Merge "Add CAP_IPC_LOCK and pinner to system_server" into nyc-dev
diff --git a/service.te b/service.te
index 8fea071..6b5838c 100644
--- a/service.te
+++ b/service.te
@@ -83,6 +83,7 @@
type package_service, app_api_service, system_server_service, service_manager_type;
type permission_service, app_api_service, system_server_service, service_manager_type;
type persistent_data_block_service, system_api_service, system_server_service, service_manager_type;
+type pinner_service, system_server_service, service_manager_type;
type power_service, app_api_service, system_server_service, service_manager_type;
type print_service, app_api_service, system_server_service, service_manager_type;
type processinfo_service, system_server_service, service_manager_type;
diff --git a/service_contexts b/service_contexts
index 11c0736..0ddbdc1 100644
--- a/service_contexts
+++ b/service_contexts
@@ -99,6 +99,7 @@
phone1 u:object_r:radio_service:s0
phone2 u:object_r:radio_service:s0
phone u:object_r:radio_service:s0
+pinner u:object_r:pinner_service:s0
power u:object_r:power_service:s0
print u:object_r:print_service:s0
processinfo u:object_r:processinfo_service:s0
diff --git a/system_server.te b/system_server.te
index 67dc16a..92d8387 100644
--- a/system_server.te
+++ b/system_server.te
@@ -46,6 +46,7 @@
# These are the capabilities assigned by the zygote to the
# system server.
allow system_server self:capability {
+ ipc_lock
kill
net_admin
net_bind_service