Merge "Add reverse-attribute mapping to sepolicy-analyze."
diff --git a/private/file_contexts_asan b/private/file_contexts_asan
index 5813d32..5e756fc 100644
--- a/private/file_contexts_asan
+++ b/private/file_contexts_asan
@@ -1,4 +1,4 @@
-/data/lib(/.*)? u:object_r:system_file:s0
-/data/lib64(/.*)? u:object_r:system_file:s0
-/data/vendor/lib(/.*)? u:object_r:system_file:s0
-/data/vendor/lib64(/.*)? u:object_r:system_file:s0
+/data/asan/system/lib(/.*)? u:object_r:system_file:s0
+/data/asan/system/lib64(/.*)? u:object_r:system_file:s0
+/data/asan/vendor/lib(/.*)? u:object_r:system_file:s0
+/data/asan/vendor/lib64(/.*)? u:object_r:system_file:s0
diff --git a/private/shell.te b/private/shell.te
index aab0a15..c24bfd3 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -10,3 +10,6 @@
# Run app_process.
# XXX Transition into its own domain?
app_domain(shell)
+
+# allow shell to call dumpsys storaged
+binder_call(shell, storaged)
diff --git a/private/storaged.te b/private/storaged.te
index 3dbabf6..698999f 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -21,6 +21,10 @@
allow storaged debugfs_mmc:file r_file_perms;
')
+# Needed to provide debug dump output via dumpsys pipes.
+allow storaged shell:fd use;
+allow storaged shell:fifo_file write;
+
# Binder permissions
add_service(storaged, storaged_service)
diff --git a/public/vdc.te b/public/vdc.te
index 67fb7a3..53d7bbe 100644
--- a/public/vdc.te
+++ b/public/vdc.te
@@ -22,3 +22,6 @@
# vdc can be invoked with logwrapper, so let it write to pty
allow vdc devpts:chr_file rw_file_perms;
+
+# vdc writes directly to kmsg during the boot process
+allow vdc kmsg_device:chr_file w_file_perms;