Merge "Allow zygote to create files under sdcardfs."
diff --git a/private/file_contexts b/private/file_contexts
index 233d5f4..97352a5 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -489,6 +489,7 @@
/data/misc/stats-service(/.*)? u:object_r:stats_data_file:s0
/data/misc/systemkeys(/.*)? u:object_r:systemkeys_data_file:s0
/data/misc/textclassifier(/.*)? u:object_r:textclassifier_data_file:s0
+/data/misc/train-info(/.*)? u:object_r:stats_data_file:s0
/data/misc/user(/.*)? u:object_r:misc_user_data_file:s0
/data/misc/vpn(/.*)? u:object_r:vpn_data_file:s0
/data/misc/wifi(/.*)? u:object_r:wifi_data_file:s0
diff --git a/public/domain.te b/public/domain.te
index e8baabc..d3fac70 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -355,6 +355,7 @@
-healthd
-uncrypt
-tee
+ -hal_bootctl
} self:global_capability_class_set sys_rawio;
# No process can map low memory (< CONFIG_LSM_MMAP_MIN_ADDR).
diff --git a/public/hal_bootctl.te b/public/hal_bootctl.te
index 2491734..be9975f 100644
--- a/public/hal_bootctl.te
+++ b/public/hal_bootctl.te
@@ -3,5 +3,3 @@
binder_call(hal_bootctl_server, hal_bootctl_client)
hal_attribute_hwservice(hal_bootctl, hal_bootctl_hwservice)
-
-dontaudit hal_bootctl self:global_capability_class_set sys_rawio;