/app.te b/public/app.te
index 370f539..57b76f1 100644
--- a/public/app.te
+++ b/public/app.te

@@ -252,8 +252,7 @@
 allow appdomain proc_meminfo:file r_file_perms;
 
 # For app fuse.
-allow appdomain app_fuse_file:dir rw_dir_perms;
-allow appdomain app_fuse_file:file rw_file_perms;
+allow appdomain app_fuse_file:file { getattr read append write };
 
 ###
 ### CTS-specific rules

diff --git a/public/file.te b/public/file.te
index 8b3b62c..99c2a9e 100644
--- a/public/file.te
+++ b/public/file.te

@@ -23,6 +23,7 @@
 type proc_tty_drivers, fs_type;
 type proc_uid_cputime_showstat, fs_type;
 type proc_uid_cputime_removeuid, fs_type;
+type proc_uid_procstat_set, fs_type;
 type proc_zoneinfo, fs_type;
 type selinuxfs, fs_type, mlstrustedobject;
 type cgroup, fs_type, mlstrustedobject;

diff --git a/public/system_server.te b/public/system_server.te
index ee55263..0e1b9c0 100644
--- a/public/system_server.te
+++ b/public/system_server.te

@@ -112,6 +112,9 @@
 # Write /proc/uid_cputime/remove_uid_range.
 allow system_server proc_uid_cputime_removeuid:file { w_file_perms getattr };
 
+# Write /proc/uid_procstat/set.
+allow system_server proc_uid_procstat_set:file { w_file_perms getattr };
+
 # Write to /proc/sysrq-trigger.
 allow system_server proc_sysrq:file rw_file_perms;
 
@@ -556,6 +559,8 @@
 # For AppFuse.
 allow system_server vold:fd use;
 allow system_server fuse_device:chr_file { read write ioctl getattr };
+allow system_server app_fuse_file:dir rw_dir_perms;
+allow system_server app_fuse_file:file { read write open getattr append };
 
 # For configuring sdcardfs
 allow system_server configfs:dir { create_dir_perms };
commit	615b60bd54d380304da8eb1e08b5df4677fed0a1	[log] [tgz]
author	Jorim Jaggi <jjaggi@google.com>	Wed Jan 18 16:33:31 2017 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Jan 18 16:33:31 2017 +0000
tree	bb8bf873626a6f9d509dab15991649bdc6600c23
parent	ccbf463a9a1e9d928f06f85730f682957ea9974d [diff]
parent	aa03ef26214767cc53d21be40d3027fc69684551 [diff]