Merge "[LSC] Add LOCAL_LICENSE_KINDS to system/sepolicy"
diff --git a/microdroid/system/private/compos.te b/microdroid/system/private/compos.te
index cbf09ad..174eda3 100644
--- a/microdroid/system/private/compos.te
+++ b/microdroid/system/private/compos.te
@@ -26,6 +26,14 @@
# Allow locating the authfs mount directory.
allow compos authfs_data_file:dir search;
+# Run derive_classpath in our domain
+allow compos derive_classpath_exec:file rx_file_perms;
+allow compos apex_mnt_dir:dir r_dir_perms;
+# Ignore harmless denials on /proc/self/fd
+dontaudit compos self:dir write;
+# See b/35323867#comment3
+dontaudit compos self:global_capability_class_set dac_override;
+
# Allow domain transition into odrefresh and dex2oat.
# TODO(b/209008712): Remove dex2oat once the migration is done.
domain_auto_trans(compos, odrefresh_exec, odrefresh)
diff --git a/microdroid/system/private/derive_classpath.te b/microdroid/system/private/derive_classpath.te
new file mode 100644
index 0000000..e439692
--- /dev/null
+++ b/microdroid/system/private/derive_classpath.te
@@ -0,0 +1 @@
+type derive_classpath_exec, system_file_type, exec_type, file_type;
diff --git a/private/bootanim.te b/private/bootanim.te
index 855bc3d..f4fb0bc 100644
--- a/private/bootanim.te
+++ b/private/bootanim.te
@@ -15,3 +15,6 @@
# Allow updating boot animation status.
set_prop(bootanim, bootanim_system_prop)
+
+# Allow accessing /data/bootanim
+r_dir_file(bootanim, bootanim_data_file)
diff --git a/private/compat/32.0/32.0.ignore.cil b/private/compat/32.0/32.0.ignore.cil
index f796813..cddf39b 100644
--- a/private/compat/32.0/32.0.ignore.cil
+++ b/private/compat/32.0/32.0.ignore.cil
@@ -41,6 +41,7 @@
hal_wifi_hostapd_service
hal_wifi_supplicant_service
locale_service
+ nearby_service
proc_watermark_boost_factor
proc_watermark_scale_factor
selection_toolbar_service
diff --git a/private/file.te b/private/file.te
index 0eb2018..5b6170f 100644
--- a/private/file.te
+++ b/private/file.te
@@ -69,6 +69,9 @@
# /data/system/environ
type environ_system_data_file, file_type, data_file_type, core_data_file_type;
+# /data/bootanim
+type bootanim_data_file, file_type, data_file_type, core_data_file_type;
+
# /dev/kvm
type kvm_device, dev_type;
diff --git a/private/file_contexts b/private/file_contexts
index 41bc184..4a04532 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -704,6 +704,8 @@
/data/incremental/MT_[^/]+/mount/.log u:object_r:incremental_control_file:s0
/data/incremental/MT_[^/]+/mount/.blocks_written u:object_r:incremental_control_file:s0
+# Boot animation data
+/data/bootanim(/.*)? u:object_r:bootanim_data_file:s0
#############################
# Expanded data files
#
diff --git a/private/service.te b/private/service.te
index c3bbd0d..10461ec 100644
--- a/private/service.te
+++ b/private/service.te
@@ -2,7 +2,7 @@
type compos_service, service_manager_type;
type dynamic_system_service, system_api_service, system_server_service, service_manager_type;
type gsi_service, service_manager_type;
-type incidentcompanion_service, system_api_service, system_server_service, service_manager_type;
+type incidentcompanion_service, app_api_service, system_api_service, system_server_service, service_manager_type;
type mediatuner_service, app_api_service, service_manager_type;
type profcollectd_service, service_manager_type;
type resolver_service, system_server_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index 1d8b64d..4bb1a5b 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -226,6 +226,7 @@
midi u:object_r:midi_service:s0
mount u:object_r:mount_service:s0
music_recognition u:object_r:music_recognition_service:s0
+nearby u:object_r:nearby_service:s0
netd u:object_r:netd_service:s0
netpolicy u:object_r:netpolicy_service:s0
netstats u:object_r:netstats_service:s0
diff --git a/public/service.te b/public/service.te
index 493017f..e519297 100644
--- a/public/service.te
+++ b/public/service.te
@@ -157,6 +157,7 @@
type midi_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type mount_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type music_recognition_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type nearby_service, system_server_service, service_manager_type;
type netpolicy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type netstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type network_management_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;