Merge "Allow dumpstate to call mediaswcodec over binder"
diff --git a/public/domain.te b/public/domain.te
index fefca84..3e7a0dc 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1176,6 +1176,7 @@
-netutils_wrapper_exec
-property_contexts_file
-system_lib_file
+ with_asan(`-system_asan_options_file')
-system_linker_exec
-system_linker_config_file
-system_seccomp_policy_file
diff --git a/public/fastbootd.te b/public/fastbootd.te
index b7e5fe1..783d2bd 100644
--- a/public/fastbootd.te
+++ b/public/fastbootd.te
@@ -48,13 +48,6 @@
}:blk_file { w_file_perms getattr ioctl };
allowxperm fastbootd {
- boot_block_device
- metadata_block_device
- system_block_device
- userdata_block_device
- }:blk_file ioctl { BLKGETSIZE64 };
-
- allowxperm fastbootd {
metadata_block_device
userdata_block_device
}:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index 819b7a3..a7d3bf3 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@@ -7,6 +7,7 @@
# Allow read/write on system and boot partitions.
allow update_engine_common boot_block_device:blk_file rw_file_perms;
allow update_engine_common system_block_device:blk_file rw_file_perms;
+allowxperm update_engine_common { boot_block_device system_block_device }:blk_file ioctl { BLKROGET BLKROSET };
# Allow to set recovery options in the BCB. Used to trigger factory reset when
# the update to an older version (channel change) or incompatible version