Merge "Allow init to create /dev/event-log-tags."
diff --git a/private/bug_map b/private/bug_map
index ca35af4..d493c55 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -2,5 +2,5 @@
vold system_data_file file 62140539
system_server vendor_framework_file dir 68826235
crash_dump app_data_file dir 68319037
-crash_dump bluetooth_data_file 68319037
-crash_dump vendor_overlay_file 68319037
+crash_dump bluetooth_data_file dir 68319037
+crash_dump vendor_overlay_file dir 68319037
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index e58fa4e..12e5c98 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -467,6 +467,7 @@
proc_page_cluster
proc_pagetypeinfo
proc_panic
+ proc_pid_max
proc_pipe_conf
proc_random
proc_sched
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 4f3a96c..b76b145 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -42,6 +42,7 @@
genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0
genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
genfscon proc /sys/kernel/perf_event_paranoid u:object_r:proc_perf:s0
+genfscon proc /sys/kernel/pid_max u:object_r:proc_pid_max:s0
genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
genfscon proc /sys/kernel/random u:object_r:proc_random:s0
genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
@@ -67,6 +68,7 @@
genfscon proc /timer_list u:object_r:proc_timer:s0
genfscon proc /timer_stats u:object_r:proc_timer:s0
genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
+genfscon proc /uid/ u:object_r:proc_uid_time_in_state:s0
genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
genfscon proc /uid_io/stats u:object_r:proc_uid_io_stats:s0
diff --git a/private/system_server.te b/private/system_server.te
index c10a617..2102391 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -698,6 +698,8 @@
proc_vmallocinfo
}:file r_file_perms;
+allow system_server proc_uid_time_in_state:dir r_dir_perms;
+
r_dir_file(system_server, rootfs)
### Rules needed when Light HAL runs inside system_server process.
@@ -720,6 +722,13 @@
allow system_server zygote_exec:file rx_file_perms;
')
+# ART Profiles.
+# Allow system_server to open profile snapshots for read.
+# System server never reads the actual content. It passes the descriptor to
+# to privileged apps which acquire the permissions to inspect the profiles.
+allow system_server user_profile_data_file:dir { search };
+allow system_server user_profile_data_file:file { getattr open read };
+
###
### Neverallow rules
###
diff --git a/public/file.te b/public/file.te
index 29bf9be..6c11b81 100644
--- a/public/file.te
+++ b/public/file.te
@@ -38,6 +38,7 @@
type proc_pagetypeinfo, fs_type;
type proc_panic, fs_type;
type proc_perf, fs_type;
+type proc_pid_max, fs_type;
type proc_pipe_conf, fs_type;
type proc_random, fs_type;
type proc_sched, fs_type;
diff --git a/public/shell.te b/public/shell.te
index cac84d4..1318c35 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -115,6 +115,7 @@
proc_interrupts
proc_meminfo
proc_modules
+ proc_pid_max
proc_stat
proc_timer
proc_uptime
diff --git a/tools/sepolicy-analyze/Android.mk b/tools/sepolicy-analyze/Android.mk
index 1754fc7..2af1494 100644
--- a/tools/sepolicy-analyze/Android.mk
+++ b/tools/sepolicy-analyze/Android.mk
@@ -10,6 +10,6 @@
LOCAL_STATIC_LIBRARIES := libsepol
LOCAL_CXX_STL := none
-LOCAL_COMPATIBILITY_SUITE := cts gts
+LOCAL_COMPATIBILITY_SUITE := ats cts gts
include $(BUILD_HOST_EXECUTABLE)