Merge "Add sepolicy for gsid properties, and allow system_server to read them."
diff --git a/prebuilts/api/28.0/private/atrace.te b/prebuilts/api/28.0/private/atrace.te
index 630935d..1b86d3e 100644
--- a/prebuilts/api/28.0/private/atrace.te
+++ b/prebuilts/api/28.0/private/atrace.te
@@ -22,6 +22,8 @@
binder_use(atrace)
allow atrace healthd:binder call;
allow atrace surfaceflinger:binder call;
+allow atrace system_server:binder call;
+
get_prop(atrace, hwservicemanager_prop)
allow atrace {
diff --git a/private/service_contexts b/private/service_contexts
index 5295d7f..ecf9199 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -35,8 +35,8 @@
connmetrics u:object_r:connmetrics_service:s0
consumer_ir u:object_r:consumer_ir_service:s0
content u:object_r:content_service:s0
-content_capture u:object_r:content_capture_service:s0
content_suggestions u:object_r:content_suggestions_service:s0
+content_capture u:object_r:content_capture_service:s0
contexthub u:object_r:contexthub_service:s0
country_detector u:object_r:country_detector_service:s0
coverage u:object_r:coverage_service:s0
diff --git a/public/fastbootd.te b/public/fastbootd.te
index 5827c50..e5ebafc 100644
--- a/public/fastbootd.te
+++ b/public/fastbootd.te
@@ -29,6 +29,12 @@
# Read serial number of the device from system properties
get_prop(fastbootd, serialno_prop)
+ # For dev/block/by-name dir
+ allow fastbootd block_device:dir r_dir_perms;
+
+ # Needed for DM_DEV_CREATE ioctl call
+ allow fastbootd self:capability sys_admin;
+
# Set sys.usb.ffs.ready.
set_prop(fastbootd, ffs_prop)
set_prop(fastbootd, exported_ffs_prop)
diff --git a/public/service.te b/public/service.te
index e3721b7..c5bd84d 100644
--- a/public/service.te
+++ b/public/service.te
@@ -66,8 +66,8 @@
type connectivity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type connmetrics_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type consumer_ir_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type content_capture_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type content_suggestions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type content_capture_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type content_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type country_detector_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
# Note: The coverage_service should only be enabled for userdebug / eng builds that were compiled