Merge "FrameworksServicesTests: allow access to test.sys.boot.reason property"
diff --git a/OWNERS b/OWNERS
index 9d3f1b1..ff29677 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1,6 +1,5 @@
alanstokes@google.com
bowgotsai@google.com
-dcashman@google.com
jbires@google.com
jeffv@google.com
jgalenson@google.com
diff --git a/private/statsd.te b/private/statsd.te
index 769b4e0..74b89c2 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -84,6 +84,7 @@
unix_socket_send(bluetooth, statsdw, statsd)
unix_socket_send(bootstat, statsdw, statsd)
+unix_socket_send(lmkd, statsdw, statsd)
unix_socket_send(platform_app, statsdw, statsd)
unix_socket_send(radio, statsdw, statsd)
unix_socket_send(statsd, statsdw, statsd)
diff --git a/private/system_server.te b/private/system_server.te
index c5b83ec..045acc6 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -773,9 +773,14 @@
# Allow system_server to open profile snapshots for read.
# System server never reads the actual content. It passes the descriptor to
# to privileged apps which acquire the permissions to inspect the profiles.
-allow system_server user_profile_data_file:dir { search };
+allow system_server user_profile_data_file:dir { getattr search };
allow system_server user_profile_data_file:file { getattr open read };
+# On userdebug build we may profile system server. Allow it to write and create its own profile.
+userdebug_or_eng(`
+ allow system_server user_profile_data_file:file create_file_perms;
+')
+
userdebug_or_eng(`
# Allow system server to notify mediaextractor of the plugin update.
allow system_server mediaextractor_update_service:service_manager find;
diff --git a/public/attributes b/public/attributes
index 50001e1..fed8def 100644
--- a/public/attributes
+++ b/public/attributes
@@ -38,6 +38,7 @@
# All types used for procfs files.
attribute proc_type;
+expandattribute proc_type false;
# All types used for sysfs files.
attribute sysfs_type;