Merge "Fix thermalserviced_tmpfs compat recording mistake." into oc-mr1-dev

commit: aaa94fa92ef0521f609dcf236bf45d86f05c0c11 [log] [tgz]
author: TreeHugger Robot <treehugger-gerrit@google.com> Tue Aug 08 20:07:22 2017 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Tue Aug 08 20:07:22 2017 +0000
tree: 17d76efdeae794432c580f881c5d95de3620287f
parent: 0e4e784c618a86a2a6dd0648ace23050f39d76af [diff]
parent: 34f827fbe1b318773f249ebfb426938098f60bd8 [diff]
diff --git a/prebuilts/api/26.0/26.0.ignore.cil b/prebuilts/api/26.0/26.0.ignore.cil
index 19ac7e6..e89ea63 100644
--- a/prebuilts/api/26.0/26.0.ignore.cil
+++ b/prebuilts/api/26.0/26.0.ignore.cil

@@ -13,6 +13,7 @@
     kmsg_debug_device
     mediaprovider_tmpfs
     netd_stable_secret_prop
+    package_native_service
     sysfs_fs_ext4_features
     system_net_netd_hwservice
     thermal_service

diff --git a/private/service_contexts b/private/service_contexts
index 1cb7c58..a82243f 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -108,6 +108,7 @@
 otadexopt                                 u:object_r:otadexopt_service:s0
 overlay                                   u:object_r:overlay_service:s0
 package                                   u:object_r:package_service:s0
+package_native                            u:object_r:package_native_service:s0
 permission                                u:object_r:permission_service:s0
 persistent_data_block                     u:object_r:persistent_data_block_service:s0
 phone_msim                                u:object_r:radio_service:s0

diff --git a/private/storaged.te b/private/storaged.te
index d5abd73..20377e0 100644
--- a/private/storaged.te
+++ b/private/storaged.te

@@ -43,6 +43,9 @@
 # Implements a dumpsys interface.
 allow storaged dumpstate:fd use;
 
+# use a subset of the package manager service
+allow storaged package_native_service:service_manager find;
+
 # Kernel does extra check on CAP_DAC_OVERRIDE for libbinder when storaged is
 # running as root. See b/35323867 #3.
 dontaudit storaged self:capability dac_override;

diff --git a/public/service.te b/public/service.te
index a4a420f..e97b864 100644
--- a/public/service.te
+++ b/public/service.te

@@ -102,6 +102,7 @@
 type otadexopt_service, system_server_service, service_manager_type;
 type overlay_service, system_api_service, system_server_service, service_manager_type;
 type package_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type package_native_service, system_server_service, service_manager_type;
 type permission_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type persistent_data_block_service, system_api_service, system_server_service, service_manager_type;
 type pinner_service, system_server_service, service_manager_type;
commit	aaa94fa92ef0521f609dcf236bf45d86f05c0c11	[log] [tgz]
author	TreeHugger Robot <treehugger-gerrit@google.com>	Tue Aug 08 20:07:22 2017 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Tue Aug 08 20:07:22 2017 +0000
tree	17d76efdeae794432c580f881c5d95de3620287f
parent	0e4e784c618a86a2a6dd0648ace23050f39d76af [diff]
parent	34f827fbe1b318773f249ebfb426938098f60bd8 [diff]