Merge "Fix policy file order for hal_attributes"
diff --git a/Android.mk b/Android.mk
index c98de45..fae4cba 100644
--- a/Android.mk
+++ b/Android.mk
@@ -54,15 +54,7 @@
REQD_MASK_POLICY := $(LOCAL_PATH)/reqd_mask
SYSTEM_EXT_PUBLIC_POLICY := $(SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS)
-ifneq (,$(BOARD_PLAT_PUBLIC_SEPOLICY_DIR))
- # TODO: Disallow BOARD_PLAT_*
- SYSTEM_EXT_PUBLIC_POLICY += $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)
-endif
SYSTEM_EXT_PRIVATE_POLICY := $(SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS)
-ifneq (,$(BOARD_PLAT_PRIVATE_SEPOLICY_DIR))
- # TODO: Disallow BOARD_PLAT_*
- SYSTEM_EXT_PRIVATE_POLICY += $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)
-endif
PRODUCT_PUBLIC_POLICY := $(PRODUCT_PUBLIC_SEPOLICY_DIRS)
PRODUCT_PRIVATE_POLICY := $(PRODUCT_PRIVATE_SEPOLICY_DIRS)
diff --git a/private/update_verifier.te b/private/update_verifier.te
index 5e1b27b..a8cef37 100644
--- a/private/update_verifier.te
+++ b/private/update_verifier.te
@@ -7,3 +7,10 @@
# Allow to set the OTA related properties e.g. ota.warm_reset.
set_prop(update_verifier, ota_prop)
+
+# allow update_verifier to connect to snapuserd daemon
+allow update_verifier snapuserd_socket:sock_file write;
+allow update_verifier snapuserd:unix_stream_socket connectto;
+
+# virtual a/b properties
+get_prop(update_verifier, virtual_ab_prop)
diff --git a/vendor/hal_vehicle_default.te b/vendor/hal_vehicle_default.te
index 52769dd..8adf8d3 100644
--- a/vendor/hal_vehicle_default.te
+++ b/vendor/hal_vehicle_default.te
@@ -11,3 +11,8 @@
# communicate with servicemanager
binder_call(hal_vehicle_server, servicemanager)
+
+# communicate with statsd
+hwbinder_use(hal_vehicle_default)
+allow hal_vehicle_default fwk_stats_hwservice:hwservice_manager find;
+binder_call(hal_vehicle_default, stats_service_server)