Merge "Selinux: Allow system_server to create fpdata dir." into mnc-dev
diff --git a/access_vectors b/access_vectors
index e79ad1b..c280f08 100644
--- a/access_vectors
+++ b/access_vectors
@@ -890,25 +890,22 @@
class keystore_key
{
- test
+ get_state
get
insert
delete
exist
- saw
+ list
reset
password
lock
unlock
- zero
+ is_empty
sign
verify
grant
duplicate
clear_uid
- reset_uid
- sync_uid
- password_uid
add_auth
user_changed
}
diff --git a/app.te b/app.te
index af8c508..40de074 100644
--- a/app.te
+++ b/app.te
@@ -185,7 +185,7 @@
# application inherit logd write socket (urge is to deprecate this long term)
allow appdomain zygote:unix_dgram_socket write;
-allow { appdomain -isolated_app } keystore:keystore_key { test get insert delete exist saw sign verify };
+allow { appdomain -isolated_app } keystore:keystore_key { get_state get insert delete exist list sign verify };
use_keystore({ appdomain -isolated_app })
diff --git a/binderservicedomain.te b/binderservicedomain.te
index 82c733d..0bfd33a 100644
--- a/binderservicedomain.te
+++ b/binderservicedomain.te
@@ -13,6 +13,6 @@
allow binderservicedomain appdomain:fd use;
allow binderservicedomain appdomain:fifo_file write;
-allow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify };
+allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
use_keystore(binderservicedomain)
diff --git a/file_contexts b/file_contexts
index b298f98..bcb4ae0 100644
--- a/file_contexts
+++ b/file_contexts
@@ -77,7 +77,7 @@
/dev/random u:object_r:random_device:s0
/dev/rpmsg-omx[0-9] u:object_r:rpmsg_device:s0
/dev/rproc_user u:object_r:rpmsg_device:s0
-/dev/rtc0 u:object_r:rtc_device:s0
+/dev/rtc[0-9] u:object_r:rtc_device:s0
/dev/snd(/.*)? u:object_r:audio_device:s0
/dev/socket(/.*)? u:object_r:socket_device:s0
/dev/socket/adbd u:object_r:adbd_socket:s0
diff --git a/system_app.te b/system_app.te
index 811f436..3720c3d 100644
--- a/system_app.te
+++ b/system_app.te
@@ -57,17 +57,17 @@
allow system_app system_api_service:service_manager find;
allow system_app keystore:keystore_key {
- test
+ get_state
get
insert
delete
exist
- saw
+ list
reset
password
lock
unlock
- zero
+ is_empty
sign
verify
grant
diff --git a/system_server.te b/system_server.te
index d345749..878e5ff 100644
--- a/system_server.te
+++ b/system_server.te
@@ -384,25 +384,22 @@
allow system_server surfaceflinger_service:service_manager find;
allow system_server keystore:keystore_key {
- test
+ get_state
get
insert
delete
exist
- saw
+ list
reset
password
lock
unlock
- zero
+ is_empty
sign
verify
grant
duplicate
clear_uid
- reset_uid
- sync_uid
- password_uid
add_auth
user_changed
};