Merge "Refactor sanitized library on-disk layout - SELinux."
diff --git a/private/shell.te b/private/shell.te
index aab0a15..c24bfd3 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -10,3 +10,6 @@
# Run app_process.
# XXX Transition into its own domain?
app_domain(shell)
+
+# allow shell to call dumpsys storaged
+binder_call(shell, storaged)
diff --git a/private/storaged.te b/private/storaged.te
index 3dbabf6..698999f 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -21,6 +21,10 @@
allow storaged debugfs_mmc:file r_file_perms;
')
+# Needed to provide debug dump output via dumpsys pipes.
+allow storaged shell:fd use;
+allow storaged shell:fifo_file write;
+
# Binder permissions
add_service(storaged, storaged_service)
diff --git a/public/hal_bluetooth.te b/public/hal_bluetooth.te
index e9679de..46fd9d7 100644
--- a/public/hal_bluetooth.te
+++ b/public/hal_bluetooth.te
@@ -12,9 +12,6 @@
allow hal_bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms;
-# Access to config files to look for a Bluetooth address
-r_dir_file(hal_bluetooth, bluetooth_data_file)
-
# sysfs access.
r_dir_file(hal_bluetooth, sysfs_type)
allow hal_bluetooth sysfs_bluetooth_writable:file rw_file_perms;
diff --git a/vendor/hal_bluetooth_default.te b/vendor/hal_bluetooth_default.te
index d22015b..e32770d 100644
--- a/vendor/hal_bluetooth_default.te
+++ b/vendor/hal_bluetooth_default.te
@@ -3,7 +3,3 @@
type hal_bluetooth_default_exec, exec_type, file_type;
init_daemon_domain(hal_bluetooth_default)
-
-# Logging for backward compatibility
-allow hal_bluetooth_default bluetooth_data_file:dir ra_dir_perms;
-allow hal_bluetooth_default bluetooth_data_file:file create_file_perms;