Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 98c6b33088e4c3065aed9b9e9d53280ac12d7358^2..98c6b33088e4c3065aed9b9e9d53280ac12d7358 / .
commit98c6b33088e4c3065aed9b9e9d53280ac12d7358[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Mon Dec 17 12:31:26 2018 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Mon Dec 17 12:31:26 2018 +0000
tree1b6c79d0369a527f03302076253916829f9e1960
parent344e87cc4bc93a2bb4e144d1d48f2ee47b165807 [diff]
parent4e1c5764b532d392ef0fe66a85860f046763df9c [diff]
Merge "SELinux policy for rss_hwm_reset"
diff --git a/private/apexd.te b/private/apexd.te
index 7a1e4e2..702ba57 100644
--- a/private/apexd.te
+++ b/private/apexd.te

@@ -21,6 +21,7 @@
   LOOP_SET_BLOCK_SIZE
   LOOP_SET_DIRECT_IO
   LOOP_CLR_FD
+  BLKFLSBUF
 };
 # allow apexd to access /dev/block
 allow apexd block_device:dir r_dir_perms;

diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index 8825e2e..0db825a 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te

@@ -49,6 +49,7 @@
 # directories for targetApi<=25. This is also allowed for targetAPIs 26,
 # 27, and 28 in untrusted_app_27.te.
 allow untrusted_app_25 app_data_file:file { execute execute_no_trans };
+userdebug_or_eng(`auditallow untrusted_app_25 app_data_file:file { execute execute_no_trans };')
 
 # The ability to invoke dex2oat. Historically required by ART, now only
 # allowed for targetApi<=28 for compat reasons.

diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te
index fab6acc..f3b9df8 100644
--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te

@@ -30,6 +30,7 @@
 # The ability to call exec() or dlopen() on files in the apps home
 # directories for targetApi 26, 27, and 28.
 allow untrusted_app_27 app_data_file:file { execute execute_no_trans };
+userdebug_or_eng(`auditallow untrusted_app_27 app_data_file:file { execute execute_no_trans };')
 
 # The ability to invoke dex2oat. Historically required by ART, now only
 # allowed for targetApi<=28 for compat reasons.

diff --git a/vendor/file_contexts b/vendor/file_contexts
index 9ed0468..a6772ca 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts

@@ -19,6 +19,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub@1\.0-service     u:object_r:hal_contexthub_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service            u:object_r:hal_drm_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.0-service            u:object_r:hal_cas_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.0-service-lazy       u:object_r:hal_cas_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.0-service      u:object_r:hal_dumpstate_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service     u:object_r:hal_gatekeeper_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@[0-9]\.[0-9]-service   u:object_r:hal_gnss_default_exec:s0