Merge "Allow access to media_rw_data_file for now." into nyc-dev
diff --git a/priv_app.te b/priv_app.te
index 67e91cd..b2b9e57 100644
--- a/priv_app.te
+++ b/priv_app.te
@@ -70,9 +70,8 @@
allow priv_app perfprofd_data_file:dir r_dir_perms;
')
-# Allow GMS core to stat files and executables on
-# the system partition
-allow priv_app exec_type:file getattr;
+# Allow GMS core to scan executables on the system partition
+allow priv_app exec_type:file { getattr read open };
# For AppFuse.
allow priv_app vold:fd use;
diff --git a/tools/sepolicy-analyze/Android.mk b/tools/sepolicy-analyze/Android.mk
index 7568351..61f1a26 100644
--- a/tools/sepolicy-analyze/Android.mk
+++ b/tools/sepolicy-analyze/Android.mk
@@ -11,4 +11,6 @@
LOCAL_STATIC_LIBRARIES := libsepol
LOCAL_CXX_STL := none
+LOCAL_COMPATIBILITY_SUITE := cts
+
include $(BUILD_HOST_EXECUTABLE)