Merge "Selinux: Allow system_server to create fpdata dir." into mnc-dev
diff --git a/access_vectors b/access_vectors
index e79ad1b..c280f08 100644
--- a/access_vectors
+++ b/access_vectors
@@ -890,25 +890,22 @@
 
 class keystore_key
 {
-	test
+	get_state
 	get
 	insert
 	delete
 	exist
-	saw
+	list
 	reset
 	password
 	lock
 	unlock
-	zero
+	is_empty
 	sign
 	verify
 	grant
 	duplicate
 	clear_uid
-	reset_uid
-	sync_uid
-	password_uid
 	add_auth
 	user_changed
 }
diff --git a/app.te b/app.te
index af8c508..40de074 100644
--- a/app.te
+++ b/app.te
@@ -185,7 +185,7 @@
 # application inherit logd write socket (urge is to deprecate this long term)
 allow appdomain zygote:unix_dgram_socket write;
 
-allow { appdomain -isolated_app } keystore:keystore_key { test get insert delete exist saw sign verify };
+allow { appdomain -isolated_app } keystore:keystore_key { get_state get insert delete exist list sign verify };
 
 use_keystore({ appdomain -isolated_app })
 
diff --git a/binderservicedomain.te b/binderservicedomain.te
index 82c733d..0bfd33a 100644
--- a/binderservicedomain.te
+++ b/binderservicedomain.te
@@ -13,6 +13,6 @@
 allow binderservicedomain appdomain:fd use;
 allow binderservicedomain appdomain:fifo_file write;
 
-allow binderservicedomain keystore:keystore_key { test get insert delete exist saw sign verify };
+allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
 
 use_keystore(binderservicedomain)
diff --git a/file_contexts b/file_contexts
index b298f98..bcb4ae0 100644
--- a/file_contexts
+++ b/file_contexts
@@ -77,7 +77,7 @@
 /dev/random		u:object_r:random_device:s0
 /dev/rpmsg-omx[0-9]	u:object_r:rpmsg_device:s0
 /dev/rproc_user	u:object_r:rpmsg_device:s0
-/dev/rtc0           u:object_r:rtc_device:s0
+/dev/rtc[0-9]      u:object_r:rtc_device:s0
 /dev/snd(/.*)?		u:object_r:audio_device:s0
 /dev/socket(/.*)?	u:object_r:socket_device:s0
 /dev/socket/adbd	u:object_r:adbd_socket:s0
diff --git a/system_app.te b/system_app.te
index 811f436..3720c3d 100644
--- a/system_app.te
+++ b/system_app.te
@@ -57,17 +57,17 @@
 allow system_app system_api_service:service_manager find;
 
 allow system_app keystore:keystore_key {
-	test
+	get_state
 	get
 	insert
 	delete
 	exist
-	saw
+	list
 	reset
 	password
 	lock
 	unlock
-	zero
+	is_empty
 	sign
 	verify
 	grant
diff --git a/system_server.te b/system_server.te
index d345749..878e5ff 100644
--- a/system_server.te
+++ b/system_server.te
@@ -384,25 +384,22 @@
 allow system_server surfaceflinger_service:service_manager find;
 
 allow system_server keystore:keystore_key {
-	test
+	get_state
 	get
 	insert
 	delete
 	exist
-	saw
+	list
 	reset
 	password
 	lock
 	unlock
-	zero
+	is_empty
 	sign
 	verify
 	grant
 	duplicate
 	clear_uid
-	reset_uid
-	sync_uid
-	password_uid
 	add_auth
 	user_changed
 };