Sync internal master and AOSP sepolicy. Bug: 37916906 Test: Builds 'n' boots. Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668 Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb

commit: 91d398d802b4fbd33c2b88da9f56ecee8bdc363c [log] [tgz]
author: Dan Cashman <dcashman@google.com> Tue Sep 26 12:58:29 2017 -0700
committer: Dan Cashman <dcashman@google.com> Tue Sep 26 14:38:47 2017 -0700
tree: ae80a698d8f48b79a749eb9d0b1668402614c1d0
parent: 6922dfe3661ca7c4043f6ef9c6c61fdb9c7fa89a [diff] [blame]
diff --git a/private/system_app.te b/private/system_app.te
index c6fcf8e..9d2ee28 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -58,7 +58,15 @@
 
 allow system_app servicemanager:service_manager list;
 # TODO: scope this down? Too broad?
-allow system_app { service_manager_type -netd_service -dumpstate_service -installd_service -virtual_touchpad_service -vr_hwc_service }:service_manager find;
+allow system_app {
+  service_manager_type
+  -dumpstate_service
+  -installd_service
+  -netd_service
+  -virtual_touchpad_service
+  -vold_service
+  -vr_hwc_service
+}:service_manager find;
 
 allow system_app keystore:keystore_key {
     get_state
commit	91d398d802b4fbd33c2b88da9f56ecee8bdc363c	[log] [tgz]
author	Dan Cashman <dcashman@google.com>	Tue Sep 26 12:58:29 2017 -0700
committer	Dan Cashman <dcashman@google.com>	Tue Sep 26 14:38:47 2017 -0700
tree	ae80a698d8f48b79a749eb9d0b1668402614c1d0
parent	6922dfe3661ca7c4043f6ef9c6c61fdb9c7fa89a [diff] [blame]