Merge "Allow MediaProvider to access the media metrics service"
diff --git a/private/init.te b/private/init.te
index 200780d..3b64e25 100644
--- a/private/init.te
+++ b/private/init.te
@@ -43,10 +43,10 @@
allow init sysfs_loop:file rw_file_perms;
# Allow init to examine the properties of block devices.
-allow init sysfs_block_type:file { getattr read };
-# Allow init access /dev/block
-allow init bdev_type:dir r_dir_perms;
-allow init bdev_type:blk_file getattr;
+allow init sysfs_type:file { getattr read };
+# Allow init get the attributes of block devices in /dev/block.
+allow init dev_type:dir r_dir_perms;
+allow init dev_type:blk_file getattr;
# Allow init to write to the drop_caches file.
allow init proc_drop_caches:file rw_file_perms;
diff --git a/public/domain.te b/public/domain.te
index b789ebf..423d59c 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1359,6 +1359,8 @@
-shell
# For access to block device information under /sys/class/block.
-apexd
+ # Read sysfs block device information.
+ -init
# Generate uevents for health info
-ueventd
# Recovery uses health HAL passthrough implementation.
diff --git a/public/init.te b/public/init.te
index 60a1a4d..193941a 100644
--- a/public/init.te
+++ b/public/init.te
@@ -651,7 +651,7 @@
neverallow init shell_data_file:dir { write add_name remove_name };
# Init should not access sysfs node that are not explicitly labeled.
-neverallow init sysfs:file { open read write };
+neverallow init sysfs:file { open write };
# No domain should be allowed to ptrace init.
neverallow * init:process ptrace;