Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 8ed7e521371527969dcc3ad6709b18b74088e4a9^2..8ed7e521371527969dcc3ad6709b18b74088e4a9 / .
commit8ed7e521371527969dcc3ad6709b18b74088e4a9[log] [tgz]
authorWale Ogunwale <ogunwale@google.com>Fri Apr 13 20:53:03 2018 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>Fri Apr 13 20:53:03 2018 +0000
tree2842f703aba57721f17e53ee730566ecf7c0c253
parente1801fa733d7f7c5f531a7fc891f28a747954da3 [diff]
parent49b79029cbb4bfb362b6b823e63bb467e8012230 [diff]
Merge "Finalizing P SDK" into pi-dev
diff --git a/private/bug_map b/private/bug_map
index 2727cd2..127a7e6 100644
--- a/private/bug_map
+++ b/private/bug_map

@@ -1,5 +1,6 @@
 platform_app nfc_data_file dir 74331887
 priv_app system_data_file dir 72811052
+storaged storaged capability 77634061
 system_server crash_dump process 73128755
 untrusted_app_25 system_data_file dir 72550646
 untrusted_app_27 system_data_file dir 72550646

diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index f93057e..93d6c11 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te

@@ -7,13 +7,15 @@
 allow vold_prepare_subdirs vold:fd use;
 allow vold_prepare_subdirs vold:fifo_file { read write };
 allow vold_prepare_subdirs file_contexts_file:file r_file_perms;
-allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override };
+allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override fowner };
 allow vold_prepare_subdirs self:process setfscreate;
 allow vold_prepare_subdirs {
   system_data_file
   vendor_data_file
-}:dir { open read write add_name remove_name };
-allow vold_prepare_subdirs vold_data_file:dir { create open read write search getattr setattr remove_name rmdir };
+}:dir { open read write add_name remove_name relabelfrom };
+allow vold_prepare_subdirs system_data_file:file getattr;
+allow vold_prepare_subdirs vold_data_file:dir { create open read write search getattr setattr remove_name rmdir relabelto };
 allow vold_prepare_subdirs vold_data_file:file { getattr unlink };
-allow vold_prepare_subdirs storaged_data_file:dir create_dir_perms;
-allow vold_prepare_subdirs fingerprint_vendor_data_file:dir create_dir_perms;
+allow vold_prepare_subdirs storaged_data_file:dir { create_dir_perms relabelto };
+allow vold_prepare_subdirs storaged_data_file:file getattr;
+allow vold_prepare_subdirs fingerprint_vendor_data_file:dir { create_dir_perms relabelto };

diff --git a/public/traced_probes.te b/public/traced_probes.te
index e77c811..3e587c8 100644
--- a/public/traced_probes.te
+++ b/public/traced_probes.te

@@ -1 +1 @@
-type traced_probes, domain, coredomain;
+type traced_probes, domain, coredomain, mlstrustedsubject;