Merge "Only allow toolbox exec where /system exec was already allowed."

commit: 7af012fc94a34dd42e72d32c246a47140ec2861a [log] [tgz]
author: Nick Kralevich <nnk@google.com> Tue Aug 25 23:30:05 2015 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Aug 25 23:30:05 2015 +0000
tree: a0948c30ad0df96cfa4cb6327c40ac21359ecb1a
parent: e5c7321e0c4141598588b2d9f10ad6a153851b8e [diff]
parent: a3c97a7660bae649674e717bf7a9593f0d8370d7 [diff]
diff --git a/file_contexts b/file_contexts
index 7b65e7b..2adece5 100644
--- a/file_contexts
+++ b/file_contexts

@@ -58,6 +58,7 @@
 /dev/block/loop[0-9]*	u:object_r:loop_device:s0
 /dev/block/vold/.+	u:object_r:vold_device:s0
 /dev/block/ram[0-9]*	u:object_r:ram_device:s0
+/dev/block/zram[0-9]*	u:object_r:ram_device:s0
 /dev/bus/usb(.*)?       u:object_r:usb_device:s0
 /dev/cam		u:object_r:camera_device:s0
 /dev/console		u:object_r:console_device:s0

diff --git a/su.te b/su.te
index d4a488b..6c4c115 100644
--- a/su.te
+++ b/su.te

@@ -46,6 +46,7 @@
   dontaudit su domain:binder *;
   dontaudit su property_type:property_service *;
   dontaudit su service_manager_type:service_manager *;
+  dontaudit su servicemanager:service_manager list;
   dontaudit su keystore:keystore_key *;
   dontaudit su domain:debuggerd *;
   dontaudit su domain:drmservice *;
commit	7af012fc94a34dd42e72d32c246a47140ec2861a	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Tue Aug 25 23:30:05 2015 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Aug 25 23:30:05 2015 +0000
tree	a0948c30ad0df96cfa4cb6327c40ac21359ecb1a
parent	e5c7321e0c4141598588b2d9f10ad6a153851b8e [diff]
parent	a3c97a7660bae649674e717bf7a9593f0d8370d7 [diff]