Merge "Allow system_server to write to bpf maps"
diff --git a/private/bug_map b/private/bug_map
index 9747704..60a7337 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -29,4 +29,5 @@
system_server zygote process 77856826
usbd usbd capability 72472544
vrcore_app mnt_user_file dir 118185801
+webview_zygote system_data_file lnk_file 123246126
zygote untrusted_app_25 process 77925912
diff --git a/private/gpuservice.te b/private/gpuservice.te
index 5e8aab5..c8f3def 100644
--- a/private/gpuservice.te
+++ b/private/gpuservice.te
@@ -28,6 +28,9 @@
# Use socket supplied by adbd, for cmd gpu vkjson etc.
allow gpuservice adbd:unix_stream_socket { read write getattr };
+# Needed for interactive shell
+allow gpuservice devpts:chr_file { read write getattr };
+
add_service(gpuservice, gpu_service)
# Only uncomment below line when in development
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index a4af4e7..9b91806 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -100,6 +100,12 @@
# gdbserver for ndk-gdb ptrace attaches to app process.
allow untrusted_app_all self:process ptrace;
+# Android Studio Instant Run has the application connect to a
+# runas_app socket listening in the abstract namespace.
+# https://developer.android.com/studio/run/
+# b/123297648
+allow untrusted_app_all runas_app:unix_stream_socket connectto;
+
# Cts: HwRngTest
allow untrusted_app_all sysfs_hwrandom:dir search;
allow untrusted_app_all sysfs_hwrandom:file r_file_perms;
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 39ef87d..0991bed 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -41,6 +41,9 @@
# TODO: scope this down.
allow dumpstate system_data_file:file r_file_perms;
+# Allow dumpstate to append into privileged apps private files.
+allow dumpstate privapp_data_file:file append;
+
# Read dmesg
allow dumpstate self:global_capability2_class_set syslog;
allow dumpstate kernel:system syslog_read;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 08701b4..03b0ac6 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -34,6 +34,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service u:object_r:hal_keymaster_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service u:object_r:hal_keymaster_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service u:object_r:hal_light_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service-lazy u:object_r:hal_light_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.lowpan@1\.0-service u:object_r:hal_lowpan_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack@1\.0-service u:object_r:hal_memtrack_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.0-service u:object_r:hal_nfc_default_exec:s0