Merge "Adding /debug_ramdisk mount point"
diff --git a/private/system_server.te b/private/system_server.te
index 68a8f55..ce6808c 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -115,6 +115,7 @@
allow system_server hal_audio:process { getsched setsched };
allow system_server hal_bluetooth:process { getsched setsched };
allow system_server hal_omx_server:process { getsched setsched };
+allow system_server mediaswcodec:process { getsched setsched };
allow system_server cameraserver:process { getsched setsched };
allow system_server hal_camera:process { getsched setsched };
allow system_server mediaserver:process { getsched setsched };
diff --git a/private/zygote.te b/private/zygote.te
index 759fc34..0466372 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -118,6 +118,9 @@
# System file accesses.
r_dir_file(zygote, system_file)
+# /oem accesses.
+allow zygote oemfs:dir search;
+
userdebug_or_eng(`
# Allow zygote to create and write method traces in /data/misc/trace.
allow zygote method_trace_data_file:dir w_dir_perms;
diff --git a/public/adbd.te b/public/adbd.te
index 68a176c..4a1f633 100644
--- a/public/adbd.te
+++ b/public/adbd.te
@@ -6,3 +6,6 @@
# Only init is allowed to enter the adbd domain via exec()
neverallow { domain -init } adbd:process transition;
neverallow * adbd:process dyntransition;
+
+# Allow adbd start/stop mdnsd via ctl.start
+set_prop(adbd, ctl_mdnsd_prop)