Merge "Remove vintf_service."
diff --git a/private/file_contexts b/private/file_contexts
index a1002ab..8b25cfd 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -436,7 +436,6 @@
 #
 /data(/.*)?		u:object_r:system_data_file:s0
 /data/system/packages\.list u:object_r:packages_list_file:s0
-/data/.layout_version		u:object_r:install_data_file:s0
 /data/unencrypted(/.*)?         u:object_r:unencrypted_data_file:s0
 /data/backup(/.*)?		u:object_r:backup_data_file:s0
 /data/secure/backup(/.*)?	u:object_r:backup_data_file:s0
@@ -495,6 +494,7 @@
 /data/misc/dhcp-6\.8\.2(/.*)?     u:object_r:dhcp_data_file:s0
 /data/misc/gatekeeper(/.*)?     u:object_r:gatekeeper_data_file:s0
 /data/misc/incidents(/.*)?	    u:object_r:incident_data_file:s0
+/data/misc/installd(/.*)?		u:object_r:install_data_file:s0
 /data/misc/keychain(/.*)?       u:object_r:keychain_data_file:s0
 /data/misc/keystore(/.*)?       u:object_r:keystore_data_file:s0
 /data/misc/logd(/.*)?           u:object_r:misc_logd_file:s0
diff --git a/private/installd.te b/private/installd.te
index 3693c59..743b24a 100644
--- a/private/installd.te
+++ b/private/installd.te
@@ -17,9 +17,6 @@
 # Run idmap in its own sandbox.
 domain_auto_trans(installd, idmap_exec, idmap)
 
-# Create /data/.layout_version.* file
-type_transition installd system_data_file:file install_data_file;
-
 # For collecting bugreports.
 allow installd dumpstate:fd use;
 allow installd dumpstate:fifo_file r_file_perms;
diff --git a/public/file.te b/public/file.te
index 8ef00eb..e37da02 100644
--- a/public/file.te
+++ b/public/file.te
@@ -238,8 +238,7 @@
 type vendor_data_file, file_type, data_file_type;
 # Unencrypted data
 type unencrypted_data_file, file_type, data_file_type, core_data_file_type;
-# /data/.layout_version or other installd-created files that
-# are created in a system_data_file directory.
+# installd-create files in /data/misc/installd such as layout_version
 type install_data_file, file_type, data_file_type, core_data_file_type;
 # /data/drm - DRM plugin data
 type drm_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/public/global_macros b/public/global_macros
index ed04ddb..2c87fde 100644
--- a/public/global_macros
+++ b/public/global_macros
@@ -22,7 +22,7 @@
 # Common groupings of permissions.
 #
 define(`x_file_perms', `{ getattr execute execute_no_trans map }')
-define(`r_file_perms', `{ getattr open read ioctl lock map watch watch_mount watch_sb watch_with_perm watch_reads }')
+define(`r_file_perms', `{ getattr open read ioctl lock map watch watch_reads }')
 define(`w_file_perms', `{ open append write lock map }')
 define(`rx_file_perms', `{ r_file_perms x_file_perms }')
 define(`ra_file_perms', `{ r_file_perms append }')
@@ -30,7 +30,7 @@
 define(`rwx_file_perms', `{ rw_file_perms x_file_perms }')
 define(`create_file_perms', `{ create rename setattr unlink rw_file_perms }')
 
-define(`r_dir_perms', `{ open getattr read search ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads }')
+define(`r_dir_perms', `{ open getattr read search ioctl lock watch watch_reads }')
 define(`w_dir_perms', `{ open search write add_name remove_name lock }')
 define(`ra_dir_perms', `{ r_dir_perms add_name write }')
 define(`rw_dir_perms', `{ r_dir_perms w_dir_perms }')
diff --git a/public/installd.te b/public/installd.te
index cec3d91..c1267a9 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -76,8 +76,9 @@
 allow installd keychain_data_file:dir create_dir_perms;
 allow installd keychain_data_file:file {r_file_perms unlink};
 
-# Create /data/.layout_version.* file
+# Create /data/misc/installd/layout_version.* file
 allow installd install_data_file:file create_file_perms;
+allow installd install_data_file:dir rw_dir_perms;
 
 # Create files under /data/dalvik-cache.
 allow installd dalvikcache_data_file:dir create_dir_perms;
diff --git a/public/sdcardd.te b/public/sdcardd.te
index 83c1840..1ae3770 100644
--- a/public/sdcardd.te
+++ b/public/sdcardd.te
@@ -22,8 +22,9 @@
 allow sdcardd system_data_file:file r_file_perms;
 allow sdcardd packages_list_file:file r_file_perms;
 
-# Read /data/.layout_version
+# Read /data/misc/installd/layout_version
 allow sdcardd install_data_file:file r_file_perms;
+allow sdcardd install_data_file:dir search;
 
 # Allow stdin/out back to vold
 allow sdcardd vold:fd use;