Merge "Copying platform seinfo into vendor partition" into rvc-dev
diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil
index 6f4dfbc..795864b 100644
--- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil
+++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil
@@ -95,6 +95,7 @@
snapshotctl_log_data_file
socket_hook_prop
soundtrigger_middleware_service
+ staged_install_file
storage_config_prop
sysfs_dm_verity
system_adbd_prop
diff --git a/prebuilts/api/30.0/private/file_contexts b/prebuilts/api/30.0/private/file_contexts
index 4f86f71..b86d9a2 100644
--- a/prebuilts/api/30.0/private/file_contexts
+++ b/prebuilts/api/30.0/private/file_contexts
@@ -707,6 +707,7 @@
/metadata/password_slots(/.*)? u:object_r:password_slot_metadata_file:s0
/metadata/ota(/.*)? u:object_r:ota_metadata_file:s0
/metadata/bootstat(/.*)? u:object_r:metadata_bootstat_file:s0
+/metadata/staged-install(/.*)? u:object_r:staged_install_file:s0
#############################
# asec containers
diff --git a/prebuilts/api/30.0/private/system_server.te b/prebuilts/api/30.0/private/system_server.te
index 84f8810..8c7afab 100644
--- a/prebuilts/api/30.0/private/system_server.te
+++ b/prebuilts/api/30.0/private/system_server.te
@@ -1116,6 +1116,10 @@
allow system_server password_slot_metadata_file:dir rw_dir_perms;
allow system_server password_slot_metadata_file:file create_file_perms;
+# Allow system server rw access to files in /metadata/staged-install folder
+allow system_server staged_install_file:dir rw_dir_perms;
+allow system_server staged_install_file:file create_file_perms;
+
# Allow init to set sysprop used to compute stats about userspace reboot.
set_prop(system_server, userspace_reboot_log_prop)
diff --git a/prebuilts/api/30.0/public/file.te b/prebuilts/api/30.0/public/file.te
index 7f56d9a..dffa5a3 100644
--- a/prebuilts/api/30.0/public/file.te
+++ b/prebuilts/api/30.0/public/file.te
@@ -232,6 +232,8 @@
type ota_metadata_file, file_type;
# property files within /metadata/bootstat
type metadata_bootstat_file, file_type;
+# Staged install files within /metadata/staged-install
+type staged_install_file, file_type;
# Type for /dev/cpu_variant:.*.
type dev_cpu_variant, file_type;
diff --git a/prebuilts/api/30.0/public/iorapd.te b/prebuilts/api/30.0/public/iorapd.te
index 426ecca..3bf8cbd 100644
--- a/prebuilts/api/30.0/public/iorapd.te
+++ b/prebuilts/api/30.0/public/iorapd.te
@@ -42,6 +42,10 @@
# Allow iorapd to execute compilation (iorap.cmd.compiler) in idle time.
allow iorapd system_file:file rx_file_perms;
+# Allow iorapd to send signull to iorap_inode2filename and iorap_prefetcherd.
+allow iorapd iorap_inode2filename:process signull;
+allow iorapd iorap_prefetcherd:process signull;
+
###
### neverallow rules
###
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 6f4dfbc..795864b 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -95,6 +95,7 @@
snapshotctl_log_data_file
socket_hook_prop
soundtrigger_middleware_service
+ staged_install_file
storage_config_prop
sysfs_dm_verity
system_adbd_prop
diff --git a/private/file_contexts b/private/file_contexts
index 4f86f71..b86d9a2 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -707,6 +707,7 @@
/metadata/password_slots(/.*)? u:object_r:password_slot_metadata_file:s0
/metadata/ota(/.*)? u:object_r:ota_metadata_file:s0
/metadata/bootstat(/.*)? u:object_r:metadata_bootstat_file:s0
+/metadata/staged-install(/.*)? u:object_r:staged_install_file:s0
#############################
# asec containers
diff --git a/private/system_server.te b/private/system_server.te
index 84f8810..8c7afab 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1116,6 +1116,10 @@
allow system_server password_slot_metadata_file:dir rw_dir_perms;
allow system_server password_slot_metadata_file:file create_file_perms;
+# Allow system server rw access to files in /metadata/staged-install folder
+allow system_server staged_install_file:dir rw_dir_perms;
+allow system_server staged_install_file:file create_file_perms;
+
# Allow init to set sysprop used to compute stats about userspace reboot.
set_prop(system_server, userspace_reboot_log_prop)
diff --git a/public/file.te b/public/file.te
index 7f56d9a..dffa5a3 100644
--- a/public/file.te
+++ b/public/file.te
@@ -232,6 +232,8 @@
type ota_metadata_file, file_type;
# property files within /metadata/bootstat
type metadata_bootstat_file, file_type;
+# Staged install files within /metadata/staged-install
+type staged_install_file, file_type;
# Type for /dev/cpu_variant:.*.
type dev_cpu_variant, file_type;
diff --git a/public/iorapd.te b/public/iorapd.te
index 426ecca..3bf8cbd 100644
--- a/public/iorapd.te
+++ b/public/iorapd.te
@@ -42,6 +42,10 @@
# Allow iorapd to execute compilation (iorap.cmd.compiler) in idle time.
allow iorapd system_file:file rx_file_perms;
+# Allow iorapd to send signull to iorap_inode2filename and iorap_prefetcherd.
+allow iorapd iorap_inode2filename:process signull;
+allow iorapd iorap_prefetcherd:process signull;
+
###
### neverallow rules
###