Merge changes from topics "norootintegrationtest", "profileshelltestdatafile"
* changes:
Allow shell to create shell_[test_]_data_file sockets.
Allow heapprofd to read shell_test_data_file.
diff --git a/private/heapprofd.te b/private/heapprofd.te
index d34830c..246f936 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -45,6 +45,7 @@
r_dir_file(heapprofd, apk_data_file)
r_dir_file(heapprofd, dalvikcache_data_file)
r_dir_file(heapprofd, vendor_file_type)
+r_dir_file(heapprofd, shell_test_data_file)
# Some dex files are not world-readable.
# We are still constrained by the SELinux rules above.
allow heapprofd self:global_capability_class_set dac_read_search;
diff --git a/public/domain.te b/public/domain.te
index 29b0258..aaac8f0 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -478,7 +478,9 @@
neverallow { domain -shell -init -adbd } shell_test_data_file:file_class_set no_w_file_perms;
neverallow { domain -shell -init -adbd } shell_test_data_file:dir no_w_dir_perms;
-neverallow { domain -shell -init -adbd } shell_test_data_file:file *;
+neverallow { domain -shell -init -adbd -heapprofd } shell_test_data_file:file *;
+neverallow heapprofd shell_test_data_file:file { no_w_file_perms no_x_file_perms };
+neverallow { domain -shell -init -adbd } shell_test_data_file:sock_file *;
# Only the init property service should write to /data/property and /dev/__properties__
neverallow { domain -init } property_data_file:dir no_w_dir_perms;
diff --git a/public/shell.te b/public/shell.te
index 1e73e49..c8aa9e9 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -30,6 +30,7 @@
allow shell shell_test_data_file:file create_file_perms;
allow shell shell_test_data_file:file rx_file_perms;
allow shell shell_test_data_file:lnk_file create_file_perms;
+allow shell shell_test_data_file:sock_file create_file_perms;
# Read and delete from /data/local/traces.
allow shell trace_data_file:file { r_file_perms unlink };